Gain insights into using GDB for debugging in Linux. Explore disassembly, memory investigation, and register updates. Learn about pointers, stack, and function parameters in x64 architecture.

gdb.tar.gz

C2-LA

C4-L2

C4-L3

C4-L4

C4-L5

C6-L3

C8-L1

C9-L3

C10-L2

C10-L3

C11-L2

C13-L1

test

GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program, and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program, where we'll use simple operations in C. With the help of GDB, we'll examine the contents of the registers and memory. We'll also learn how they are changed while executing basic operations. We’ll then explore the use of pointers, stack, and function parameters, and analyze how different registers update their values. With the help of disassembly output, we’ll learn how a simple C program can be reconstructed. The disassembly output is important for debugging and core dump analysis. We’ll use assembly language for x64 architecture.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Debugging, Disassembly & Reversing in Linux for x64 Architecture

## CPU flags register

In addition to registers, the CPU also contains a **$64$–bit** `%RFLAGS` **register** where individual bits are set or cleared in response to arithmetic and other operations. Separate machine instructions can manipulate some bit values, and their values affect code execution. 

For example, the `DF` (Direction Flag) bit determines the direction of memory copy operations. It can be set by `STD` and cleared by `CLD` instructions. It has the default value of 0, and its location is shown in the figure below, where only the first 32 bits of 64-bit `%RFLAGS` are shown.

# CPU flags register

In addition to registers, the CPU also contains a **$64$–bit** `%RFLAGS` **register** where individual bits are set or cleared in response to arithmetic and other operations. Separate machine instructions can manipulate some bit values, and their values affect code execution. 

For example, the `DF` (Direction Flag) bit determines the direction of memory copy operations. It can be set by `STD` and cleared by `CLD` instructions. It has the default value of 0, and its location is shown in the figure below, where only the first 32 bits of 64-bit `%RFLAGS` are shown.

Learn about the different modes such as flags, TEST, and CMP instructions.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Words, Double, and Quad Words

Pointers to Memory

Logical Instructions and RIP

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Summary of Code Disassembly Patterns

x64 Debugging, Disassembly & Reversing Exam

Instructions I

CPU flags register