9

How can I access the cpu registers of in the current debugged instance? From gdb you can call for example printf "0x%x", $eax and set $eax_b = $eax is there also a way to do this via the python support gdb gives? Or should I create a python function which can be call like save-reg "eax" $eax which on his hand stores the registers in an array where I want them to be stored?

On the other hand, with gdb script you can also set $eax = 1000 for example, this I would also like to do from within a python script, instead of a gdb script.

DipSwitch
  • 5,470
  • 2
  • 20
  • 24

2 Answers2

10

I don't believe the Python API to GDB offers direct access to the registers, but depending on what you want to do with it you can access it either by evaluating the gdb command with gdb.execute(), or evaluate the "$eax" expression with gdb.parse_and_eval():

(gdb) p $rbx
$23 = 140737488348072
(gdb) python print type(gdb.parse_and_eval("$rbx")), gdb.parse_and_eval("$rbx")
<type 'gdb.Value'> 140737488348072

(This example is at the gdb prompt, but the gdb module isn't any different in other code executed in GDB.)

Thomas Wouters
  • 130,178
  • 23
  • 148
  • 122
  • I don't think it's in there aether, but this will do the trick I guess! Thanks! – DipSwitch May 23 '11 at 23:42
  • 2
    Well, `parse_and_eval` really is the workhorse for any Python code embedded in GDB. There isn't any other way because the way that's there already works :) – Thomas Wouters May 23 '11 at 23:54
  • @ThomasWouters I dont get it :s how does the chosen answer explain to do the following using python? `set $eax = 1000` – microMolvi Jul 03 '13 at 04:45
  • I found the answer to setting a gdb variable using python [here](http://stackoverflow.com/questions/6885923/redirecting-storing-output-of-shell-into-gdb-variable/6889615#6889615). Now I get what @ThomasWouters meant when he mentioned `gdb.execute()` in his answer :) – microMolvi Jul 03 '13 at 05:37
  • Depending on your python version it might be `python print(type(gdb.parse_and_eval("$rbx")), gdb.parse_and_eval("$rbx"))`. – JohnnyFromBF Nov 04 '16 at 13:53
  • "There isn't any other way because the way that's there already works". No, the Python API is incomplete. I've been having to read the C code to figure out how GDB commands are implemented and then backsolve to see whether interfaces exist in Python. It's unacceptably incomplete, and _very_ unusable to boot. – jasonmp85 May 04 '19 at 20:22
5

Recent gdb versions (like Debian 7.12-6) have a read_register method in the gdb.Frame class.

(gdb) info register rip
rip            0x7f68656c142d       0x7f68656c142d <__lll_lock_wait+29>
(gdb) python print(gdb.selected_frame().read_register('rip'))
0x7f68656c142d <__lll_lock_wait+29>
(gdb)

That class has no corresponding method to modify a register value. It makes sense for that method to belong to that class because register values differ across stack frames, in the sense that gdb shows saved register values in outer frames, such as the ones returned by the older method, callers of the inner frames.

Eirik Fuller
  • 1,454
  • 11
  • 9