I'm having a problem with GDB. I'm studying buffer overflow right now and I need to run the command $Info reg to find information about ebp, eip and esp but I get no results from any of them. I tried out Info reg $name with each one of them but only ebp works.
Basicly this is what happens:
(gdb) i r
rax 0x7fffffffe180 140737488347520
rbx 0x0 0
rcx 0x7fffffffe570 140737488348528
rdx 0x7fffffffe1a6 140737488347558
rsi 0x6 6
...
...
...
es 0x0 0
fs 0x0 0
---Type <return> to continue, or q <return> to quit---+
gs 0x0 0
and
(gdb) info reg $ebp
ebp 0x41414141 1094795585
but
(gdb) info reg $eip
Invalid register `eip'
How can I get the values to these parts of memory?
there is no reg called eip in amd64 arch
let me show what is bp/ebp/rbp, a data register contains 64 bits on amd64 arch:
64 ---------------------------- 32 ---------- 16 ---- 8 ---- 0
| <--------------------------- rbp ------------------------> |
| <--------- ebp ---------> |
| <--- bp --> |
so you can access corresponding bits by different name.
but you always access rip as a whole word, because there is no reason to access the lower bits of instruction pointer, as a result, there aro no eip/ip registers in amd64 arch