WEBVTT

00:00.440 --> 00:01.460
Hello, my name is Stephen.

00:01.460 --> 00:05.090
And in this lecture we are going to the main function.

00:06.000 --> 00:06.460
PDB.

00:06.930 --> 00:10.800
So we will start a gdb with hello to our analysis.

00:10.800 --> 00:14.670
But firstly, if you didn't watch the previous lecture here we have this.

00:14.670 --> 00:15.660
Hello here.

00:15.840 --> 00:20.280
So we created this in previous section here.

00:20.280 --> 00:22.020
So if we run this.

00:22.050 --> 00:28.080
So we wrote that assembler language and so basically it prints out the Hello world message.

00:28.080 --> 00:29.820
And we also have this.

00:30.750 --> 00:31.890
Source code here.

00:32.910 --> 00:37.140
Sam's here, so we will open the project here.

00:37.140 --> 00:37.380
Hello.

00:38.040 --> 00:38.850
So this is our.

00:38.850 --> 00:39.110
The.

00:39.150 --> 00:40.700
This is our source code.

00:40.710 --> 00:46.980
Uh, and then we will compile that to Hello here and now we will disassemble the main.

00:46.980 --> 00:54.270
So we will start the gdb here and after that we will pass the hello file.

00:54.840 --> 00:59.430
So you need to be in the same directory as your output file.

00:59.430 --> 01:06.930
So now um, here, as you learned before this, the Hello World program first initializes initializes

01:06.930 --> 01:16.410
some data in this section, the data and section.bs here so and then proceeds the to the main label

01:16.410 --> 01:19.140
and this is where the action starts here.

01:19.140 --> 01:21.720
So let's begin our examination there.

01:21.870 --> 01:26.160
And at the gdb prompt you will type the disassemble.

01:27.410 --> 01:27.920
Tumble.

01:29.060 --> 01:33.830
Main and here gdb returns your source code more or less.

01:33.830 --> 01:40.040
So the return source code isn't exactly the same as your source code were originally right and right.

01:40.040 --> 01:44.960
So it's actually has some move, move move apps here.

01:44.960 --> 01:48.920
So as you can see it's not um the same.

01:48.920 --> 01:52.130
And uh, gdb returns your source code more or less.

01:52.130 --> 01:55.730
But uh, let's actually question that.

01:55.760 --> 01:56.630
Strange isn't it?

01:56.630 --> 01:57.050
Right.

01:57.050 --> 01:58.010
What happened there?

01:58.010 --> 02:01.430
And there is some analysis needed here.

02:01.430 --> 02:11.300
So uh, the long numbers on the left, um, starting with 0X000 and so on, are these are the memory

02:11.300 --> 02:11.960
addresses.

02:11.960 --> 02:15.860
So, um, this long numbers on the left are the memory addresses.

02:15.860 --> 02:22.490
Uh, so they are the places where the machine instructions of our program are stored, as you can see

02:22.490 --> 02:24.680
here from the addresses.

02:24.680 --> 02:26.110
Um, and, um.

02:27.380 --> 02:28.520
Well, Plaza's here.

02:28.700 --> 02:35.750
Zero plus five, ten, 20, 25, 27, 32, 37 in the second line here.

02:36.120 --> 02:38.330
Uh, this is the first instruction.

02:38.330 --> 02:39.110
Move.

02:39.650 --> 02:46.640
Move X0X1 needs five bytes of memory.

02:46.640 --> 02:47.090
So.

02:47.090 --> 02:48.020
But wait a minute.

02:48.020 --> 02:53.060
So in our source code, we wrote mov rax one.

02:53.470 --> 02:55.670
So what's the deal with the x here?

02:55.670 --> 02:56.060
Right.

02:56.060 --> 03:02.780
So, well, if you look at the register table on our Linux here, so you will see that a x is the low

03:02.780 --> 03:05.990
of 32 bit part of the rax register.

03:05.990 --> 03:14.000
So the assembler is smart enough to figure out that the 64 register is far too much to heart, too much

03:14.000 --> 03:20.210
waste of resources for storing the number one, so it uses the 32 bit register.

03:20.210 --> 03:28.410
So the same is true for the use of edX here and addicts add add and add x here.

03:28.770 --> 03:30.540
Add add x.

03:30.690 --> 03:41.040
So here in this table we have our we have the RDA and the x, but here our compiler change it to add

03:41.040 --> 03:44.700
and add x so it uses here.

03:45.790 --> 03:47.370
And this is the same apply.

03:47.380 --> 03:55.360
So our compiler didn't want to waste so much memory for this decimal numbers it needed to.

03:55.360 --> 04:02.500
And the 64 bit assembler is an extension of the 32 bit assembler and you will see that whenever possible

04:02.500 --> 04:06.400
the assembler will use 32 bit instructions.

04:06.400 --> 04:14.380
So the 0X1 is the hexadecimal representation of the decimal number one.

04:14.380 --> 04:14.710
Right?

04:14.710 --> 04:18.400
So you learn that in the previous lecture and 0XD.

04:19.620 --> 04:24.260
A0X or 0XC is zero.

04:24.260 --> 04:30.380
X is the decimal representation of 13 and zero x.

04:30.410 --> 04:34.010
C is a decimal representation of 12.

04:34.810 --> 04:42.670
And but 0X3C is a decimal representation of 60.

04:42.700 --> 04:52.840
So the Nop instruction here by the Nop instruction means that no operation and is inserted there by

04:52.840 --> 04:54.820
the assembler.

04:55.970 --> 04:58.070
Memory management reason.

04:58.070 --> 05:00.670
But you might be.

05:00.680 --> 05:02.270
We might be missing something here.

05:02.270 --> 05:02.570
Right?

05:02.570 --> 05:06.620
So what happened to our message?

05:06.650 --> 05:07.340
Right.

05:07.700 --> 05:11.960
So we don't have any message here, as you can see here.

05:12.820 --> 05:13.510
Now.

05:15.470 --> 05:18.020
This instruction here.

05:18.200 --> 05:18.680
Move.

05:18.860 --> 05:19.200
Move!

05:19.230 --> 05:19.490
ABS.

05:19.660 --> 05:20.030
RSI.

05:20.690 --> 05:22.490
Um, here, as you can see.

05:22.490 --> 05:22.850
Here.

05:22.880 --> 05:23.270
Move.

05:23.450 --> 05:24.170
Move.

05:24.200 --> 05:24.770
RSI.

05:24.810 --> 05:28.650
Message got replaced by move.

05:28.670 --> 05:30.650
Actually, let's make it always on top.

05:30.650 --> 05:36.620
So this RSI message here got replaced by Move.

05:36.650 --> 05:39.230
ABS Move Apps RSI.

05:39.650 --> 05:44.930
And here we have this hexadecimal number zero x 44 to 10.

05:44.930 --> 05:48.040
So don't worry about move apps for now.

05:48.050 --> 05:56.060
So is it there because of the 64 bit addressing and it used to put an immediate value in a register

05:56.060 --> 06:03.290
and this zero x 44 to 10 is the memory address where message is stored on our computer.

06:03.290 --> 06:06.650
And this can be different address in your case.

06:06.650 --> 06:09.920
So it's actually changing and.

06:11.440 --> 06:12.620
At the GDP.

06:13.190 --> 06:16.610
Let's actually type this following here.

06:16.970 --> 06:20.060
X/S0X.

06:20.060 --> 06:27.800
So you will use this slash where you are using this for the URLs on your browser, not the reverse slash

06:27.800 --> 06:28.370
here.

06:28.460 --> 06:33.560
So zero x 4040 ten.

06:34.370 --> 06:35.570
Um, here.

06:35.570 --> 06:38.240
Or actually, instead, you will write this.

06:38.990 --> 06:41.000
You say this will be different on your system.

06:41.000 --> 06:42.680
This value will be different on your system.

06:42.680 --> 06:45.360
So you will you write, uh, this, uh.

06:47.020 --> 06:49.850
Your value here and not 44%.

06:49.870 --> 06:55.120
So in this case, I will write 44% because it resides on our message resides on that.

06:55.120 --> 07:01.770
And here we access here and we will press enter and that's it.

07:01.780 --> 07:06.850
So here we have a hello world message on our on this memory.

07:07.590 --> 07:15.770
And the X here stands for examine and here's stands for string.

07:15.780 --> 07:24.480
And the gdb answered that on our zero x 44 to 10 decimal hexadecimal number is the start of the string

07:24.480 --> 07:31.380
message and tries to show the whole string up until the string terminating zero here that we plotted

07:31.380 --> 07:31.860
here.

07:31.860 --> 07:38.880
So now you know, one of the reasons why we put a terminating zero after the Hello world and you can

07:38.880 --> 07:41.070
also type the.

07:42.700 --> 07:43.780
No, they are, actually.

07:43.780 --> 07:46.330
You can also type this here.

07:46.540 --> 07:53.530
Uh, instead of s, you can type C, and here we got this H here.

07:53.650 --> 07:59.860
So, uh, with the C here with the C here, you ask for a character.

08:00.840 --> 08:01.220
Right.

08:01.580 --> 08:09.830
So here, GDP returns the first character of our message, preceded by the decimal Ascii code of the

08:09.860 --> 08:10.880
of that character.

08:10.880 --> 08:20.330
In this case, it's 104 and do a Google search here or a table of Ascii codes to verify and keep that

08:20.330 --> 08:22.070
table handy for future use.

08:22.070 --> 08:30.350
So there's no need to memorize, memorize it or open an additional terminal window, um, here and type

08:30.500 --> 08:34.850
man Ascii here and here.

08:35.120 --> 08:37.850
We will see all the Ascii tables here.

08:37.850 --> 08:48.290
And it wrote something like it's actually 100, 104 here, so 104.

08:48.290 --> 08:50.870
So it's actually.

08:52.050 --> 08:53.220
H here need to be.

08:53.260 --> 08:53.690
H.

08:56.620 --> 08:58.920
A, B, C, D, as you can see here, characters.

08:58.930 --> 09:00.640
And we also have.

09:02.050 --> 09:05.440
In the left side we have octal, decimal hex and character here.

09:10.720 --> 09:13.030
So we will press enter.

09:15.170 --> 09:17.540
We see the age.

09:18.060 --> 09:26.310
And as you can see here, in 104 of the decimal here, we are seeing our age.

09:28.300 --> 09:28.960
We can.

09:29.170 --> 09:33.790
This man is always useful for the Linux users here.

09:34.540 --> 09:35.260
And.

09:36.210 --> 09:39.150
Well, let's actually look at the other examples as well.

09:39.270 --> 09:47.610
So we will write here F before C we will write 13 C here and that's it.

09:47.610 --> 10:00.120
Here we have this h a l l o r comma space world here so you can use this, uh, following, uh, 13

10:00.120 --> 10:04.080
characters, uh, to write all the.

10:05.770 --> 10:09.190
The characters that reside on that memory address.

10:09.190 --> 10:16.240
And as you can see, it starts from 40, 40, ten and ends at 40 4018 here.

10:17.030 --> 10:17.510
So.

10:19.070 --> 10:19.580
No, that's it.

10:19.580 --> 10:22.640
And we can also do this here instead of characters.

10:22.640 --> 10:25.120
We can do the D here.

10:25.280 --> 10:29.840
Um, and as you can see here, instead of seeing characters, we are seeing the decimal representation

10:29.840 --> 10:32.300
of that characters in Ascii table.

10:32.570 --> 10:34.760
And we can also use this.

10:36.050 --> 10:39.040
You can also use X with this.

10:39.040 --> 10:45.820
Here we are seeing the 13 characters starting memory address in a hexadecimal representation.

10:47.220 --> 10:55.080
And we can also do this here, X and ampersand here and message.

10:55.410 --> 10:59.010
And as you can see, we are seeing full Hello world.

10:59.160 --> 11:06.150
And now let's return to disassemble the listing in next lecture.

11:06.150 --> 11:06.830
So I'm waiting you in.

11:06.840 --> 11:07.410
Next lecture.