使用gdb将十六进制数据解码为结构体 [英] Using gdb to decode hex data to struct

问题描述

我有一个十六进制的十六进制数据流，打印像

0x3a45 0x1234 0x0352（真实的更长）

我知道它是一个结构中的内容。 gdb中有一种方法可以将这个映射到结构上吗？ GDB似乎只接受单一值。

像：
$ b （gdb）print（myStruct） 0x3a45 0x1234 0x0352

$ 1 = {a = 3a，b = 45，f = 0x1234，c = 03，e = 52}

在这种情况下，它非常简单，但是存在复杂的结构，并且十六进制字符串要大得多。

解决方案

我认为有一些可行的方法可以在gdb中执行此操作。

最简单的方法是以某种方式将数据写入下级内存。它可能看起来像这样：

 （gdb）set $ mem = malloc（50）＃字节数
（ gdb）set $ mem [0] = 0x72 
（gdb）set $ mem [1] = 0xff 
＃etc  - 你可以找到更快的方法来做到这一点
（gdb）print *（ struct what *）$ mem 
  

填充内存很痛苦，但可以编写脚本。例如，你可以编写一个shell脚本来将原始字节转换为一系列 set 命令，然后 source 它。或者你可以在Python中编写一个新的gdb命令来自动完成这一切。

gdb也有一个扩展名，让你在命令行上创建一个数组，一种重新解释演员就可以了。我发现这种方法不太方便，因为我只能使数组功能创建 int 数组，而不是 char 。但无论如何，考虑这个小程序：

  struct x {
 int a; 
 long b; 
}; 
 
 int main（）{
 struct x x = {23，97}; 
返回0; 
} 
  

我启动gdb并停在 return ，然后检查内存：

 （gdb）p sizeof（int）
 $ 1 = 4 
（gdb）p sizeof（x）
 $ 2 = 16 
（gdb）x / 4xw& x 
 0x7fffffffe240：0x00000017 0x00007fff 0x00000061 0x00000000 
  
 
 $ b $（第二个单词是垃圾，因为它在struct padding中）... 
 
 
现在我们可以从原始数据手工重新创建 x ： 
 
 
 （gdb）print {struct x} {0x17,0x7fff，0x61,0} 
 $ 3 = {
a = 23，
b = 97 
} 
  
这个表达式对gdb提供的C表达式使用了两个扩展。首先， {0x17，0x7fff ...} 是写入数组的一种方法。其次， {struct x} 是一种reinterpret cast - 它将该值的原始字节重新解释为指定类型。
 
I have a hex stream of hex data that is printed like

0x3a45 0x1234 0x0352 (in real far longer) 

I know that it is content in a struct. Is there a way in gdb to map this on the struct? Gdb seems only to accept single values for doing this.

Like:

(gdb) print (myStruct) 0x3a45 0x1234 0x0352 

$1 = { a = 3a, b = 45, f = 0x1234, c = 03, e = 52}

In this case it's very simple but there is complex struct and the hex string is far larger.
解决方案
I think there are a couple viable ways to do this in gdb.

The simplest way is to write the data into the inferior's memory somehow.  It might look something like:
(gdb) set $mem = malloc(50)   # number of bytes
(gdb) set $mem[0] = 0x72
(gdb) set $mem[1] = 0xff
# etc - you can find faster ways to do this
(gdb) print *(struct whatever *) $mem
Filling the memory is a pain, but this can be scripted.  For example you can write a little shell script to convert the raw bytes into a sequence of set commands and then source it.  Or you can just write a new gdb command in Python that automates it all.

gdb also has an extension to let one create an array on the command line, and do a kind of "reinterpret cast" on it.  I found this method a bit less handy, because I could only make the array feature create arrays of int, not char.  But anyhow, consider this little program:
struct x {
  int a;
  long b;
};

int main() {
  struct x x = { 23, 97 };
  return 0;
}
I start gdb and stop on the return, then examine the memory:
(gdb) p sizeof(int)
$1 = 4
(gdb) p sizeof(x)
$2 = 16
(gdb) x/4xw &x
0x7fffffffe240: 0x00000017  0x00007fff  0x00000061  0x00000000
(That second word is garbage because it is in the struct padding...)

Now we can recreate x by hand from the raw data:
(gdb) print {struct x}{0x17, 0x7fff, 0x61, 0}
$3 = {
  a = 23, 
  b = 97
}
This expression uses two extensions to C expressions that gdb provides.  First, {0x17, 0x7fff...} is a way to write an array.  Second, {struct x} is a kind of "reinterpret cast" - it reinterprets the raw bytes of the value as named type.

                        
这篇关于使用gdb将十六进制数据解码为结构体的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！