Gain insights into using GDB for debugging in Linux. Explore disassembly, memory investigation, and register updates. Learn about pointers, stack, and function parameters in x64 architecture.

gdb.tar.gz

C2-LA

C4-L2

C4-L3

C4-L4

C4-L5

C6-L3

C8-L1

C9-L3

C10-L2

C10-L3

C11-L2

C13-L1

test

GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program, and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program, where we'll use simple operations in C. With the help of GDB, we'll examine the contents of the registers and memory. We'll also learn how they are changed while executing basic operations. We’ll then explore the use of pointers, stack, and function parameters, and analyze how different registers update their values. With the help of disassembly output, we’ll learn how a simple C program can be reconstructed. The disassembly output is important for debugging and core dump analysis. We’ll use assembly language for x64 architecture.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Debugging, Disassembly & Reversing in Linux for x64 Architecture

## Reconstructing mixed assembly / pseudocode code
Let’s **reconstruct the line-by-line pseudocode**, shown as comments against the assembly language code.


lea 0x2ef9(%rip), %rax       # 0x555555558030 <a>
# address a -> rax

mov %rax, 0x2efa(%rip)       # 0x555555558038 <pa>
# rax -> (pa)

lea 0x2eef(%rip), %rax       # 0x555555558034 <b>
# address b -> rax

mov %rax, 0x2ef4(%rip)       # 0x555555558040 <pb>
# rax -> (pb)

This code calculates the effective address of `a`, which it stores in register `%rax`.  It then assigns the `%rax` register value to the integer pointer `pa`. We do the same process for `b` and store the `%rax` register value to the integer pointer `pb`.


mov 0x2ee5(%rip), %rax       # 0x555555558038 <pa>
# (pa) -> rax

movl $0x1, (%rax)
# 1 -> (rax)

mov 0x2ee0(%rip), %rax       # 0x555555558040 <pb>
# (pb) -> rax

movl $0x1, (%rax)
# 1 -> (rax)

The code snippet above assigns `1` to the indirect register (address is in register `%rax`).


# Reconstructing mixed assembly / pseudocode code
Let’s **reconstruct the line-by-line pseudocode**, shown as comments against the assembly language code.


Learn how to reconstruct a code in C/C++ language with the help of the GDB disassembly output in non-optimization mode.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Words, Double, and Quad Words

Pointers to Memory

Logical Instructions and RIP

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Summary of Code Disassembly Patterns

x64 Debugging, Disassembly & Reversing Exam

Reconstructing C/C++ Code

Reconstructing mixed assembly / pseudocode code