239

How do I print the value of %eax and %ebp?

(gdb) p $eax
$1 = void
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
assem
  • 3,023
  • 4
  • 20
  • 20
  • 14
    Use `layout reg` to have gdb show a table of all integer and flag registers, highlighting the one(s) changed by the previous instruction. See http://stackoverflow.com/tags/x86/info for example. – Peter Cordes Jul 25 '15 at 20:08

7 Answers7

302

info registers shows all the registers; info registers eax shows just the register eax. The command can be abbreviated as i r

Millie Smith
  • 4,536
  • 2
  • 24
  • 60
geekosaur
  • 59,309
  • 11
  • 123
  • 114
  • I get: Invalid register `%eax' And if I just do "info registers" eax does not show up. Yet I am looking at my code assembly in the IDE where a EXC_BAD_ACCESS signal has been generated with the instruction: test %eax, %eax This is in XCode running gdb. Why is gdb not reporting the eax register? – NoahR Oct 20 '11 at 18:45
  • 1
    Same problem: %eax is in the code, yet print $eax shows void. – Ruslan Yushchenko Oct 08 '12 at 16:42
  • 5
    Bridgette's answer works for me. geekosaur's answer is mostly right, but you need to omit the % sign, so the command for a specific register is `info registers eax`. I'm not sure if this is different for different versions of gdb, though. – Kevin Oct 10 '12 at 03:59
  • I was searching for the same thing for lldb, so let me just note that: for lldb, the command is `register read [eax]` – holgac May 17 '15 at 10:34
  • If you want to display the register values continuously as you step through the code you can use `display`. For e.g. `display $eax`. – srgsanky May 18 '15 at 20:12
68

If you're trying to print a specific register in GDB, you have to omit the % sign. For example, 

info registers eip

If your executable is 64 bit, the registers start with r. Starting them with e is not valid.

info registers rip

Those can be abbreviated to:

i r rip
Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
Bridgette
  • 681
  • 5
  • 2
47

There is also:

info all-registers

Then you can get the register name you are interested in -- very useful for finding platform-specific registers (like NEON Q... on ARM).

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
yano
  • 4,095
  • 3
  • 35
  • 68
18
  • If only want check it once, info registers show registers.
  • If only want watch one register, for example, display $esp continue display esp registers in gdb command line.
  • If want watch all registers, layout regs continue show registers, with TUI mode.
liuyang1
  • 1,575
  • 1
  • 15
  • 23
18

Gdb commands:

  • i r <register_name>: print a single register, e.g i r rax, i r eax
  • i r <register_name_1> <register_name_2> ...: print multiple registers, e.g i r rdi rsi,
  • i r: print all register except floating point & vector register (xmm, ymm, zmm).
  • i r a: print all register, include floating point & vector register (xmm, ymm, zmm).
  • i r f: print all FPU floating registers (st0-7 and a few other f*)

Other register groups besides a (all) and f (float) can be found with:

maint print reggroups

as documented at: https://sourceware.org/gdb/current/onlinedocs/gdb/Registers.html#Registers

Tips:

  • xmm0 ~ xmm15, are 128 bits, almost every modern machine has it, they are released in 1999.
  • ymm0 ~ ymm15, are 256 bits, new machine usually have it, they are released in 2011.
  • zmm0 ~ zmm31, are 512 bits, normal pc probably don't have it (as the year 2016), they are released in 2013, and mainly used in servers so far.
  • Only one serial of xmm / ymm / zmm will be shown, because they are the same registers in different mode. On my machine ymm is shown.
Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
Eric
  • 22,183
  • 20
  • 145
  • 196
  • 1
    The link is broken, it is now: https://sourceware.org/gdb/current/onlinedocs/gdb.html/Registers.html#Registers – Capybara Jul 18 '23 at 09:16
12

p $eax works as of GDB 7.7.1

Tested as of GDB 7.7.1, the command you've tried works:

set $eax = 0
p $eax
# $1 = 0
set $eax = 1
p $eax
# $2 = 1

This syntax can also be used to select between different union members e.g. for ARM floating point registers that can be either floating point or integers:

p $s0.f
p $s0.u

From the docs:

Any name preceded by ‘$’ can be used for a convenience variable, unless it is one of the predefined machine-specific register names.

and:

You can refer to machine register contents, in expressions, as variables with names starting with ‘$’. The names of registers are different for each machine; use info registers to see the names used on your machine.

But I haven't had much luck with control registers so far: OSDev 2012 http://f.osdev.org/viewtopic.php?f=1&t=25968 || 2005 feature request https://www.sourceware.org/ml/gdb/2005-03/msg00158.html || alt.lang.asm 2013 https://groups.google.com/forum/#!topic/alt.lang.asm/JC7YS3Wu31I

ARM floating point registers

See: https://reverseengineering.stackexchange.com/questions/8992/floating-point-registers-on-arm/20623#20623

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
-1

Easiest for me is:

(gdb) x/x $eax

First x stands for examine and second x is hex. You can see other formats using:

(gdb) help x

You can easily print strings with x/s $eax or return addresses with x/a $ebp+4.

d9ngle
  • 1,303
  • 3
  • 13
  • 30
  • 4
    `x $eax` does not show `eax`'s contents. It shows the contents at address the `eax` has as its contents. – rosshjb Dec 24 '21 at 09:35
  • you will get an error when the address can't be accessed— yes it still shows the contents from "error". So I think it is not adequate to use `x` to access register. The commands have their own purposes. – rosshjb Dec 24 '21 at 11:41