8
I want to use gdb to see my GDTR/LDTR/TTR and segment register

invisiable part(x86) so in gdb I enter "p/x $gdtr"....etc but the result is "$6 = Value can't be converted to integer" and in gdb I enter "p/x $cs" the only result is the CS, just visiable part

can anyone tell me how to view these value??

thanks for your answer

Jester
  • 56,577
  • 4
  • 81
  • 125
Colin
  • 81
  • 1
  • 2

1 Answers1

5

If GDB had such a function then this function would only work if GDB was able to read the GDTR using the SGDT instruction. This would mean that GDB had to run in ring 0.

Neither Linux nor Windows nor Mac OS allows running applications (like GDB) in ring 0 so it will not work for local applications.

If you use remote debugging (you debug another computer or a virtual machine using an RS-232 or TCP/IP connection): The default protocol used for remote debugging does not specify packets for reading the GDTR.

In the case of remote debugging the backend (piece of code on the debugged computer) may define non-standard features using the "monitor" command. You would be able to implement such a feature using a command like "monitor readspr gdtr".

Martin Rosenau
  • 17,897
  • 3
  • 19
  • 38
  • 1
    However nothing forbids a syscall for reading the GDT, just like there is one to access the LDT. `gdb` wouldn't need to run in ring0 for that, it could just use the syscall. Your first paragraph is thus invalid. – Jester Feb 01 '15 at 23:45
  • This is correct; however I do not think that any OS would provide such a syscall. Theoretically you could write a kernel driver (for example for Linux) so you could read the GDT via /dev/gdtread... However I do not think anyone would implement such features! – Martin Rosenau Feb 02 '15 at 07:55