How to read gs value in gdb?

Question

I'm trying to debug a canary related issue,

   0x080493c2 <+157>:   mov    eax,DWORD PTR [ebp-0xc]
   0x080493c5 <+160>:   xor    eax,DWORD PTR gs:0x14

Now I need to read gs:0x14

(gdb) info registers gs
gs             0x63                99

But how do I read gs:0x14? Clearly it is not 0x63 + 0x14, any ideas?

EDIT

Reading registers

(gdb) info registers fs_base
Invalid register `fs_base'

(gdb) info registers gs_base
Invalid register `gs_base'

(gdb) i r
eax            0x80493d8           134517720
ecx            0xffffd3a0          -11360
edx            0xffffd3c0          -11328
ebx            0x804c000           134529024
esp            0xffffd370          0xffffd370
ebp            0xffffd388          0xffffd388
esi            0x80494e0           134517984
edi            0xf7ffcb60          -134231200
eip            0x80493f9           0x80493f9 <main+33>
eflags         0x216               [ PF AF IF ]
cs             0x23                35
ss             0x2b                43
ds             0x2b                43
es             0x2b                43
fs             0x0                 0
gs             0x63                99
k0             0x0                 0
k1             0x0                 0
k2             0x0                 0
k3             0x0                 0
k4             0x0                 0
k5             0x0                 0
k6             0x0                 0
k7             0x0                 0

show version

(gdb) show version

GNU gdb (Ubuntu 15.0.50.20240403-0ubuntu1) 15.0.50.20240403-git
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".

show architecture

(gdb) show architecture
The target architecture is set to "auto" (currently "i386").

For gs register you'd want info reg gs_base though given the failure to read fs_base, I guess gs_base is not going to be available either. You should add output for show version, show architecture. — Andrew
– Andrew, Commented Aug 18 at 8:32

Andrew · Accepted Answer · 2025-08-18 13:39:24Z

On i386, the gs register doesn't hold an address, at least, not one you can directly observe. Instead, the gs register is a segment selector. Bits 15 -> 3 are an index, bit 2 is a table indicator, and bits 1 -> 0 are a privilege level.

You value of 0x33 indicates index 0x6, in the GDT (Global Descriptor Table) with lowest privilege.

It is the GDT entry (at index 6) which actually holds the base address that is then added to the offset 0x14 (from the instruction) in order to perform the memory access.

Unfortunately, right now, GDB doesn't provide a way to read the GDT entries corresponding to the gs and fs registers. These things are readable from userspace, see man 2 get_thread_area and/or man 2 arch_prctl, so if those functions happen to be linked into your program you could use GDB to call them. Or you could add helper functions into your program which call these and print the results maybe. But, currently, I don't know if there's an easy way to get this information.

Collectives™ on Stack Overflow

How to read gs value in gdb?

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related