WEBVTT

00:00.560 --> 00:01.580
Hello, my name is Typhoon.

00:01.580 --> 00:08.060
And in this section we'll do program analysis with a debugger which is a GDB.

00:08.300 --> 00:12.770
So in this section we will introduce debugging and assemble a program.

00:12.770 --> 00:19.430
So debugging is an important skill because with a debugger you can investigate the content of registers

00:19.430 --> 00:24.440
and memory in hexadecimal, binary or decimal representation.

00:24.440 --> 00:33.320
You already know from the previous lectures that the CPU is intensively using registers and memory and

00:33.350 --> 00:41.210
debugger allows you to execute the instructions step by step while looking at how the content of registers,

00:41.210 --> 00:43.790
memory and flag changes.

00:43.790 --> 00:50.390
So maybe you have experienced already your first assembly program crashing upon the execution with an

00:50.420 --> 00:54.590
unfriendly message such as the memory segmentation fault.

00:54.590 --> 01:03.710
So with the debugger, you can step through your program and find out exactly where and why things went

01:03.710 --> 01:04.280
wrong.

01:04.310 --> 01:11.440
So once you have assembled and linked your Helloworld program, remember we did that in previous lecture.

01:11.450 --> 01:11.720
Let's.

01:12.830 --> 01:17.390
Boom family here and here we have Hello program.

01:17.390 --> 01:24.860
If we try to run this, we will see the Hello world message and we can also see the mouse pad.

01:25.130 --> 01:30.380
hello.sm So we can also see this the code.

01:30.380 --> 01:39.500
So it's a 15 line assembly program so we don't save this for now clear at our hello.

01:39.500 --> 01:44.300
So if we cut this, as you can see here, we are getting some weird output.

01:44.300 --> 01:48.050
So that's why we will debug this compiled program.

01:48.050 --> 01:50.090
So let's see, here we have.

01:50.090 --> 01:50.420
Hello.

01:50.420 --> 01:50.780
Hello.

01:51.400 --> 01:51.940
Hello.

01:52.490 --> 01:53.050
Hello.

01:53.370 --> 01:53.600
Hello.

01:53.960 --> 01:55.310
We also have Makefile.

01:55.310 --> 01:57.740
Remember we did compile this.

01:58.650 --> 02:02.940
Program twice with make file and without make file here.

02:03.060 --> 02:05.250
So you already know how to compile this.

02:05.250 --> 02:13.650
And as I said, once you have assembled and linked your Hello World program without errors, you obtain

02:13.650 --> 02:15.090
this executable file.

02:15.090 --> 02:22.020
So with the debugger tool, you can load an executable program into the computer's memory and execute

02:22.100 --> 02:27.780
it line by line while examining various registers and memory places.

02:27.780 --> 02:33.420
So there are several free and commercial debuggers available in Linux.

02:33.420 --> 02:38.730
The mother of all debuggers is GDB.

02:38.760 --> 02:42.090
It is a command line program with very cryptic commands.

02:42.090 --> 02:50.520
So this is a much fun and in future sections we will use a tool with a graphical user interface that

02:50.520 --> 02:52.350
is based on GDB.

02:52.350 --> 02:59.980
But having a basic knowledge of GDB itself can be useful because not all gdb functionality is available

02:59.980 --> 03:07.840
in CSM and in your further career as an assembler programmer or reverse engineer, you will certainly

03:07.840 --> 03:14.590
look at various debuggers with a nice user interfaces and targeted at a specific platform such as Windows,

03:14.590 --> 03:16.060
Mac or Linux.

03:16.060 --> 03:23.320
So these graphical user interface debuggers will help you debug long and complex programs with much

03:23.320 --> 03:27.400
more ease as compared to this CLI.

03:27.580 --> 03:30.130
So the command line interface debugger.

03:30.130 --> 03:37.630
So but the GDB is a comprehensive and quick and dirty way to the Linux debugging and GDB is installed

03:37.630 --> 03:45.640
on most Linux development systems as you can see it, and if not it can easily be installed.

03:48.170 --> 03:50.270
It can easily be installed here.

03:51.480 --> 03:56.370
Uh, for troubleshooting without much overhead on the for the system.

03:56.370 --> 04:03.780
So here we will now quit, uh, from the, uh, debugger here so you can quit with Ctrl X and we will

04:03.780 --> 04:10.800
use GDB for now to give you some essential and uh, turn the other tools in uh, later sections.

04:10.800 --> 04:12.480
And uh, one more note.

04:12.480 --> 04:18.690
So GDB seems to be developed for debugging higher level languages, so some features will not be of

04:18.690 --> 04:24.090
any help when debugging in assembly and debugging of program with a CLI.

04:24.120 --> 04:29.400
So the command line interface debugger can be overwhelming at the first time.

04:29.400 --> 04:31.830
So do not despair when reading this.

04:32.250 --> 04:34.140
Um, the outputs.

04:34.140 --> 04:35.940
Uh, this program will give us.

04:35.970 --> 04:39.720
Oops, my mouse actually glitched a little bit, so let's actually.

04:42.370 --> 04:43.060
Open it again.

04:43.350 --> 04:43.990
Perfect.

04:44.050 --> 04:45.670
And here.

04:45.670 --> 04:52.780
So as I said, don't be scared when you are reading this octopus, because it is it was scary to me

04:52.780 --> 04:53.470
at once.

04:53.470 --> 04:59.380
And here, let's actually, as you as you can see here, uh, the GDB is already installed on our system,

04:59.380 --> 05:04.870
but you can also install sudo apt get install gdb here.

05:06.850 --> 05:07.540
And.

05:10.290 --> 05:10.890
GDP.

05:10.890 --> 05:13.310
And as you can see, it's already installed.

05:13.320 --> 05:20.880
So it actually comes pre-installed in most systems, both Linux Windows or Mac OS because it is needed

05:20.910 --> 05:25.350
tool for system and GDB here we will.

05:25.350 --> 05:30.420
Now as you can see we have a hello program so we will write the GDB.

05:32.170 --> 05:32.710
BdB.

05:32.770 --> 05:33.400
Hello.

05:35.800 --> 05:37.990
And as you can see here, this is our Halo program.

05:37.990 --> 05:47.680
So with this command gdb will load the executable alone into memory and answer with its own prompt which

05:47.680 --> 05:50.140
is as you can see it's a gdb prompt.

05:50.140 --> 05:54.970
So gdb will show a number of lines for your code.

05:54.970 --> 06:06.010
And so if we type the list here and as you can see here, um, if you type this list gdb will show the

06:06.010 --> 06:07.600
next lines and so on.

06:07.600 --> 06:13.270
So to list a specific line, for example, the start of your code is.

06:14.520 --> 06:21.990
Um, the list one here, the last one you will get the also the same output because the list one actually

06:21.990 --> 06:25.110
it's actually use the list two.

06:25.110 --> 06:31.170
And as you can see here, we are getting two different outputs here and here.

06:31.170 --> 06:32.520
This is the output here.

06:32.520 --> 06:39.570
So if the output on your screen is different from, uh, the, your screen containing the lots of this

06:39.600 --> 06:46.800
ampersand signs, then your GDB is configured to use the AT&amp;T system syntax flavor.

06:46.800 --> 06:49.590
So we will use the Intel syntax flavor.

06:49.590 --> 06:52.320
So which is more intuitive to us.

06:52.320 --> 06:56.520
Um, so we will show how to change the flavor in a minute.

06:56.520 --> 07:01.110
But um, if you run, uh, if you type this run here.

07:02.110 --> 07:09.550
As you can see here, starting program read debugging using using hold here and hello world and interfere

07:09.550 --> 07:16.660
one process for 840 exited normally and the gdb will run your with this command here.

07:16.840 --> 07:26.320
If you run the ip test run in your gdb prompt uh gdb will run hello program printing the hello world

07:26.320 --> 07:34.560
and return return to its prompt again and to quit the gdb type quit here.

07:34.570 --> 07:35.050
That's it.

07:35.050 --> 07:39.610
And now let's do some interesting stuff with gdb.

07:40.180 --> 07:41.920
But uh, first we will.

07:41.920 --> 07:44.680
In this lecture we will change the disassembler flavor.

07:44.680 --> 07:53.530
And to do this only you had this uh, sign, this ampersand sign when you typed list in previous exercise.

07:53.530 --> 07:58.090
So if you get that, uh, got that error.

07:58.090 --> 07:59.410
You need to write this.

07:59.510 --> 08:04.850
We will load the executable hello into gdb if it's not already there.

08:04.850 --> 08:11.840
So we will use set this assembly flavor Intel.

08:12.020 --> 08:13.490
So here.

08:14.780 --> 08:16.040
As you can see here.

08:19.130 --> 08:19.610
It's actually.

08:21.350 --> 08:21.860
Hello.

08:23.100 --> 08:26.880
And so you will you will need to write this in.

08:30.870 --> 08:32.660
Flavor Intel.

08:32.810 --> 08:35.870
And you will need to write this both here and here.

08:35.870 --> 08:43.520
So this will part the disassembled code in a format that is already familiar so you can make Intel the

08:43.520 --> 08:50.450
default flavor for GDB by using the appropriate setting in your Linux shell profile.

08:50.450 --> 08:59.000
So you can see the documentation of your Linux distribution in Ubuntu 18.0 and want to get the Debian

08:59.000 --> 08:59.540
here.

08:59.660 --> 09:04.580
GDB init file in your home directory containing the previous set instructions.

09:04.580 --> 09:11.540
So log out and log in and you should be using gdb with the Intel flavor from now on.

09:11.540 --> 09:18.650
And now here in next lecture we will also disassemble main to begin our analysis.

09:18.650 --> 09:20.480
So I'm waiting you in next lecture.