SlideShare a Scribd company logo

x86 Assembly & GDB Debugging Guide

Jian-Yu Li
Jian-Yu Li

This document provides an overview of x86 assembly language and the GNU Debugger (GDB). It describes the process of creating an executable file from source code using preprocessing, compilation, assembly and linking. It also covers x86 registers, common instructions like MOV, PUSH, CALL and RET. The document introduces Intel and AT&T syntax and system calls. Finally, it outlines basic operations and commands in GDB like breaking, running, examining memory and registers.

Software
1 of 37
Download to read offline
x86 assembly & GDB 1 briansp8210 briantaipei8210@gmail.com
How to create an executable file 2 preprocess compile assemble link source code
How to create an executable file 3 preprocess compile assemble link
How to create an executable file 4 preprocess compile assemble link assembly language
How to create an executable file 5 preprocess compile assemble link
How to create an executable file 6 preprocess compile assemble link executable file
Intel vs. AT&T syntax 7 Intel AT&T mov eax, 1 movl $1, %eax mov eax, [ebx+3] movl 3(%ebx), %eax add eax, [ebx+ecx*2h] addl (%ebx,%ecx,0x2), %eax  We prefer to use Intel syntax  objdump –M intel  set disassembly-flavor intel
Register 8  General purpose register  EAX EBX ECX EDX ESI EDI ESP EBP  mainly used for arithmetic and data movement  some have special usage:  return value of function will be stored in EAX  system call number is indicated by EAX  ESP points to top of current stack frame  EBP points to base of current stack frame ALAH AX EAX ESI SI 32 16 0 (bits)8
Register 9 ESP SP EBP BP 1st argument saved EBP return address …… …… local variables, saved registers… EBP  ESP  low address high address 32 16 0 (bits)
Register 10 EIP IP EIP  32 16 0 (bits)  Instruction pointer  EIP  point to the next instruction to be executed
Register 11  EFLAGS register  EFLAGS  contain a collection of flags indicating state of processor
mov 12  assign value of src. operand to dest. operand  size of operands must be the same  mov dest. src.  mov ebp, esp  mov BYTE PTR [edi], 0x41  mov eax, DWORD PTR [esp+4] …… …… 0x80484d0 …… ESP+4  ESP  0xffffd260 …… …… 0xffffd264 0xffffd268 0x80484d0 EAX
lea 13  assign effective address of src. operand to dest. operand  note the difference between mov and lea  lea dest. src.  lea eax, DWORD PTR [esp+4] …… …… 0x80484d0 …… ESP+4  ESP  0xffffd260 …… …… 0xffffd264 0xffffd268 0xffffd264 EAX
14  store the sum / difference of two operands to dest. operand  add/sub dest. src.  sub esp, 0x18  add DWORD PTR [edi], edx  cmp eax, 1 ; check whether eax is 1 add / sub
15  store the result of bitwise operation of two operands to dest.  and/or/xor dest. src.  and dl, 11101100b ; clear 1st, 2nd and 5th bits of dl  or dl, 00100000b ; set 6th bit of dl  xor eax, eax ; set eax to 0  test eax, eax ; check whether eax is 0 and / or / xor
push 16  push sth to top of stack  push eax …… …… 0x80484d0 …… ESP  …… …… 0x41424344 EAX low address high address
push 17  push operand to top of stack  push eax …… 0x41424344 0x80484d0 …… ESP  …… …… 0x41424344 EAX low address high address
pop 18  pop value off top of stack and store to operand  pop esi …… 0xabcd1234 0x80484d0 …… ESP  …… …… 0x0 ESI low address high address
pop 19  pop value off top of stack and store to operand  pop esi …… 0xabcd1234 0x80484d0 …… ESP  …… …… 0xabcd1234 ESI low address high address
jmp 20  jump to specified location to continue execution  there are a variety of conditional jump instructions  jmp 0x8048436 EIP 
jmp 21  jump to specified location to execute instruction  there are a variety of conditional jump instructions  jmp 0x8048436 EIP 
call 22  push address of next consecutive instruction into stack as return address, and jump to execute target function  call write_msg …… …… 0x00000001 …… ESP  …… …… low address high address EIP 
call 23  push address of next consecutive instruction on stack as return address, and jump to execute target function  call write_msg EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
ret 24  retrieve return address from stack and jump back to it  ret EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
ret 25  retrieve return address from stack and jump back to it  ret EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
System Call 26  Program requests services from kernel of OS  System call number stores in EAX  Arguments order: EBX ECX EDX ESI EDI  Return value also stores in EAX  int 0x80 is used to trigger system call under Linux (x86)  Reference: x86 x86_64
Common used system call 27 Name EAX EBX ECX EDX read 3 fd buf count write 4 fd buf count open 5 filename flags mode execve 11 filename argv envp Usually set to 0 Usually set to 0 (stdin) Usually set to 1 (stdout)
28 GNU Debugger (GDB)
Text User Interface (TUI) 29  lay src / asm / reg  Ctrl-x + a
Basic operation 30  break -- set break point  b main # set a breakpoint at main()  b 4 # break at line 4  b *0xffffd1d0 # break at instruction at 0xffffd1d0  run [argument(s)] -- start the program  continue -- continue program execution until next breakpoint or termination
Basic operation 31  attach -- attach to a process  at 1337 # attach to process whose pid is 1337  echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
Basic operation 32  step -- run to next source line, can trace into function  next -- run to next source line without tracing into function  stepi -- instruction version of step  nexti -- instruction version of next
Basic operation 33  record -- record the execution process, which can be observe in replay mode later  reverse-next  reverse-step  reverse-nexti  reverse-stepi
Basic operation 34  print -- print the value  p/d var1 # print var1 in sign decimal  p/x $esp # print ESP in hexadecimal format  x -- examine memory content  x/32wx $esp # examine content from ESP to ESP+128  x/s 0x80484d0 # print content in 0x80484d0 as string  x/4i 0x080482be # print 4 instructions from 0x080482be
Basic operation 35  Examine current stack frame
Basic operation 36  info -- list some useful information  i b # list current breakpoints  i r # list value of each register  i proc map # print memory mapping  backtrace – show stack frames information recursive function
Reference 37  Binary exploitation - AIS3  Intel and AT&T Syntax  x86 Instruction Set Reference  NASM document  GDB online document  用 Python 拓展 GDB

Recommended

The Stack and Buffer Overflows
The Stack and Buffer OverflowsThe Stack and Buffer Overflows
The Stack and Buffer OverflowsUTD Computer Security Group
 
Embedded C - Lecture 4
Embedded C - Lecture 4Embedded C - Lecture 4
Embedded C - Lecture 4Mohamed Abdallah
 
Embedded c programming
Embedded c programmingEmbedded c programming
Embedded c programmingPriyaDYP
 
First session quiz
First session quizFirst session quiz
First session quizKeroles karam khalil
 
ROP
ROPROP
ROPJian-Yu Li
 
Embedded C - Lecture 2
Embedded C - Lecture 2Embedded C - Lecture 2
Embedded C - Lecture 2Mohamed Abdallah
 
Programming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CProgramming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CVarun A M
 
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningLec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningHsien-Hsin Sean Lee, Ph.D.
 

Recommended

The Stack and Buffer Overflows
The Stack and Buffer OverflowsThe Stack and Buffer Overflows
The Stack and Buffer OverflowsUTD Computer Security Group
 
Embedded C - Lecture 4
Embedded C - Lecture 4Embedded C - Lecture 4
Embedded C - Lecture 4Mohamed Abdallah
 
Embedded c programming
Embedded c programmingEmbedded c programming
Embedded c programmingPriyaDYP
 
First session quiz
First session quizFirst session quiz
First session quizKeroles karam khalil
 
ROP
ROPROP
ROPJian-Yu Li
 
Embedded C - Lecture 2
Embedded C - Lecture 2Embedded C - Lecture 2
Embedded C - Lecture 2Mohamed Abdallah
 
Programming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CProgramming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CVarun A M
 
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningLec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningHsien-Hsin Sean Lee, Ph.D.
 
Assem -lect-6
Assem -lect-6Assem -lect-6
Assem -lect-6Dolly Angel
 
4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...PROIDEA
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Hsien-Hsin Sean Lee, Ph.D.
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerRobo India
 
7.0 files and c input
7.0 files and c input7.0 files and c input
7.0 files and c inputAbdullah Basheer
 
Msfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheetMsfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheetCe.Se.N.A. Security
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
Hardware interfacing basics using AVR
Hardware interfacing basics using AVRHardware interfacing basics using AVR
Hardware interfacing basics using AVRMohamed Abdallah
 
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...Hsien-Hsin Sean Lee, Ph.D.
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 Varun A M
 
TinyML - 4 speech recognition
TinyML - 4 speech recognition TinyML - 4 speech recognition
TinyML - 4 speech recognition 艾鍗科技
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshellFred Bovy
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
Exploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom GregoryExploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
 
AVR programming - BASICS
AVR programming - BASICSAVR programming - BASICS
AVR programming - BASICSRobotix 2011
 
Exploiting 101
Exploiting 101Exploiting 101
Exploiting 101Ackcent
 
Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16Robo India
 
Introduction to Assembly Language
Introduction to Assembly LanguageIntroduction to Assembly Language
Introduction to Assembly LanguageMotaz Saad
 
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessCyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessThomas Gregory
 
ch6-pv2-device-drivers
ch6-pv2-device-driversch6-pv2-device-drivers
ch6-pv2-device-driversyushiang fu
 
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading SkillsReverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading SkillsAsuka Nakajima
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)bolovv
 

More Related Content

What's hot

4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...PROIDEA
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Hsien-Hsin Sean Lee, Ph.D.
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerRobo India
 
Msfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheetMsfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheetCe.Se.N.A. Security
 
Unit 1
Unit 1Unit 1
Unit 1siddr
 
Hardware interfacing basics using AVR
Hardware interfacing basics using AVRHardware interfacing basics using AVR
Hardware interfacing basics using AVRMohamed Abdallah
 
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...Hsien-Hsin Sean Lee, Ph.D.
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 Varun A M
 
TinyML - 4 speech recognition
TinyML - 4 speech recognition TinyML - 4 speech recognition
TinyML - 4 speech recognition 艾鍗科技
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshellFred Bovy
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
Exploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom GregoryExploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
 
AVR programming - BASICS
AVR programming - BASICSAVR programming - BASICS
AVR programming - BASICSRobotix 2011
 
Exploiting 101
Exploiting 101Exploiting 101
Exploiting 101Ackcent
 
Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16Robo India
 
Introduction to Assembly Language
Introduction to Assembly LanguageIntroduction to Assembly Language
Introduction to Assembly LanguageMotaz Saad
 
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessCyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessThomas Gregory
 
ch6-pv2-device-drivers
ch6-pv2-device-driversch6-pv2-device-drivers
ch6-pv2-device-driversyushiang fu
 

What's hot (20)

Assem -lect-6
Assem -lect-6Assem -lect-6
Assem -lect-6
 
4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...4Developers 2018: The turbulent road to byte-addressable storage support at t...
4Developers 2018: The turbulent road to byte-addressable storage support at t...
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontroller
 
7.0 files and c input
7.0 files and c input7.0 files and c input
7.0 files and c input
 
Msfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheetMsfpayload/Msfencoder cheatsheet
Msfpayload/Msfencoder cheatsheet
 
Unit 1
Unit 1Unit 1
Unit 1
 
Hardware interfacing basics using AVR
Hardware interfacing basics using AVRHardware interfacing basics using AVR
Hardware interfacing basics using AVR
 
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
Lec19 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Pr...
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16
 
TinyML - 4 speech recognition
TinyML - 4 speech recognition TinyML - 4 speech recognition
TinyML - 4 speech recognition
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshell
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
 
Exploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom GregoryExploit Development: EzServer Buffer Overflow oleh Tom Gregory
Exploit Development: EzServer Buffer Overflow oleh Tom Gregory
 
AVR programming - BASICS
AVR programming - BASICSAVR programming - BASICS
AVR programming - BASICS
 
Exploiting 101
Exploiting 101Exploiting 101
Exploiting 101
 
Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16Relay and AVR Atmel Atmega 16
Relay and AVR Atmel Atmega 16
 
Introduction to Assembly Language
Introduction to Assembly LanguageIntroduction to Assembly Language
Introduction to Assembly Language
 
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessCyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
 
ch6-pv2-device-drivers
ch6-pv2-device-driversch6-pv2-device-drivers
ch6-pv2-device-drivers
 

Similar to x86 Assembly & GDB Debugging Guide

Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading SkillsReverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading SkillsAsuka Nakajima
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)bolovv
 
Swug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathSwug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathDennis Chung
 
other-architectures.ppt
other-architectures.pptother-architectures.ppt
other-architectures.pptJaya Chavan
 
N_Asm Assembly arithmetic instructions (sol)
N_Asm Assembly arithmetic instructions (sol)N_Asm Assembly arithmetic instructions (sol)
N_Asm Assembly arithmetic instructions (sol)Selomon birhane
 
Creating a Fibonacci Generator in Assembly - by Willem van Ketwich
Creating a Fibonacci Generator in Assembly - by Willem van KetwichCreating a Fibonacci Generator in Assembly - by Willem van Ketwich
Creating a Fibonacci Generator in Assembly - by Willem van KetwichWillem van Ketwich
 
Advanced procedures in assembly language Full chapter ppt
Advanced procedures in assembly language Full chapter pptAdvanced procedures in assembly language Full chapter ppt
Advanced procedures in assembly language Full chapter pptMuhammad Sikandar Mustafa
 
Devirtualizing FinSpy
Devirtualizing FinSpyDevirtualizing FinSpy
Devirtualizing FinSpyjduart
 
lec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdflec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdfhasan58964
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
DEF CON 27 - KYLE GWINNUP - next generation process emulation with binee
DEF CON 27 - KYLE GWINNUP - next generation process emulation with bineeDEF CON 27 - KYLE GWINNUP - next generation process emulation with binee
DEF CON 27 - KYLE GWINNUP - next generation process emulation with bineeFelipe Prado
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackironSource
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick reviewCe.Se.N.A. Security
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsCysinfo Cyber Security Community
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applicationscommiebstrd
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stackAlexandre Moneger
 

Similar to x86 Assembly & GDB Debugging Guide (20)

Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading SkillsReverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)
 
Swug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainathSwug July 2010 - windows debugging by sainath
Swug July 2010 - windows debugging by sainath
 
other-architectures.ppt
other-architectures.pptother-architectures.ppt
other-architectures.ppt
 
Mips
MipsMips
Mips
 
X86 assembly nasm syntax
X86 assembly nasm syntaxX86 assembly nasm syntax
X86 assembly nasm syntax
 
[ASM]Lab6
[ASM]Lab6[ASM]Lab6
[ASM]Lab6
 
N_Asm Assembly arithmetic instructions (sol)
N_Asm Assembly arithmetic instructions (sol)N_Asm Assembly arithmetic instructions (sol)
N_Asm Assembly arithmetic instructions (sol)
 
Creating a Fibonacci Generator in Assembly - by Willem van Ketwich
Creating a Fibonacci Generator in Assembly - by Willem van KetwichCreating a Fibonacci Generator in Assembly - by Willem van Ketwich
Creating a Fibonacci Generator in Assembly - by Willem van Ketwich
 
Advanced procedures in assembly language Full chapter ppt
Advanced procedures in assembly language Full chapter pptAdvanced procedures in assembly language Full chapter ppt
Advanced procedures in assembly language Full chapter ppt
 
Devirtualizing FinSpy
Devirtualizing FinSpyDevirtualizing FinSpy
Devirtualizing FinSpy
 
lec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdflec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdf
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet Filters
 
DEF CON 27 - KYLE GWINNUP - next generation process emulation with binee
DEF CON 27 - KYLE GWINNUP - next generation process emulation with bineeDEF CON 27 - KYLE GWINNUP - next generation process emulation with binee
DEF CON 27 - KYLE GWINNUP - next generation process emulation with binee
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick review
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
Advance ROP Attacks
Advance ROP AttacksAdvance ROP Attacks
Advance ROP Attacks
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applications
 
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack
 

Recently uploaded

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 

Recently uploaded (20)

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 

x86 Assembly & GDB Debugging Guide

  • 1. x86 assembly & GDB 1 briansp8210 briantaipei8210@gmail.com
  • 2. How to create an executable file 2 preprocess compile assemble link source code
  • 3. How to create an executable file 3 preprocess compile assemble link
  • 4. How to create an executable file 4 preprocess compile assemble link assembly language
  • 5. How to create an executable file 5 preprocess compile assemble link
  • 6. How to create an executable file 6 preprocess compile assemble link executable file
  • 7. Intel vs. AT&T syntax 7 Intel AT&T mov eax, 1 movl $1, %eax mov eax, [ebx+3] movl 3(%ebx), %eax add eax, [ebx+ecx*2h] addl (%ebx,%ecx,0x2), %eax  We prefer to use Intel syntax  objdump –M intel  set disassembly-flavor intel
  • 8. Register 8  General purpose register  EAX EBX ECX EDX ESI EDI ESP EBP  mainly used for arithmetic and data movement  some have special usage:  return value of function will be stored in EAX  system call number is indicated by EAX  ESP points to top of current stack frame  EBP points to base of current stack frame ALAH AX EAX ESI SI 32 16 0 (bits)8
  • 9. Register 9 ESP SP EBP BP 1st argument saved EBP return address …… …… local variables, saved registers… EBP  ESP  low address high address 32 16 0 (bits)
  • 10. Register 10 EIP IP EIP  32 16 0 (bits)  Instruction pointer  EIP  point to the next instruction to be executed
  • 11. Register 11  EFLAGS register  EFLAGS  contain a collection of flags indicating state of processor
  • 12. mov 12  assign value of src. operand to dest. operand  size of operands must be the same  mov dest. src.  mov ebp, esp  mov BYTE PTR [edi], 0x41  mov eax, DWORD PTR [esp+4] …… …… 0x80484d0 …… ESP+4  ESP  0xffffd260 …… …… 0xffffd264 0xffffd268 0x80484d0 EAX
  • 13. lea 13  assign effective address of src. operand to dest. operand  note the difference between mov and lea  lea dest. src.  lea eax, DWORD PTR [esp+4] …… …… 0x80484d0 …… ESP+4  ESP  0xffffd260 …… …… 0xffffd264 0xffffd268 0xffffd264 EAX
  • 14. 14  store the sum / difference of two operands to dest. operand  add/sub dest. src.  sub esp, 0x18  add DWORD PTR [edi], edx  cmp eax, 1 ; check whether eax is 1 add / sub
  • 15. 15  store the result of bitwise operation of two operands to dest.  and/or/xor dest. src.  and dl, 11101100b ; clear 1st, 2nd and 5th bits of dl  or dl, 00100000b ; set 6th bit of dl  xor eax, eax ; set eax to 0  test eax, eax ; check whether eax is 0 and / or / xor
  • 16. push 16  push sth to top of stack  push eax …… …… 0x80484d0 …… ESP  …… …… 0x41424344 EAX low address high address
  • 17. push 17  push operand to top of stack  push eax …… 0x41424344 0x80484d0 …… ESP  …… …… 0x41424344 EAX low address high address
  • 18. pop 18  pop value off top of stack and store to operand  pop esi …… 0xabcd1234 0x80484d0 …… ESP  …… …… 0x0 ESI low address high address
  • 19. pop 19  pop value off top of stack and store to operand  pop esi …… 0xabcd1234 0x80484d0 …… ESP  …… …… 0xabcd1234 ESI low address high address
  • 20. jmp 20  jump to specified location to continue execution  there are a variety of conditional jump instructions  jmp 0x8048436 EIP 
  • 21. jmp 21  jump to specified location to execute instruction  there are a variety of conditional jump instructions  jmp 0x8048436 EIP 
  • 22. call 22  push address of next consecutive instruction into stack as return address, and jump to execute target function  call write_msg …… …… 0x00000001 …… ESP  …… …… low address high address EIP 
  • 23. call 23  push address of next consecutive instruction on stack as return address, and jump to execute target function  call write_msg EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
  • 24. ret 24  retrieve return address from stack and jump back to it  ret EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
  • 25. ret 25  retrieve return address from stack and jump back to it  ret EIP  …… 0x080480bd 0x00000001 …… ESP  …… …… low address high address
  • 26. System Call 26  Program requests services from kernel of OS  System call number stores in EAX  Arguments order: EBX ECX EDX ESI EDI  Return value also stores in EAX  int 0x80 is used to trigger system call under Linux (x86)  Reference: x86 x86_64
  • 27. Common used system call 27 Name EAX EBX ECX EDX read 3 fd buf count write 4 fd buf count open 5 filename flags mode execve 11 filename argv envp Usually set to 0 Usually set to 0 (stdin) Usually set to 1 (stdout)
  • 29. Text User Interface (TUI) 29  lay src / asm / reg  Ctrl-x + a
  • 30. Basic operation 30  break -- set break point  b main # set a breakpoint at main()  b 4 # break at line 4  b *0xffffd1d0 # break at instruction at 0xffffd1d0  run [argument(s)] -- start the program  continue -- continue program execution until next breakpoint or termination
  • 31. Basic operation 31  attach -- attach to a process  at 1337 # attach to process whose pid is 1337  echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
  • 32. Basic operation 32  step -- run to next source line, can trace into function  next -- run to next source line without tracing into function  stepi -- instruction version of step  nexti -- instruction version of next
  • 33. Basic operation 33  record -- record the execution process, which can be observe in replay mode later  reverse-next  reverse-step  reverse-nexti  reverse-stepi
  • 34. Basic operation 34  print -- print the value  p/d var1 # print var1 in sign decimal  p/x $esp # print ESP in hexadecimal format  x -- examine memory content  x/32wx $esp # examine content from ESP to ESP+128  x/s 0x80484d0 # print content in 0x80484d0 as string  x/4i 0x080482be # print 4 instructions from 0x080482be
  • 35. Basic operation 35  Examine current stack frame
  • 36. Basic operation 36  info -- list some useful information  i b # list current breakpoints  i r # list value of each register  i proc map # print memory mapping  backtrace – show stack frames information recursive function
  • 37. Reference 37  Binary exploitation - AIS3  Intel and AT&T Syntax  x86 Instruction Set Reference  NASM document  GDB online document  用 Python 拓展 GDB