How to view the stack? #6659
Replies: 3 comments 2 replies
-
|
The nearest equivalent we have is the “Hex Integer”, I believe, which flips the bytes as quads (not octets). At a guess, we probably never did “Hex Long” as the implementation in Java is probably just a little more work and no one asked for it. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @d-millar , Thanks for the quick response! :) I guess the general idea is: if I have PC sitting just before a group of pop instructions, how can I look at the state of the debugger and deduce what data is going to go into which register? I can use the memory view @ RSP, but it is a bit tedious since I need to read it backwards (isn't adjusted for endian.) This is helpful when reasoning about stack based errors I am running into in my programs. Is there some way to get this information? Or would it need to be a feature request? Thanks! |
Beta Was this translation helpful? Give feedback.
-
|
An 8-byte equivalent of the “Hex Integer” view certainly seems like a reasonable request. I’ll take a peek at the current implementation and see how much work it will take to extend. |
Beta Was this translation helpful? Give feedback.
-
|
Okay great, thanks. I am fairly comfortable in Java so if you point me in the right direction I don't mind looking into it as well. |
Beta Was this translation helpful? Give feedback.
-
|
So the relevant class is HexIntegerFormalModel. Changing it is about a two-minute's worth of work - no idea why we didn't do this originally. If you're stll interested in playing with it, happy to compare notes after you coded your version. I think the hardest part will be adding a variable to the Bytes View Tool Options to control it and modifying the documentation. |
Beta Was this translation helpful? Give feedback.
-
Hello,
I am trying to figure out how to look at the stack. I realize Ghidra has the stack pane, but this doesn't show the full contents of the stack, just the return addresses etc. I want a listing of 64 bit hex integers from the stack pointer down. I tried doing this in the memory view, but the endianess is wrong (it just puts the bytes next to eachother when grouped. Doesn't swap them to little-endian.)
This seems like a pretty straight-forward feature, so I must be missing something in trying to get this working.
Below is an example from x64dbg that I am hoping to get something similar to (see bottom right):
I tried doing this in Ghidra with a memory view, but the byte grouping basically produces a big-endian 64 bit integer, where as my system is little-endian (notice pointer (0x7ff...) is in wrong byte order)
Beta Was this translation helpful? Give feedback.
All reactions