Gain insights into using GDB for debugging in Linux. Explore disassembly, memory investigation, and register updates. Learn about pointers, stack, and function parameters in x64 architecture.

gdb.tar.gz

C2-LA

C4-L2

C4-L3

C4-L4

C4-L5

C6-L3

C8-L1

C9-L3

C10-L2

C10-L3

C11-L2

C13-L1

test

GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program, and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program, where we'll use simple operations in C. With the help of GDB, we'll examine the contents of the registers and memory. We'll also learn how they are changed while executing basic operations. We’ll then explore the use of pointers, stack, and function parameters, and analyze how different registers update their values. With the help of disassembly output, we’ll learn how a simple C program can be reconstructed. The disassembly output is important for debugging and core dump analysis. We’ll use assembly language for x64 architecture.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Debugging, Disassembly & Reversing in Linux for x64 Architecture

# NULL pointers

Addresses `0x0000000000000000` to `0x000000000000FFFF` are deliberately made inaccessible on Linux. The following code will force an application crash or kernel panic if executed inside a driver:


mov  $0xF, %rax
movb $1, (%rax)  # Access violation

# Invalid pointers
Various kinds of **invalid pointers** will cause an access violation when we try to dereference them:
* **NULL** pointers
* Pointers that refer to **inaccessible memory**
* Pointers that refer to **read-only memory when writing**

Other pointers may or may not cause an *access violation:*
* Pointers that refer to  so-called **random memory**
* **Uninitialized pointers** that have a *random value inherited* from past code execution
* **Dangling** pointers

Uninitialized and dangling _pointers_ similar to pointers that refer to _random_ memory locations, in other words, locations assigned by the operating system from anywhere in RAM. Uninitialized and dangling pointers arise when we forget to set pointer variables to _zero (NULL)_ after disposing of the memory they point to. By **nullifying pointers**, we indicate that they _no longer point to memory_.

# Variables as pointers
Suppose we have two memory addresses (locations), `a` and `b`, declared and defined in C and C++ as:
```C++
int a, b;
```
These are normal variables `a` and `b`. We can have another two memory addresses (locations) `pa` and `pb` declared and defined in C and C++ as:
```C++
int *pa, *pb;
```
Here `pa` is a pointer to an `int`. In other words, the memory cell `pa` contains _the address of another memory cell with an integer value_.

# Pointer initialization
To have pointers point to a memory location, we need to initialize them with a corresponding memory address. Here is a typical C/C++ code that does what we need:


Learn about null pointers, invalid pointers, variables as pointers, and pointer initialization.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Words, Double, and Quad Words

Pointers to Memory

Logical Instructions and RIP

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Summary of Code Disassembly Patterns

x64 Debugging, Disassembly & Reversing Exam

Pointers Essential

NULL pointers

Invalid pointers

Variables as pointers