使用gdb将十六进制数据解码为结构体 [英] Using gdb to decode hex data to struct
问题描述
我有一个十六进制的十六进制数据流,打印像
0x3a45 0x1234 0x0352(真实的更长)
我知道它是一个结构中的内容。 gdb中有一种方法可以将这个映射到结构上吗? GDB似乎只接受单一值。
像:
$ b (gdb)print(myStruct) 0x3a45 0x1234 0x0352
$ 1 = {a = 3a,b = 45,f = 0x1234,c = 03,e = 52}
在这种情况下,它非常简单,但是存在复杂的结构,并且十六进制字符串要大得多。
我认为有一些可行的方法可以在gdb中执行此操作。
最简单的方法是以某种方式将数据写入下级内存。它可能看起来像这样:
(gdb)set $ mem = malloc(50)#字节数
( gdb)set $ mem [0] = 0x72
(gdb)set $ mem [1] = 0xff
#etc - 你可以找到更快的方法来做到这一点
(gdb)print *( struct what *)$ mem
填充内存很痛苦,但可以编写脚本。例如,你可以编写一个shell脚本来将原始字节转换为一系列 set
命令,然后
gdb也有一个扩展名,让你在命令行上创建一个数组,一种重新解释演员就可以了。我发现这种方法不太方便,因为我只能使数组功能创建
int
数组,而不是 char
。但无论如何,考虑这个小程序: struct x {
int a;
long b;
};
int main(){
struct x x = {23,97};
返回0;
}
我启动gdb并停在 return
,然后检查内存:
(gdb)p sizeof(int)
$ 1 = 4
(gdb)p sizeof(x)
$ 2 = 16
(gdb)x / 4xw& x
0x7fffffffe240:0x00000017 0x00007fff 0x00000061 0x00000000
$ c
$ b $(第二个单词是垃圾,因为它在struct padding中)...
现在我们可以从原始数据手工重新创建 x
:
(gdb)print {struct x} {0x17,0x7fff,0x61,0}
$ 3 = {
a = 23,
b = 97
}
这个表达式对gdb提供的C表达式使用了两个扩展。首先, {0x17,0x7fff ...}
是写入数组的一种方法。其次, {struct x}
是一种reinterpret cast - 它将该值的原始字节重新解释为指定类型。
I have a hex stream of hex data that is printed like
0x3a45 0x1234 0x0352 (in real far longer)
I know that it is content in a struct. Is there a way in gdb to map this on the struct? Gdb seems only to accept single values for doing this.
Like:
(gdb) print (myStruct) 0x3a45 0x1234 0x0352
$1 = { a = 3a, b = 45, f = 0x1234, c = 03, e = 52}
In this case it's very simple but there is complex struct and the hex string is far larger.
解决方案 I think there are a couple viable ways to do this in gdb.
The simplest way is to write the data into the inferior's memory somehow. It might look something like:
(gdb) set $mem = malloc(50) # number of bytes
(gdb) set $mem[0] = 0x72
(gdb) set $mem[1] = 0xff
# etc - you can find faster ways to do this
(gdb) print *(struct whatever *) $mem
Filling the memory is a pain, but this can be scripted. For example you can write a little shell script to convert the raw bytes into a sequence of set
commands and then source
it. Or you can just write a new gdb command in Python that automates it all.
gdb also has an extension to let one create an array on the command line, and do a kind of "reinterpret cast" on it. I found this method a bit less handy, because I could only make the array feature create arrays of int
, not char
. But anyhow, consider this little program:
struct x {
int a;
long b;
};
int main() {
struct x x = { 23, 97 };
return 0;
}
I start gdb and stop on the return
, then examine the memory:
(gdb) p sizeof(int)
$1 = 4
(gdb) p sizeof(x)
$2 = 16
(gdb) x/4xw &x
0x7fffffffe240: 0x00000017 0x00007fff 0x00000061 0x00000000
(That second word is garbage because it is in the struct padding...)
Now we can recreate x
by hand from the raw data:
(gdb) print {struct x}{0x17, 0x7fff, 0x61, 0}
$3 = {
a = 23,
b = 97
}
This expression uses two extensions to C expressions that gdb provides. First, {0x17, 0x7fff...}
is a way to write an array. Second, {struct x}
is a kind of "reinterpret cast" - it reinterprets the raw bytes of the value as named type.
这篇关于使用gdb将十六进制数据解码为结构体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!