Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?

How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?

Debugging a program, starting at the absolute address 0x00402200, I get the following output when trying to disassemble the code at this address:

[New Thread 65212.0x10378]

Breakpoint 1, 0x00402200 in ?? ()
(gdb) stepi
0x00402202 in ?? ()
(gdb) stepi
0x00402207 in ?? ()
(gdb) stepi
0x0040220a in ?? ()
(gdb) stepi
0x0040220f in ?? ()
(gdb) disassemble
No function contains program counter for selected frame.
(gdb) stepi
0x00401000 in start ()

The file being debugged is a Win32 PE for educational purposes (reverse engineering).

Is there some way of telling GDB to start disassembling at the address? Otherwise, what are my alternatives (i.e. other tools)?

like image 846
Shuzheng Avatar asked Aug 18 '16 10:08

Shuzheng


2 Answers

I know this doesn't directly answers your question, but since it's been already answered...

You can tell GDB to display next instruction with set disassemble-next-line on.

like image 25
monkeyman79 Avatar answered Sep 18 '22 14:09

monkeyman79


The documentation of disassemble: (gdb) help disassemble says that:

Disassemble a specified section of memory.
Default is the function surrounding the pc of the selected frame.
...
With a single argument, the function surrounding that address is dumped.
Two arguments (separated by a comma) are taken as a range of memory to dump,
  in the form of "start,end", or "start,+length".

So, in your case, since their is no function surrounding the program counter (PE), you should use the two-argument form, like:

disassemble 0x00402200, +16 or disassemble 0x00402200, 0x00402210.

Hope this helps!

like image 88
Nicolas Lykke Iversen Avatar answered Sep 17 '22 14:09

Nicolas Lykke Iversen