内存转储格式如gdb中的xxd [英] Memory dump formatted like xxd from gdb

问题描述

我正在尝试检查一个包含二进制格式的消息的缓冲区，但也包含字符串数据。例如，我使用这个C代码：

  int main（void）{
 char buf [100 ] =\x01\x02\x03\x04String Data\xAA\xBB\xCC; 
 
 return 0; 
} 
  

我想获得一个十六进制转储，里面是$ code> buf ，格式类似于 xxd （我不在乎它是否是完全匹配，我真正寻找的是一个十六进制转储并列可打印的字符）。

GDB内部可以使用以下类似的东西：

 （gdb）x / 100bx buf 
 0x7fffffffdf00：0x01 0x02 0x03 0x04 0x53 0x74 0x72 0x69 
 0x7fffffffdf08：0x6e 0x67 0x20 0x44 0x61 0x74 0x61 0xaa 
 0x7fffffffdf10：0xbb 0xcc 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf18：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf20 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf28：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf30：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf38：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf40：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf48：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf50：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
 0x7fffffffdf58 ：0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
  

这是很好，但很难选出字符串方式...或者我可以使用

 （gdb）x / 100bs buf 
 0x7fffffffdf00：\001\\ \\002\003\004String Data\252\273\314
 0x7fffffffdf13：
 0x7fffffffdf14：
 0x7fffffffdf15：
 0x7fffffffdf16： 
 0x7fffffffdf17：
 ... 
  

这使得很难阅读二进制部分...我正在处理的实际消息中也有很多ascii nul，所以真的看起来像一团糟。

最好我可以想出来做到这一点：

 （gdb）dump binary memory dump.bin buf buf + 100 
  

然后

  $ xxd dump.bin 
 0000000：0102 0304 5374 7269 6e67 2044 6174 61aa ....字符串数据。 
 0000010：bbcc 0000 0000 0000 0000 0000 0000 0000 ................ 
 0000020：0000 0000 0000 0000 0000 0000 0000 0000 ...... .......... 
 0000030：0000 0000 0000 0000 0000 0000 0000 0000 ............... 
 0000040：0000 0000 0000 0000 0000 0000 0000 0000 ................ 
 0000050：0000 0000 0000 0000 0000 0000 0000 0000 ................ 
 0000060：0000 0000 .... 
  

但是每次都这样做很痛苦。我想到有人以前想要这个，所以想知道是否有人找到了一种在gdb内部的方法。此外，您以这种方式从原始内存中丢失地址。

我使用的是GDB 7.4，内置了python支持，所以我可以使用漂亮的打印机或类似的，但我不知道如何设置。

解决方案

 （gdb）define xxd 
> dump binary memory dump.bin $ arg0 $ arg0 + $ arg1 
> shell xxd dump.bin 
> end 
（gdb）xxd & j 10 
 0000000：0000 0000 0000 0000 0000 0000 4d8c a7f7 ............ M ... 
 0000010：ff7f 0000 0000 0000 0000 0000 c8d7 ffff .. .............. 
 0000020：ff7f 0000 0000 0000 
  

似乎很容易; - ）

你可能会编写一个Python脚本（现代GDB版本有嵌入式Python解释器）来做同样的事情，并摆脱需要外壳。

I'm trying to inspect a buffer which contains a binary formatted message, but also contains string data. As an example, I'm using this C code:

int main (void) {
    char buf[100] = "\x01\x02\x03\x04String Data\xAA\xBB\xCC";

    return 0;
}

I'd like to get a hex dump of what's in buf, of a format similar to xxd (I don't care if it's an exact match, what I'm really looking for is a hex dump side by side with printable chars).

Inside GDB I can use something like:

(gdb) x /100bx buf
0x7fffffffdf00: 0x01    0x02    0x03    0x04    0x53    0x74    0x72    0x69
0x7fffffffdf08: 0x6e    0x67    0x20    0x44    0x61    0x74    0x61    0xaa
0x7fffffffdf10: 0xbb    0xcc    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf18: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf20: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf28: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf30: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf38: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf40: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf48: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf50: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffdf58: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00

which is fine, but it's hard to pick out strings that way... or I can use

(gdb) x /100bs buf
0x7fffffffdf00:  "\001\002\003\004String Data\252\273\314"
0x7fffffffdf13:  ""
0x7fffffffdf14:  ""
0x7fffffffdf15:  ""
0x7fffffffdf16:  ""
0x7fffffffdf17:  ""
...

which makes it hard to read the binary part... the actual messages I'm dealing with have plenty of ascii nul's in them, too, so really it just looks like a mess.

The best I can come up with is to do this:

(gdb) dump binary memory dump.bin buf buf+100

and then

$ xxd dump.bin
0000000: 0102 0304 5374 7269 6e67 2044 6174 61aa  ....String Data.
0000010: bbcc 0000 0000 0000 0000 0000 0000 0000  ................
0000020: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000030: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0000060: 0000 0000                                ....

but that's a pain to do that every time. I figured somebody out there has wanted this before, so wondering if anybody has found a way to do it inside gdb. Plus you lose the addresses from the original memory this way.

I'm using GDB 7.4 with python support built in, so I'm open to the idea of using a pretty printer or similar, but I don't know how to set that up.

解决方案

(gdb) define xxd
>dump binary memory dump.bin $arg0 $arg0+$arg1
>shell xxd dump.bin
>end
(gdb) xxd &j 10 
0000000: 0000 0000 0000 0000 0000 0000 4d8c a7f7  ............M...
0000010: ff7f 0000 0000 0000 0000 0000 c8d7 ffff  ................
0000020: ff7f 0000 0000 0000

Seems easy enough ;-)

You could likely write a Python script (modern GDB versions have embedded Python interpreter) to do the same, and get rid of the need to "shell out".

这篇关于内存转储格式如gdb中的xxd的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！