1
00:00:00,560 --> 00:00:01,580
Hello, my name is Typhoon.

2
00:00:01,580 --> 00:00:08,060
And in this section we'll do program analysis with a debugger which is a GDB.

3
00:00:08,300 --> 00:00:12,770
So in this section we will introduce debugging and assemble a program.

4
00:00:12,770 --> 00:00:19,430
So debugging is an important skill because with a debugger you can investigate the content of registers

5
00:00:19,430 --> 00:00:24,440
and memory in hexadecimal, binary or decimal representation.

6
00:00:24,440 --> 00:00:33,320
You already know from the previous lectures that the CPU is intensively using registers and memory and

7
00:00:33,350 --> 00:00:41,210
debugger allows you to execute the instructions step by step while looking at how the content of registers,

8
00:00:41,210 --> 00:00:43,790
memory and flag changes.

9
00:00:43,790 --> 00:00:50,390
So maybe you have experienced already your first assembly program crashing upon the execution with an

10
00:00:50,420 --> 00:00:54,590
unfriendly message such as the memory segmentation fault.

11
00:00:54,590 --> 00:01:03,710
So with the debugger, you can step through your program and find out exactly where and why things went

12
00:01:03,710 --> 00:01:04,280
wrong.

13
00:01:04,310 --> 00:01:11,440
So once you have assembled and linked your Helloworld program, remember we did that in previous lecture.

14
00:01:11,450 --> 00:01:11,720
Let's.

15
00:01:12,830 --> 00:01:17,390
Boom family here and here we have Hello program.

16
00:01:17,390 --> 00:01:24,860
If we try to run this, we will see the Hello world message and we can also see the mouse pad.

17
00:01:25,130 --> 00:01:30,380
hello.sm So we can also see this the code.

18
00:01:30,380 --> 00:01:39,500
So it's a 15 line assembly program so we don't save this for now clear at our hello.

19
00:01:39,500 --> 00:01:44,300
So if we cut this, as you can see here, we are getting some weird output.

20
00:01:44,300 --> 00:01:48,050
So that's why we will debug this compiled program.

21
00:01:48,050 --> 00:01:50,090
So let's see, here we have.

22
00:01:50,090 --> 00:01:50,420
Hello.

23
00:01:50,420 --> 00:01:50,780
Hello.

24
00:01:51,400 --> 00:01:51,940
Hello.

25
00:01:52,480 --> 00:01:53,050
Hello.

26
00:01:53,370 --> 00:01:53,600
Hello.

27
00:01:53,960 --> 00:01:55,310
We also have Makefile.

28
00:01:55,310 --> 00:01:57,740
Remember we did compile this.

29
00:01:58,650 --> 00:02:02,940
Program twice with make file and without make file here.

30
00:02:03,060 --> 00:02:05,250
So you already know how to compile this.

31
00:02:05,250 --> 00:02:13,650
And as I said, once you have assembled and linked your Hello World program without errors, you obtain

32
00:02:13,650 --> 00:02:15,090
this executable file.

33
00:02:15,090 --> 00:02:22,020
So with the debugger tool, you can load an executable program into the computer's memory and execute

34
00:02:22,100 --> 00:02:27,780
it line by line while examining various registers and memory places.

35
00:02:27,780 --> 00:02:33,420
So there are several free and commercial debuggers available in Linux.

36
00:02:33,420 --> 00:02:38,730
The mother of all debuggers is GDB.

37
00:02:38,760 --> 00:02:42,090
It is a command line program with very cryptic commands.

38
00:02:42,090 --> 00:02:50,520
So this is a much fun and in future sections we will use a tool with a graphical user interface that

39
00:02:50,520 --> 00:02:52,350
is based on GDB.

40
00:02:52,350 --> 00:02:59,980
But having a basic knowledge of GDB itself can be useful because not all gdb functionality is available

41
00:02:59,980 --> 00:03:07,840
in CSM and in your further career as an assembler programmer or reverse engineer, you will certainly

42
00:03:07,840 --> 00:03:14,590
look at various debuggers with a nice user interfaces and targeted at a specific platform such as Windows,

43
00:03:14,590 --> 00:03:16,060
Mac or Linux.

44
00:03:16,060 --> 00:03:23,320
So these graphical user interface debuggers will help you debug long and complex programs with much

45
00:03:23,320 --> 00:03:27,400
more ease as compared to this CLI.

46
00:03:27,580 --> 00:03:30,130
So the command line interface debugger.

47
00:03:30,130 --> 00:03:37,630
So but the GDB is a comprehensive and quick and dirty way to the Linux debugging and GDB is installed

48
00:03:37,630 --> 00:03:45,640
on most Linux development systems as you can see it, and if not it can easily be installed.

49
00:03:48,170 --> 00:03:50,270
It can easily be installed here.

50
00:03:51,480 --> 00:03:56,370
Uh, for troubleshooting without much overhead on the for the system.

51
00:03:56,370 --> 00:04:03,780
So here we will now quit, uh, from the, uh, debugger here so you can quit with Ctrl X and we will

52
00:04:03,780 --> 00:04:10,800
use GDB for now to give you some essential and uh, turn the other tools in uh, later sections.

53
00:04:10,800 --> 00:04:12,480
And uh, one more note.

54
00:04:12,480 --> 00:04:18,690
So GDB seems to be developed for debugging higher level languages, so some features will not be of

55
00:04:18,690 --> 00:04:24,090
any help when debugging in assembly and debugging of program with a CLI.

56
00:04:24,120 --> 00:04:29,400
So the command line interface debugger can be overwhelming at the first time.

57
00:04:29,400 --> 00:04:31,830
So do not despair when reading this.

58
00:04:32,250 --> 00:04:34,140
Um, the outputs.

59
00:04:34,140 --> 00:04:35,940
Uh, this program will give us.

60
00:04:35,970 --> 00:04:39,720
Oops, my mouse actually glitched a little bit, so let's actually.

61
00:04:42,370 --> 00:04:43,060
Open it again.

62
00:04:43,350 --> 00:04:43,990
Perfect.

63
00:04:44,050 --> 00:04:45,670
And here.

64
00:04:45,670 --> 00:04:52,780
So as I said, don't be scared when you are reading this octopus, because it is it was scary to me

65
00:04:52,780 --> 00:04:53,470
at once.

66
00:04:53,470 --> 00:04:59,380
And here, let's actually, as you as you can see here, uh, the GDB is already installed on our system,

67
00:04:59,380 --> 00:05:04,870
but you can also install sudo apt get install gdb here.

68
00:05:06,850 --> 00:05:07,540
And.

69
00:05:10,290 --> 00:05:10,890
GDP.

70
00:05:10,890 --> 00:05:13,310
And as you can see, it's already installed.

71
00:05:13,320 --> 00:05:20,880
So it actually comes pre-installed in most systems, both Linux Windows or Mac OS because it is needed

72
00:05:20,910 --> 00:05:25,350
tool for system and GDB here we will.

73
00:05:25,350 --> 00:05:30,420
Now as you can see we have a hello program so we will write the GDB.

74
00:05:32,170 --> 00:05:32,710
BdB.

75
00:05:32,770 --> 00:05:33,400
Hello.

76
00:05:35,800 --> 00:05:37,990
And as you can see here, this is our Halo program.

77
00:05:37,990 --> 00:05:47,680
So with this command gdb will load the executable alone into memory and answer with its own prompt which

78
00:05:47,680 --> 00:05:50,140
is as you can see it's a gdb prompt.

79
00:05:50,140 --> 00:05:54,970
So gdb will show a number of lines for your code.

80
00:05:54,970 --> 00:06:06,010
And so if we type the list here and as you can see here, um, if you type this list gdb will show the

81
00:06:06,010 --> 00:06:07,600
next lines and so on.

82
00:06:07,600 --> 00:06:13,270
So to list a specific line, for example, the start of your code is.

83
00:06:14,520 --> 00:06:21,990
Um, the list one here, the last one you will get the also the same output because the list one actually

84
00:06:21,990 --> 00:06:25,110
it's actually use the list two.

85
00:06:25,110 --> 00:06:31,170
And as you can see here, we are getting two different outputs here and here.

86
00:06:31,170 --> 00:06:32,520
This is the output here.

87
00:06:32,520 --> 00:06:39,570
So if the output on your screen is different from, uh, the, your screen containing the lots of this

88
00:06:39,600 --> 00:06:46,800
ampersand signs, then your GDB is configured to use the AT&amp;T system syntax flavor.

89
00:06:46,800 --> 00:06:49,590
So we will use the Intel syntax flavor.

90
00:06:49,590 --> 00:06:52,320
So which is more intuitive to us.

91
00:06:52,320 --> 00:06:56,520
Um, so we will show how to change the flavor in a minute.

92
00:06:56,520 --> 00:07:01,110
But um, if you run, uh, if you type this run here.

93
00:07:02,110 --> 00:07:09,550
As you can see here, starting program read debugging using using hold here and hello world and interfere

94
00:07:09,550 --> 00:07:16,660
one process for 840 exited normally and the gdb will run your with this command here.

95
00:07:16,840 --> 00:07:26,320
If you run the ip test run in your gdb prompt uh gdb will run hello program printing the hello world

96
00:07:26,320 --> 00:07:34,560
and return return to its prompt again and to quit the gdb type quit here.

97
00:07:34,570 --> 00:07:35,050
That's it.

98
00:07:35,050 --> 00:07:39,610
And now let's do some interesting stuff with gdb.

99
00:07:40,180 --> 00:07:41,920
But uh, first we will.

100
00:07:41,920 --> 00:07:44,680
In this lecture we will change the disassembler flavor.

101
00:07:44,680 --> 00:07:53,530
And to do this only you had this uh, sign, this ampersand sign when you typed list in previous exercise.

102
00:07:53,530 --> 00:07:58,090
So if you get that, uh, got that error.

103
00:07:58,090 --> 00:07:59,410
You need to write this.

104
00:07:59,450 --> 00:08:04,850
We will load the executable hello into gdb if it's not already there.

105
00:08:04,850 --> 00:08:11,840
So we will use set this assembly flavor Intel.

106
00:08:12,020 --> 00:08:13,490
So here.

107
00:08:14,780 --> 00:08:16,040
As you can see here.

108
00:08:19,130 --> 00:08:19,610
It's actually.

109
00:08:21,370 --> 00:08:21,880
Hello.

110
00:08:23,100 --> 00:08:26,880
And so you will you will need to write this in.

111
00:08:30,870 --> 00:08:32,660
Flavor Intel.

112
00:08:32,810 --> 00:08:35,870
And you will need to write this both here and here.

113
00:08:35,870 --> 00:08:43,520
So this will part the disassembled code in a format that is already familiar so you can make Intel the

114
00:08:43,520 --> 00:08:50,450
default flavor for GDB by using the appropriate setting in your Linux shell profile.

115
00:08:50,450 --> 00:08:59,000
So you can see the documentation of your Linux distribution in Ubuntu 18.0 and want to get the Debian

116
00:08:59,000 --> 00:08:59,540
here.

117
00:08:59,660 --> 00:09:04,580
GDB init file in your home directory containing the previous set instructions.

118
00:09:04,580 --> 00:09:11,540
So log out and log in and you should be using gdb with the Intel flavor from now on.

119
00:09:11,540 --> 00:09:18,650
And now here in next lecture we will also disassemble main to begin our analysis.

120
00:09:18,650 --> 00:09:20,480
So I'm waiting you in next lecture.