GDB for WinDbg Users (Part 1)
Monday, June 25th, 2007Recently started using GDB on FreeBSD and found AT&T Intel assembly language syntax uncomfortable. The same is when using GDB on Windows. Source and destination operands are reversed and negative offsets like -4 are represented in hexadecimal format like 0xfffffffc. It is ok for small assembly language fragments but very confusing when looking at several pages of code. Here is an example of AT&T syntax:
C:\MinGW\bin>gdb a.exe
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...(no debugging symbols found)...
(gdb) disas main
Dump of assembler code for function main:
0x4012f0 <main>: push %ebp
0x4012f1 <main+1>: mov %esp,%ebp
0x4012f3 <main+3>: sub $0x8,%esp
0x4012f6 <main+6>: and $0xfffffff0,%esp
0x4012f9 <main+9>: mov $0x0,%eax
0x4012fe <main+14>: add $0xf,%eax
0x401301 <main+17>: add $0xf,%eax
0x401304 <main+20>: shr $0x4,%eax
0x401307 <main+23>: shl $0x4,%eax
0x40130a <main+26>: mov %eax,0xfffffffc(%ebp)
0x40130d <main+29>: mov 0xfffffffc(%ebp),%eax
0x401310 <main+32>: call 0x401850 <_alloca>
0x401315 <main+37>: call 0x4014f0 <__main>
0x40131a <main+42>: leave
0x40131b <main+43>: ret
0x40131c <main+44>: nop
0x40131d <main+45>: nop
0x40131e <main+46>: nop
0x40131f <main+47>: nop
End of assembler dump.
To my relief, I found that I can change AT&T flavour to Intel using the following command:
(gdb) set disassembly-flavor intel
The same function now looks more familiar:
(gdb) disas main
Dump of assembler code for function main:
0x4012f0 <main>: push ebp
0x4012f1 <main+1>: mov ebp,esp
0x4012f3 <main+3>: sub esp,0x8
0x4012f6 <main+6>: and esp,0xfffffff0
0x4012f9 <main+9>: mov eax,0x0
0x4012fe <main+14>: add eax,0xf
0x401301 <main+17>: add eax,0xf
0x401304 <main+20>: shr eax,0x4
0x401307 <main+23>: shl eax,0x4
0x40130a <main+26>: mov DWORD PTR [ebp-4],eax
0x40130d <main+29>: mov eax,DWORD PTR [ebp-4]
0x401310 <main+32>: call 0x401850 <_alloca>
0x401315 <main+37>: call 0x4014f0 <__main>
0x40131a <main+42>: leave
0x40131b <main+43>: ret
0x40131c <main+44>: nop
0x40131d <main+45>: nop
0x40131e <main+46>: nop
0x40131f <main+47>: nop
End of assembler dump.
- Dmitry Vostokov @ DumpAnalysis.org -