GDB信息寄存器命令-输出的第二列 [英] GDB info registers command - Second column of output

问题描述

在gdb中运行info registers后，我们将获得类似于以下内容的输出:

Upon running info registers in gdb, we get an output similar to the following:

rax            0x1c 28
rbx            0x0  0
rcx            0x400a60 4196960
rdx            0x7fffffffde88   140737488346760
rsi            0x1  1
rdi            0x400932 4196658
rbp            0x0  0x0
rsp            0x7fffffffde68   0x7fffffffde68
r8             0x400ad0 4197072
r9             0x7ffff7dea560   140737351951712
r10            0x7fffffffdc30   140737488346160
r11            0x7ffff7732dd0   140737344908752
r12            0x4007f0 4196336
r13            0x7fffffffde80   140737488346752
r14            0x0  0
r15            0x0  0
rip            0x7ffff7732dd0   0x7ffff7732dd0
eflags         0x202    [ IF ]
cs             0x33 51
ss             0x2b 43
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0

虽然我确实了解rax，rcx等的含义，但GDB正在将第二列的值转换为十进制，但这似乎并不一致.某些寄存器(即rsp和rip)即使在第二列中也以十六进制显示相同的值.另一方面，eflags在第二列中显示标志.

While I do understand the for rax, rcx etc, GDB is converting the value to decimal for the second column, this doesn't seem consistent. Some registers, namely rsp and rip show the same value in hex, even in the second column. eflags on the other hand shows the flags in the second column.

gdb这样做的原因是什么?如果要显示相同的信息(在rsp和rip的情况下)，这是否多余?另外，这如何在其他架构上推广呢? (以上输出是针对x86-64的.)

What is the reason that gdb does this? If it is going to show the same info (in case of rsp and rip), isn't it redundant? Also, how does this generalize on other architectures? (The above output is for x86-64).

推荐答案

信息寄存器"命令以原始格式(十六进制)和自然格式打印寄存器.

The info registers command prints out registers in both raw format (hex) and natural format.

自然格式基于寄存器的类型，该寄存器在gdb的源代码中的xml文件中声明.例如， i386/64bit-core. xml 包含:

The natural format is based on the type of the register, declared in xml files in gdb's source code. For example, i386/64bit-core.xml contains:

<reg name="rax" bitsize="64" type="int64"/>
<reg name="rbx" bitsize="64" type="int64"/>
<reg name="rcx" bitsize="64" type="int64"/>
<reg name="rdx" bitsize="64" type="int64"/>
<reg name="rsi" bitsize="64" type="int64"/>
<reg name="rdi" bitsize="64" type="int64"/>
<reg name="rbp" bitsize="64" type="data_ptr"/>
<reg name="rsp" bitsize="64" type="data_ptr"/>
<reg name="r8" bitsize="64" type="int64"/>
<reg name="r9" bitsize="64" type="int64"/>
<reg name="r10" bitsize="64" type="int64"/>
<reg name="r11" bitsize="64" type="int64"/>
<reg name="r12" bitsize="64" type="int64"/>
<reg name="r13" bitsize="64" type="int64"/>
<reg name="r14" bitsize="64" type="int64"/>
<reg name="r15" bitsize="64" type="int64"/>

<reg name="rip" bitsize="64" type="code_ptr"/>
<reg name="eflags" bitsize="32" type="i386_eflags"/>
<reg name="cs" bitsize="32" type="int32"/>
<reg name="ss" bitsize="32" type="int32"/>
<reg name="ds" bitsize="32" type="int32"/>
<reg name="es" bitsize="32" type="int32"/>
<reg name="fs" bitsize="32" type="int32"/>
<reg name="gs" bitsize="32" type="int32"/>

您可以看到带有type="int64"和type="int32"的寄存器在其自然输出中显示为十进制值，因为它们通常是通用寄存器，并且可以用于引用内存和分配值.

You can see that the registers with type="int64" and type="int32" are displayed as decimal values in their natural output, since they are normally general purpose register and can be used for both referencing memory and assigning value.

具有type="data_ptr"和type="code_ptr"的寄存器具有自然格式的十六进制值，因为它们通常用于引用内存地址.

While registers with type="data_ptr" and type="code_ptr" have hexadecimal values in their natural format, since they are normally used for referencing memory address.

对于具有type="i386_eflags"的寄存器，输出标志设置为"true"，因为对于该寄存器，对于人类来说，在知道哪个标志设置为"True"而不是十六进制值时更有意义.

For registers with type="i386_eflags" outputs the flag that are set 'true', since for this register, for humans it makes more sense when knowing which flag are set 'True' and not the hex values.

对于其他体系结构，这取决于如何在其源代码中定义寄存器类型.您可以查看 ARM ， ARM-64 ， x86-32bit 等等其他位于 binutils-gdb/gdb/features/

For other architecture, it depends on the how the register types are defined in their source code. You can look at the source code of ARM, ARM-64, x86-32bit and many other at binutils-gdb/gdb/features/

来源:@MarkPlotnick的答案位于为什么信息注册ebp"为何?在gdb中不显示十进制数字?和@perror回答在 https://reverseengineering.stackexchange.com/questions/9221/output-of-gdb-info-registers/9222#9222 .

Source: @MarkPlotnick answer at Why is "info register ebp" in gdb not displaying a decimal number? and @perror answer at https://reverseengineering.stackexchange.com/questions/9221/output-of-gdb-info-registers/9222#9222.

对不起，我忘了提及消息来源了.

Sorry I forgot to mention the source.

这篇关于GDB信息寄存器命令-输出的第二列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！