Converting Offsets in Disassembled Code to Hexadecimal Notation

Nenad Noveljic Leave a Comment

gdb disassembler prints program offsets in decimal notation, for example:

gdb get_t_hr0 <<< "disas main"

...
0x0000000000400ff8 <+54>:      jle    0x400fd3 
0x0000000000400ffa <+56>:      mov    -0x30(%rbp),%rax
0x0000000000400ffe <+60>:      cvtsi2sd %rax,%xmm0
0x0000000000401003 <+65>:      movsd  -0x27b(%rip),%xmm1        # 0x400d90
0x000000000040100b <+73>:      mulsd  %xmm0,%xmm1
0x000000000040100f <+77>:      mov    -0x28(%rbp),%rax
0x0000000000401013 <+81>:      cvtsi2sd %rax,%xmm0
0x0000000000401018 <+86>:      addsd  %xmm1,%xmm0
0x000000000040101c <+90>:      cvttsd2si %xmm0,%rax
0x0000000000401021 <+95>:      mov    %rax,-0x18(%rbp)
0x0000000000401025 <+99>:      cvtsi2sdq -0x18(%rbp),%xmm0
0x000000000040102b <+105>:     cvtsi2sdq -0x8(%rbp),%xmm1
0x0000000000401031 <+111>:     movsd  -0x2a1(%rip),%xmm2        # 0x400d98
0x0000000000401039 <+119>:     divsd  %xmm2,%xmm1
0x000000000040103d <+123>:     subsd  %xmm1,%xmm0
0x0000000000401041 <+127>:     cvttsd2si %xmm0,%rax
0x0000000000401046 <+132>:     mov    %rax,-0x20(%rbp)
0x000000000040104a <+136>:     mov    -0x20(%rbp),%rax
0x000000000040104e <+140>:     mov    %rax,%rsi
0x0000000000401051 <+143>:     mov    $0x400d88,%edi
0x0000000000401056 <+148>:     mov    $0x0,%eax
0x000000000040105b <+153>:     callq  0x400e10 
0x0000000000401060 <+158>:     mov    $0x0,%eax
0x0000000000401065 <+163>:     leaveq
0x0000000000401066 <+164>:     retq

All other OS diagnostic tools, like pstack, DTrace, etc. use hexadecimal notation, e.g.:

 $ pstack 7633
7633:   ora_lgwr_DB1
 00007ffc40b7741a portfs   (5, 4, 7fffbfff8400, 2, 3b9aba60, 7fffbfff8420)
 00000000061dc6bd sskgpwwait () + dd
 00000000061dc2a3 skgpwwait () + c3
 00000000063de2c4 ksliwat () + 9b4
 00000000063dd4af kslwaitctx () + af
 00000000073094b7 ksarcv () + 167
 00000000073082b9 ksbabs () + 2b9
 00000000073064b1 ksbrdp () + 561
 0000000006f0e779 opirip () + 2b9
 00000000061277b0 opidrv () + 160
 00000000061275c7 sou2o () + 97
 0000000006127394 opimai_real () + a4
 0000000006126eeb ssthrdmain () + 26b
 0000000006126c59 main () + a9
 0000000007787eb4 ???????? ()

This mismatch is inconvenient when reverse engineering and troubleshooting.

I wrote a one-liner that converts the offsets in disassembled code to hexadecimal notation:

gdb get_t_hr0 <<< "disas main" | perl -pe 's/\+[0-9]+>/sprintf "+0x%x>", $&/ge'
...
0x0000000000400ff8 <+0x36>:  jle    0x400fd3 
0x0000000000400ffa <+0x38>:  mov    -0x30(%rbp),%rax
0x0000000000400ffe <+0x3c>:  cvtsi2sd %rax,%xmm0
0x0000000000401003 <+0x41>:  movsd  -0x27b(%rip),%xmm1        # 0x400d90
0x000000000040100b <+0x49>:  mulsd  %xmm0,%xmm1
0x000000000040100f <+0x4d>:  mov    -0x28(%rbp),%rax
0x0000000000401013 <+0x51>:  cvtsi2sd %rax,%xmm0
0x0000000000401018 <+0x56>:  addsd  %xmm1,%xmm0
0x000000000040101c <+0x5a>:  cvttsd2si %xmm0,%rax
0x0000000000401021 <+0x5f>:  mov    %rax,-0x18(%rbp)
0x0000000000401025 <+0x63>:  cvtsi2sdq -0x18(%rbp),%xmm0
0x000000000040102b <+0x69>:  cvtsi2sdq -0x8(%rbp),%xmm1
0x0000000000401031 <+0x6f>:  movsd  -0x2a1(%rip),%xmm2        # 0x400d98
0x0000000000401039 <+0x77>:  divsd  %xmm2,%xmm1
0x000000000040103d <+0x7b>:  subsd  %xmm1,%xmm0
0x0000000000401041 <+0x7f>:  cvttsd2si %xmm0,%rax
0x0000000000401046 <+0x84>:  mov    %rax,-0x20(%rbp)
0x000000000040104a <+0x88>:  mov    -0x20(%rbp),%rax
0x000000000040104e <+0x8c>:  mov    %rax,%rsi
0x0000000000401051 <+0x8f>:  mov    $0x400d88,%edi
0x0000000000401056 <+0x94>:  mov    $0x0,%eax
0x000000000040105b <+0x99>:  callq  0x400e10 
0x0000000000401060 <+0x9e>:  mov    $0x0,%eax
0x0000000000401065 <+0xa3>:  leaveq
0x0000000000401066 <+0xa4>:  retq
Thanks for sharing

Nenad Noveljic

More Posts Twitter LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.