Gain insights into using GDB for debugging in Linux. Explore disassembly, memory investigation, and register updates. Learn about pointers, stack, and function parameters in x64 architecture.

gdb.tar.gz

C2-LA

C4-L2

C4-L3

C4-L4

C4-L5

C6-L3

C8-L1

C9-L3

C10-L2

C10-L3

C11-L2

C13-L1

test

GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program, and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program, where we'll use simple operations in C. With the help of GDB, we'll examine the contents of the registers and memory. We'll also learn how they are changed while executing basic operations. We’ll then explore the use of pointers, stack, and function parameters, and analyze how different registers update their values. With the help of disassembly output, we’ll learn how a simple C program can be reconstructed. The disassembly output is important for debugging and core dump analysis. We’ll use assembly language for x64 architecture.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Debugging, Disassembly & Reversing in Linux for x64 Architecture

Here is a summary of the concepts we encountered in this course.

# Function prolog / epilog
Let’s start with function prologs and function epilogs.

## Function prolog
The function prolog is composed of these instructions:


## Function epilog
The function epilog is composed of these instructions:


Some code may not restore `%RSP` if it does not change:


Knowing the prolog can help identify incorrect symbol files or function start addresses. For example, suppose we have the following backtrace:

Review the concepts we’ve covered in this course, such as prolog / epilog functions, LEA, passing parameters, accessing stored parameters, and local variables.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Words, Double, and Quad Words

Pointers to Memory

Logical Instructions and RIP

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Summary of Code Disassembly Patterns

x64 Debugging, Disassembly & Reversing Exam

Summary of Code

Function prolog / epilog

Function prolog

Function epilog