Menu
We know that disassembling instructions after a given address (inclusive) can be achieved by something like:
x/5i address
which will print 5 instructions, but how do I disassemble the previous instruction?
I am debugging JIT code so things like disassembling a line doesn't work. I could disassemble a random range containing address like:
disas address-10 address+10
but this is very awkward and you'll see (bad) (hopefully not in the middle!) and start to worry that you are not getting something right. What I am looking for is something like:
x/-5i address
, but the above won't work.
267
The default disassembly style used by GDB is the AT&T style (e.g. mov 0xc(%ebp),%eax) that can be confusing for Windows users. To switch to the Intel disassembly style (e.g. mov eax, DWORD PTR [ebp+0xc]) use the set disassembly-flavor command. Note that the disassemble command only works for the code inside functions.
disassemble. This specialized command dumps a range of memory as machine instructions. The default memory range is the function surrounding the program counter of the selected frame. A single argument to this command is a program counter value; GDB dumps the function surrounding this value.
x/-5i address doesn't work
On x86, or any architecture with variable instruction size, you can't in general know the address of the start of previous instruction, and so you can't reliably disassemble previous instruction.
What I do (very similar to what you do): x/15i $pc-35. When you step back by sufficient number of bytes (35 here) the instruction stream disassembly usually re-synchronizes, you only see one or two (bad) instructions at the beginning, but instructions around $pc look correct.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
