我在使用 GDB 'find' 命令时做错了什么?
What am I doing wrong with my use of the GDB 'find' command?
首先,我正在查看的内存位:
(gdb) x/8x 0x108df0
0x108df0: 0x36393735 0x2d007d37 0x65707974 0x6574203a
0x108e00: 0x702f7478 0x6e69616c 0x6863203b 0x65737261
现在,运行 查找单词大小的内存块:
(gdb) find /w 0x108df0, +500, 0x6863203b, 0x65737261
0x108e08
0x108e58
2 patterns found.
但是,运行我认为在字节方面应该是相同的命令不:
find /b 0x108df0, +500, 0x68, 0x63, 0x20, 0x3b, 0x65, 0x73, 0x72, 0x61
Pattern not found
find /b1 0x108df0, +500, 0x68, 0x63, 0x20, 0x3b, 0x65, 0x73, 0x72, 0x61
Pattern not found
同理,找巨字也不行:
find /g 0x108df0, +500, 0x6863203b65737261
Pattern not found
有人对我在这里做错了什么有什么建议吗?
(我正在通过 python API 执行此操作,以防相关?)
您很可能在 little-endian 机器上执行此练习。
尝试反转字节:
find /b 0x108df0, +500, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65
首先,我正在查看的内存位:
(gdb) x/8x 0x108df0
0x108df0: 0x36393735 0x2d007d37 0x65707974 0x6574203a
0x108e00: 0x702f7478 0x6e69616c 0x6863203b 0x65737261
现在,运行 查找单词大小的内存块:
(gdb) find /w 0x108df0, +500, 0x6863203b, 0x65737261
0x108e08
0x108e58
2 patterns found.
但是,运行我认为在字节方面应该是相同的命令不:
find /b 0x108df0, +500, 0x68, 0x63, 0x20, 0x3b, 0x65, 0x73, 0x72, 0x61
Pattern not found
find /b1 0x108df0, +500, 0x68, 0x63, 0x20, 0x3b, 0x65, 0x73, 0x72, 0x61
Pattern not found
同理,找巨字也不行:
find /g 0x108df0, +500, 0x6863203b65737261
Pattern not found
有人对我在这里做错了什么有什么建议吗? (我正在通过 python API 执行此操作,以防相关?)
您很可能在 little-endian 机器上执行此练习。
尝试反转字节:
find /b 0x108df0, +500, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65