Gain insights into debugging C/C++ programs on Linux ARM64, delve into program disassembly, probe memory/register changes using GDB, and discover techniques for core dump analysis and assembly-level debugging.

Practical-Foundations-ARM64 Linus Debugging- Disassembly-Reversing.png

arm.tar.gz

Codeoptmization

Pointers_to_assign

Pointers

MemoryPointers

PointersAsVariables

PointersAsVariables-optimization

SimpleStack

LocalVariables

FunctionParameters

FunctionParameters-14

solution

FunctionParameters-14-copy

RawStack

MemoryPointers-copy

The GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program. You’ll use the Linux ARM64 which is a popular RISC architecture. You’ll use simple operations in C/C++ such as assignment, increment, addition, multiplication. With the help of the GDB, you will probe into the contents of the registers and memory. You'll learn how they are changed while executing basic operations. With the help of the disassembly output, you’ll learn how a simple C/C++ program can be reconstructed. The disassembly output is important for debugging and core dump analysis.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Foundations of Linux ARM64: Debug, Disassemble, and Reverse

# The NULL pointers
The first addresses starting from `0x0000000000000000` are specifically made inaccessible on Linux. On a typical ARM64 system, the range is `0x0000000000000000` – `0x0000000000007FFF`. The following code will force an application crash or kernel panic if executed inside a driver:

mov x0, #0
str x1, [x0]      // Access violation

# Invalid pointers
There are different kinds of invalid pointers that cause an access violation when we try to dereference them:
* NULL pointers
* Pointers to an inaccessible memory
* Pointers to a read-only memory when writing

Other pointers that may or may not cause an access violation:
* Pointers pointing to random memory
* Uninitialized pointers that have a random value inherited from past code execution
* Dangling pointers

The last three pointers are similar to pointers pointing to random memory locations and arise when we forget to set pointer variables to zero (NULL) after disposing of the memory they point to. By nullifying pointers, we indicate that they no longer point to memory.
# Variables as pointers
Suppose we have two memory addresses (locations) `a` and `b` declared and defined in C and C++ as follows:

Learn about the null pointer, invalid pointer, variables as pointers, and pointer initialization.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Half Words, Words, and Double Words

Pointers to Memory

Logical Instructions and PC

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Conclusion

ARM64 Linux Debugging, Disassembling, Reversing Exam

Pointers Essentials

The NULL pointers

Invalid pointers