Spenser ReinhardtmplsCTFgames.org  DC612SpenserReinhardt@gmail.com
General OverviewIntroduction to ELF (Executable and Linkable Format)         LayoutAssembly Primer        Number Bases    ...
Executable & Linkable FormatELF is a format for storing programs or fragments of programs ondisk, created as a result of c...
ELF StructureElf Header: Start of the file and a description ofit’s organization.Program Header Table: Instructs the syste...
What is Assembly Language?The language known as Assembly or ASM, is really a collection of CPUindependent instructions tha...
Computers = NumbersComputers only speak in numbers, however they do not countwith numbers as we think of them. They work i...
Decimal Calculations 1    15     100     870434+2   +03     +86    + 37201 3    18     186     907635 9    53      234    ...
Binary Calculations  1B    1111B      1100100B    11010100100000100010B+10B   +0011B     +1010110B    + 1001000101010001B ...
Hexadecimal Calculations 1H      15H    64H     D4822H+2H     +03H   +56H     + 9151H 3H      12H   BAH      DD973H  9H   ...
CPU RegistersWithin a CPU there are special small storage compartments for very fast access, these are calledregisters. Mu...
CPU Registers
EndiannessThe order of importance and direction to read byte values. The systems CPU determinesendianness.Little Endian: R...
The Stack• Stores data temporarily as an application may need it.• ESP = Top of the Stack      EBP = Bottom of the Stack, ...
Memory Layout• Almost identical to on-disk ELF layout• Definitions of sections in ELF, directly applies• Also has Stack an...
ASM Instructions - mnemonics• Usually one command per line• First or only operand is usually the destination operand, unle...
ASM Instructions - ArithmeticInstruction        Descriptionadd r/m32, r/m32 Combines operands though addition and stores i...
ASM Instructions – Unary OperatorsInstruction       Descriptionand r/m32, r/m32 Compares operands and sets to one if both ...
ASM Instructions – Bit ManipulationInstruction        Descriptionshl r/m32, count   Shifts bits left [count] times, stores...
ASM Instructions – Push Pop MovInstruction      Descriptionpush r/m32       Pushes data onto the stack and lowers ESPpusha...
Debugging?Debugging is the process within software development where applicationsand code are tested to be accurate to the...
Principle of ConfirmationThe principle of confirmation, is a process of validating that assumptions youas a programmer mak...
GDB• TextCLI based by default• Semi GUI or uses other frontends• -tui or ctrl-X-A to access console  analogue interface• E...
Insight• Red HatCent OSFedora based   • Frontend to GDB                                 • Removed from Debian repositories...
DDD• Works in almost all distributions• Fast but not as stable (IMO)• Full GUI and supporting console• Virtually identical...
GBD CommandsInstruction        Description-tui               Used while starting for semi-guiBreak [line]       Stops exec...
GDB InstructionsRun [arguments] Starts program execution with supplied argumentsContinue         Continues normal executio...
CreditsThe Art of Debugging With GDB, DDD, and Eclipse         Norman Mattloff and Peter Jay Salzman – No Starch Press 200...
Upcoming SlideShare
Loading in …5
×

Introduction to debugging linux applications

755 views

Published on

Introduction to assembly and debugging linux applications, given to our local DC612 group!

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
755
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
30
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Introduction to debugging linux applications

  1. 1. Spenser ReinhardtmplsCTFgames.org DC612SpenserReinhardt@gmail.com
  2. 2. General OverviewIntroduction to ELF (Executable and Linkable Format) LayoutAssembly Primer Number Bases Registers and Memory Addressing Basic InstructionsDebugging Tools and Ideas Principal of Confirmation GDB, GDBtui, DDD, Insight Working with GDBExample Errors
  3. 3. Executable & Linkable FormatELF is a format for storing programs or fragments of programs ondisk, created as a result of compiling and linking. An ELF file is divided intosections. For an executable program, these are the text section for thecode, the data section for global variables and the rodata section thatusually contains constant strings. The ELF file contains headers that describehow these sections should be stored in memory. ELF is a format for storingprograms or fragments of programs on disk, created as a result of compilingand linking. An ELF file is divided into sections. For an executableprogram, these are the text section for the code, the data section for globalvariables and the rodata section that usually contains constant strings. TheELF file contains headers that describe how these sections should be storedin memory.Types of Files: .O, regular executables, shared libraries and core dumps
  4. 4. ELF StructureElf Header: Start of the file and a description ofit’s organization.Program Header Table: Instructs the systemhow to execute the file. (optional).text: Contains all program instructions.bss: Holds all uninitialized data.data: Holds all initialized data.rodata: Holds read only data.debug: Contains debug symbols (optional)Section Header Table: Assists in locating eachinternal section (optional)
  5. 5. What is Assembly Language?The language known as Assembly or ASM, is really a collection of CPUindependent instructions that vary depending on the platform. Eachdifferent CPU and sometimes each revision within a family of processors, willhave its own version or interpretation of asm instructions. This variation inwhat we know as an individual language, is due to the close relationship ofthe hardware how machine instructions are almost directly derived fromasm instructions.Assembly language is a translator language that allows total control overevery individual machine instruction generated by the translator program orassembler.
  6. 6. Computers = NumbersComputers only speak in numbers, however they do not countwith numbers as we think of them. They work in a mixed fashionof both binary and hexadecimal.Binary = Base 2 = Digits 0 1Decimal = Base 10 = Digits 0 – 9Hexadecimal = Base 16 = Digits 0 – 9, A - F
  7. 7. Decimal Calculations 1 15 100 870434+2 +03 +86 + 37201 3 18 186 907635 9 53 234 829548-5 - 36 - 75 - 829321 4 17 159 227
  8. 8. Binary Calculations 1B 1111B 1100100B 11010100100000100010B+10B +0011B +1010110B + 1001000101010001B 11B 10010B 10111010B 11011101100101110011B 1001B 110101B 11101010B 11001010100001101100B- 101B -100100B - 1001011B -11001010011110001001B 100B 10001B 10011111B 11100011B
  9. 9. Hexadecimal Calculations 1H 15H 64H D4822H+2H +03H +56H + 9151H 3H 12H BAH DD973H 9H 35H EAH CA86CH- 5H - 24H - 4BH - CA789H 4H 11H 9FH E3H
  10. 10. CPU RegistersWithin a CPU there are special small storage compartments for very fast access, these are calledregisters. Much like the rest of asm these registers are very processor specific, however manygeneralizations can be made.8-bit 16-bit 32-bit 64-bit DescriptionAL AX EAX RAX General purpose registerBL BX EBX RBX General purpose registerCL CX ECX RCX General purpose registerDL DX EDX RDX General purpose register IP EIP RIP Points to current instruction location (Instruction Pointer) BP EBP RBP Points to bottom of current stack frame (Base Pointer) SP ESP RSP Points to top of current stack frame (Stack Pointer) SI ESI RSI Used for special operations (Source Index) DI EDI RDI Used for special operations (Destination Index) CS, DS, SS, ES, FS, GS Segment Registers (16-bit)
  11. 11. CPU Registers
  12. 12. EndiannessThe order of importance and direction to read byte values. The systems CPU determinesendianness.Little Endian: Read from right to left, with the most significant byte stored on the right.(x86, x86-64)Big Endian: Read from left to right, with the most significant byte stored on the left and notflipped when read. (PowerPC, IBM Mainframes)Bi Endian: Can potentially interpret either values either way. (MIPS, IA32, IA64)
  13. 13. The Stack• Stores data temporarily as an application may need it.• ESP = Top of the Stack EBP = Bottom of the Stack, or top of previous• Addressed by offsets of espebp or direct memory locations• Last in, First out (LIFO) or First in, Last out (FILO)• Push [value] – Adds to top of the Stack, then decreases ESP accordingly• Pop [value] – Removes from top of the Stack, then increases ESP• Dynamically allocated, 32 bits wide• Grows from higher memory down
  14. 14. Memory Layout• Almost identical to on-disk ELF layout• Definitions of sections in ELF, directly applies• Also has Stack and Heap sections• Heap space is dynamically allocated as programs request or deallocate it.• Heap is allocated in otherwise free space and does not need to be in any order or specific location• Application sees 4GB of virtual memory• Some or most space may be paged out
  15. 15. ASM Instructions - mnemonics• Usually one command per line• First or only operand is usually the destination operand, unless specifically noted in the instruction details.• R/8,16,32,64 Register size• M/8,16,32,64 Memory size• I/8,16,32,64 Immidate Data• D/8,16,32,64 Displacement• SR Segment Registermov eax, ‘WXYZ’ Save WXYZ into eaxMove ZYXZ into eax, andzero any remaining space in the register
  16. 16. ASM Instructions - ArithmeticInstruction Descriptionadd r/m32, r/m32 Combines operands though addition and stores in firstsub r/m32, r/m32 Subtracts operands and stores in firstmul r/m32, eax Multiplies operands* and stores in ax and dx when operands are greater than 8 bitsdiv r/m32, eax Divides operands* and* When mul and div are used the “A” register is used implicitly as the secondoperand. “A” register could be AL, AX, EAX, or RAX.
  17. 17. ASM Instructions – Unary OperatorsInstruction Descriptionand r/m32, r/m32 Compares operands and sets to one if both are equal or zero if not.or r/m32, r/m32 Compares operands and sets to one if at least one, is not zero.xor r/m32, r/m32 Compares operands and sets to one if not equal and zero if equal.not r/m32 Sets one to zero, and zero to one.neg r/m32 Sets value equivalent negative valueinc r/m32 Increments operand by 1. 1.dec r/m32 Decrements operand by 1. 1.
  18. 18. ASM Instructions – Bit ManipulationInstruction Descriptionshl r/m32, count Shifts bits left [count] times, stores overflow in CF, inserts zeroshr r/m32, count Shifts bits right [count] times, stores overflow in CF, inserts zerorol r/m32, count Rotates bits from left and inserts on right, no CF useror r/m32, count Rotates bits from right and inserts on left, no CF usercl r/m32, count Rotates left to right, storing the first value rotated off, and stored in CF, previous CF is set as right most valuercr r/m32, count Rotates left to right, storing the first value rotated off, and stored in CF, previous CF is set as right most value
  19. 19. ASM Instructions – Push Pop MovInstruction Descriptionpush r/m32 Pushes data onto the stack and lowers ESPpusha Pushes all 16-bit general purpose registers at oncepushad Pushes all 32-bit general purpose registers at oncepushf Pushes Flags register onto the stackpop r/m32 Pull data from the stack, store at location provided and raise ESPpopa Pull top 16 bytes from the stack and sets into each register !SPpopad Pull top 32 bytes from stack and and sets into each register !ESPpopf Pull top 2 bytes and store into Flagsmov r/m32, r/m32 Moves data from one location of memory to another
  20. 20. Debugging?Debugging is the process within software development where applicationsand code are tested to be accurate to the developers expectations. This caninclude programmatic errors, unexpected data values, infinite loops, andpotentially security risks. Debugging is generally a recursive processperformed until all known bugs are located and corrected, and preformedagain when new issues are found.
  21. 21. Principle of ConfirmationThe principle of confirmation, is a process of validating that assumptions youas a programmer make, actually are true within execution. If something isnot as expected you have likely found a bug, or part of it.
  22. 22. GDB• TextCLI based by default• Semi GUI or uses other frontends• -tui or ctrl-X-A to access console analogue interface• Extremely fast• Low visual input
  23. 23. Insight• Red HatCent OSFedora based • Frontend to GDB • Removed from Debian repositories• Full GUI, including console• Fast and stable
  24. 24. DDD• Works in almost all distributions• Fast but not as stable (IMO)• Full GUI and supporting console• Virtually identical to Kdbg
  25. 25. GBD CommandsInstruction Description-tui Used while starting for semi-guiBreak [line] Stops execution at set line and allows for inspectionTbreak [line] Stops execution at set line the first time hit onlyWatch [condition] Performs commands for condition arguments setPrint [variable] Displays a variables value while execution is stoppedFrame [number] Diplays trace of set stack frameBacktrace Displays entire stack layout
  26. 26. GDB InstructionsRun [arguments] Starts program execution with supplied argumentsContinue Continues normal execution after being pausedStep Executes lineStepi Executes next ASMmachine instructionNext Executes next line then pauses, skips over calledfunctionsNexti Executes next ASMmachine instruction and pauses
  27. 27. CreditsThe Art of Debugging With GDB, DDD, and Eclipse Norman Mattloff and Peter Jay Salzman – No Starch Press 2008Assembly Language Step by Step Programming With Linux Jeff Duntemann – Wiley 2009C++ Programming Today Barbara Johnston – Pearson Prentice Hall 2008Hacking The Art of Exploitation Jon Erickson – No Starch Press 2008

×