I can't for the love of me find a simple answer to this question. I find IDC documentation confusing. I know I can call GetRegValue which returns some mumbo jumbo I don't even understand. For example:
36739244. 23098ACh 214114254o 000000000000000000000000000000000000010001100001001100010101100b
The first is?! The second is the address stored at the register BUT WHY APPEND h to the end?! The third no clue what. The 4th is the address in binary (woah, thanks for that).
Fine, so let's see what's at that address. There is UI for that.
Stack[00000184]:023098AC db 8
Stack[00000184]:023098AD db 0D9h
Stack[00000184]:023098AE db 30h ; 0
Stack[00000184]:023098AF db 2
Stack[00000184]:023098B0 db 33h ; 3
Stack[00000184]:023098B1 db 4Dh ; M
Stack[00000184]:023098B2 db 0C9h
Stack[00000184]:023098B3 db 6Ch ; l
Stack[00000184]:023098B4 db 0C4h
Stack[00000184]:023098B5 db 98h
Stack[00000184]:023098B6 db 30h ; 0
Again, h is appended to every byte. I don't understand what it means. Then, why prepend some bytes with 0? C4 is C4, what does the 0 mean.
That's it for the syntax quirks. There's a pointer stored at that address. I'd like to be able to conveniently access it without having to copy paste the bytes and deleting the trailing h.
Finally, I'd like to be able to view values at any address in memory similarly to how I can call x/16bx in GDB. Or print an address or immediate value similarly to how p works in GDB.
Any help is much appreciated.
CodePudding user response:
First, as Peter said the syntax bit is my mistake and for the most part is unrelated to IDA.
Secondly, the functions read_dbg_byte, read_dbg_word etc (and the corresponding get_wide_byte etc) can return values at an address.
The return values are just the same value written using different notations: decimal, hexadecimal, octal and binary, respectively.
Lastly, you can dereference a pointer using something like:
read_dbg_dword(read_dbg_dword(0x023098AC))