When you placed a breakpoint at phase_2
, gdb
patched the running image to place an int3
instruction at 0x8048b50, which is just after phase_2
's function prologue has finished setting up the stack frame. So instead of
0x8048b50: 8b mov edx,DWORD PTR [ebp+0x8]
0x8048b51: 55
0x8048b52: 08
you now have
0x8048b50: cc int3
0x8048b51: 55 push ebp
0x8048b52: 08 first byte of an 'or' instruction
and that is what gdb
is displaying. Eventually things get synced back up and the disassemble
command starts to display the correct series of instructions.
The difference in what is displayed won't affect correct execution of the program; before proceeding from the breakpoint, gdb
will either place that 8b byte back into the image or it will synthetically execute the mov
instruction and then continue execution at 0x8048b53.