I am writing a tool to print out the arguments passed to certain
functions, and have based it on GDB, but have a problem where GDB
sometimes sets the breakpoints before $ebp is set, and sometimes after
which makes getting arguments difficult.
For example, the output below is from GDB 5.3 on Debian Sarge. In it I
set breakpoints on both scanf and strcpy. The strcpy breakpoint is set
after "mov %esp,%ebp" which seems to be the normal behaviour. This means I
can get the second argument using "print *((char**)($ebp+0x08))", just
as is done in the function. Whereas the breakpoint in scanf is set
before the "%esp,%ebp" which means I have to get the arguments as if I
am in the calling function - "print *((char**)($esp+0x04))"
I think this is a bug, but would like to check before reporting it.
Any advice would be appreciated. Is there a reliable mechanism for
finding the arguments to a function? Currently I am thinking about
setting breakpoints at *function_name, which seems to consistently set
breakpoints before $ebp is set. This is not as nice as doing it after
(as it is different from the way arguments are used in the function),
but since I am writing an automated tool, consistency is the most
important thing.