This is the tcpflow dump for the gdb protocol “g” command, it contains all register values. Let’s parse it:
$g#67 127.000.000.001.01234-127.000.000.001.57495: + 127.000.000.001.01234-127.000.000.001.57495: $0000000000000000630600000000000000000000000000000000000000000000f0ff00000200000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f0000#e8
After the trace:
target.c::debug_print_register
gdbarch.c::gdbarch_register_name
i386-tdep.c::i386_register_names
The register packet can be decode by:
static const char *i386_register_names[] = { "eax", "ecx", "edx", "ebx", "esp", "ebp", "esi", "edi", "eip", "eflags", "cs", "ss", "ds", "es", "fs", "gs", "st0", "st1", "st2", "st3", "st4", "st5", "st6", "st7", "fctrl", "fstat", "ftag", "fiseg", "fioff", "foseg", "fooff", "fop", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7", "mxcsr" };