WEBVTT 00:00.470 --> 00:06.590 Hello, my name is Stephan, and in this lecture we are going to create our Mac file, compile assembly 00:06.590 --> 00:08.990 and run our program. 00:08.990 --> 00:12.770 So here in previous lecture we just have this errors here. 00:12.770 --> 00:15.290 So I fix this and change this. 00:15.950 --> 00:19.630 We had the move here accidentally, right? 00:19.640 --> 00:25.280 It move as an instruction, but here you need to change it to pop. 00:25.280 --> 00:33.830 So this is the last final version of our code here and I will share this on the instructor on the lecture 00:33.830 --> 00:36.770 attachment sections, and that's it. 00:36.770 --> 00:40.040 So now we will clear the screen again. 00:40.040 --> 00:43.070 And as you can see, we have kikinda here. 00:43.070 --> 00:45.650 So we will create the gedit file. 00:45.650 --> 00:48.200 In this case we will go get it. 00:48.530 --> 00:55.370 Um, actually we can also use the mouse pad, text editor, mouse pad, the make file and that's it. 00:55.370 --> 00:57.200 So here, this is our mouse pad. 00:57.200 --> 01:03.290 So we will firstly add actually we can also add comments and so on. 01:05.270 --> 01:07.370 But however, now we will. 01:09.300 --> 01:09.570 Here. 01:09.570 --> 01:10.800 Let's kicking. 01:12.030 --> 01:13.140 Uh, actually, it's actually. 01:13.140 --> 01:16.170 It's far from the keyboard, so. 01:17.840 --> 01:21.110 So kicking here and we all. 01:22.330 --> 01:30.640 Bring that all here and GCC output file so you learn that what this means in previous lecture when we 01:30.670 --> 01:32.440 compile the Hello world application. 01:32.440 --> 01:35.680 So I will not this entailed in this lecture again. 01:36.770 --> 01:38.360 So kicking. 01:41.080 --> 01:42.910 Seeing that all here again. 01:42.910 --> 01:43.920 We will also. 01:44.670 --> 01:47.530 So, you know, pie. 01:47.920 --> 01:51.220 And after that, we'll go to the second line. 01:51.220 --> 01:55.810 So thinking that, oh, here, this is also. 01:56.840 --> 01:58.430 You're kicking that. 01:58.760 --> 02:00.080 We will take this file. 02:01.140 --> 02:11.010 Give it to Nasm f Elf 64 is going to be kicked or kicked over here and that's it. 02:11.010 --> 02:12.420 Save this make file here. 02:12.420 --> 02:18.060 And after that you can close this notepad here, close and make here. 02:18.060 --> 02:24.480 And as you can see here, our make file is created and our application is also compiled. 02:24.480 --> 02:28.950 So this make this typing make here. 02:28.950 --> 02:34.980 After creating your make file, it should compile and link your assembly code and. 02:37.000 --> 02:37.680 Here. 02:37.690 --> 02:40.360 You need to also keep in mind that. 02:42.640 --> 02:43.420 Make file. 02:46.230 --> 02:51.270 So here, keep in mind that you don't use the spaces here. 02:51.390 --> 02:55.620 You need to use the tabs and that's it. 02:55.650 --> 02:56.400 After that. 02:58.310 --> 02:59.820 Mike, and as you can see. 03:01.260 --> 03:03.780 Is up to date and that's it here. 03:03.780 --> 03:10.980 Now, what we're going to do is we will start our program and analysis and we will start the analysis 03:10.980 --> 03:11.310 phase. 03:11.310 --> 03:15.600 So clear Now, let's start our kicking program. 03:15.600 --> 03:18.660 And as you can see, hello world and alive. 03:18.660 --> 03:30.120 So in our first program, hello ASM, we passed the length of message here MSG 13 characters and in 03:30.120 --> 03:37.740 in this RDX in order to display the message and kicking that we use a nice feature to calculate the 03:37.740 --> 03:41.760 length of our variables as you can see here. 03:41.760 --> 03:48.780 So the message minus negative message one minus one part means this here. 03:48.780 --> 04:00.090 So take this memory location and here the dollar sign and subtract the memory location of message to. 04:01.630 --> 04:04.780 And the result is the length of message two. 04:04.870 --> 04:10.000 So and this this is the same applies for this message one here. 04:10.000 --> 04:16.270 So take this memory location and subtract the memory location of message one. 04:16.270 --> 04:18.880 So the result is the length message one. 04:18.880 --> 04:28.480 So that length minus one here, this is the string terminating zero and it is stored in the constant 04:28.510 --> 04:32.340 message one length here and. 04:33.950 --> 04:40.760 And and note keep in mind that the use of function prologue and the function epilogue in the code so 04:40.760 --> 04:43.820 these are the needed for gdb to function correctly. 04:43.820 --> 04:52.310 As pointed out in the previous lecture, the prologue and epilogue code will be explained in later sections 04:52.310 --> 05:01.760 and let's do some memory digging with the GDB here again because we love that here and now we will gdb 05:02.480 --> 05:05.320 kicking here and that's it. 05:05.330 --> 05:11.300 So then at the gdb prompt you type this disassemble. 05:13.150 --> 05:15.300 Amble, Maine. 05:15.520 --> 05:16.660 And that's it. 05:16.690 --> 05:19.990 So here, this will show this output here. 05:24.110 --> 05:28.940 So on your computer, it seems that the variable message. 05:30.150 --> 05:37.260 One variable message, one sits at a location or somewhere on the byte and. 05:41.640 --> 05:41.790 Yeah. 05:41.790 --> 05:43.680 What are we going to do is, uh. 05:43.710 --> 05:46.660 We will firstly check that, um. 05:52.950 --> 05:54.180 X as. 05:54.980 --> 05:56.750 Zero x. 05:58.620 --> 05:59.760 The one here. 05:59.910 --> 06:04.350 And as you can see, you can access to at the address. 06:04.560 --> 06:08.130 So what we're going to do is we will. 06:13.450 --> 06:19.350 Now, we will also try that with the message one with this and. 06:21.270 --> 06:21.900 One here. 06:21.900 --> 06:24.510 And as you can see, here is Hello World. 06:24.510 --> 06:26.820 And let's actually try the message tool. 06:26.820 --> 06:28.340 And this is the kicking and alive. 06:28.350 --> 06:35.760 So we got this memory addresses of message one and message two here and we can also find the numeric 06:35.760 --> 06:36.840 values here. 06:36.840 --> 06:46.590 So in order to find that, we will again use x, d, W, so we will reduce it, reduce, reduce. 06:46.590 --> 06:52.230 And here, as you can see, we got 357 and this is the radius. 06:52.230 --> 06:56.820 And now we get the get this P here. 06:57.210 --> 07:02.130 So radius and P, as you can see here, P is. 07:02.940 --> 07:04.800 7113. 07:11.410 --> 07:12.100 And that's it. 07:12.100 --> 07:13.860 So we got this here. 07:13.870 --> 07:16.330 As you can see, it's the floating point number. 07:16.990 --> 07:18.370 And that's why. 07:19.960 --> 07:29.230 Uh, we got a strange output here, and in order to fix that, we will, instead of using x here. 07:29.350 --> 07:30.550 X w here. 07:30.550 --> 07:38.650 So we got we can get this decimal and hexadecimal right value stored at the memory locations like radius 07:38.650 --> 07:39.790 and so on. 07:39.970 --> 07:47.740 And then we get a strange result when we try to get this floating point variable and print it on screen. 07:47.980 --> 07:55.570 And in order to do that we will just we will not use D or W, we will use F, g. 07:56.820 --> 08:00.990 And here after that, we will pass and that's it. 08:01.170 --> 08:04.740 So this is the shows up and we can also. 08:07.580 --> 08:10.220 And rally with X here and. 08:15.140 --> 08:16.700 P and that's it. 08:16.710 --> 08:19.660 And this is our the size of the variable. 08:19.670 --> 08:23.210 And now what we're going to do is we will. 08:26.130 --> 08:26.550 Slim. 08:27.180 --> 08:32.100 Actually, there's a subtlety that you should be aware of here. 08:32.100 --> 08:36.660 So to demonstrate, we will open the. 08:39.420 --> 08:40.680 We will open this. 08:43.910 --> 08:49.190 We actually created the LST using the Makefile. 08:49.460 --> 08:51.340 Let's actually do that again. 08:51.350 --> 08:57.290 So it's a pretty simple just open Makefile again. 09:04.370 --> 09:04.970 Emily. 09:07.750 --> 09:08.410 Project. 09:09.070 --> 09:14.320 As however mousepad eg file. 09:14.320 --> 09:19.050 So now you will learn how to create this l. 09:22.170 --> 09:23.130 While here. 09:26.190 --> 09:31.290 In order to do that, we will just add just a slight bit modification here. 09:31.440 --> 09:32.190 So. 09:33.070 --> 09:37.600 In the kicking that whole section here after this line that. 09:39.580 --> 09:39.980 Right. 09:40.280 --> 09:41.600 We will add. 09:42.640 --> 09:43.200 L. 09:44.040 --> 09:45.180 Uh, kicking. 09:45.800 --> 09:52.640 At least so because we need this so much here for analyzing. 09:55.580 --> 09:55.760 But. 09:57.120 --> 09:57.360 The. 10:00.810 --> 10:03.120 Begin Project Make here. 10:03.590 --> 10:07.970 And make it up to date as our place. 10:25.750 --> 10:26.110 Us. 10:26.810 --> 10:32.240 And as you can see, we got this kicking that this test here. 10:32.240 --> 10:33.620 So we wanted that. 10:33.620 --> 10:34.370 But it's okay. 10:34.700 --> 10:40.640 There's a, uh, actually this file extensions didn't make much difference in programming, low level, 10:40.970 --> 10:42.440 high level programming here. 10:42.440 --> 10:44.840 And that's why let's actually. 10:45.050 --> 10:46.520 Let's make it right. 10:46.520 --> 10:47.000 Right. 10:47.000 --> 10:53.200 So our kicking or I'm kicking that LSTs and ram. 10:55.010 --> 10:58.040 Or I'm kicking that all here as. 11:00.790 --> 11:03.110 And I'll use the Mac. 11:04.030 --> 11:09.060 And as you can see, we have this LST file right here. 11:09.070 --> 11:18.790 So what we're going to do is we will firstly open this file with mouse pad again, the picking dot lst 11:19.180 --> 11:20.260 and that's it. 11:20.470 --> 11:23.020 So what we have here, there's a. 11:24.700 --> 11:28.030 Uh, so what we have here, we have the. 11:28.860 --> 11:31.620 Sections and the memories here. 11:32.250 --> 11:33.030 So. 11:34.070 --> 11:36.830 Now, you need to check this lines. 11:36.920 --> 11:39.650 Line ten and 11 here. 11:40.530 --> 11:43.380 And you'll also need to check. 11:44.280 --> 11:44.730 Yes. 11:44.850 --> 11:48.240 Line on 11 and here. 11:49.290 --> 12:00.130 On the left here, you can find the hexadecimal representation of the radius P And as you can see here. 12:01.440 --> 12:02.850 And instead of. 12:05.170 --> 12:07.120 0165. 12:07.150 --> 12:09.300 You find 62501. 12:09.310 --> 12:17.320 And instead of this which we got here, the hexadecimal number we got here. 12:17.740 --> 12:18.580 Remember that? 12:19.110 --> 12:20.650 Add it somewhere. 12:21.570 --> 12:22.260 Here. 12:28.020 --> 12:28.400 Excellent. 12:28.620 --> 12:29.340 Let's actually. 12:29.960 --> 12:30.470 As. 12:31.560 --> 12:32.640 And that makes. 12:33.870 --> 12:34.350 Again. 12:36.190 --> 12:38.170 Players gdb. 12:45.240 --> 12:52.890 So here we will again get that value for you so you can see what's the difference and where is the problem 12:53.100 --> 12:53.810 with that. 12:53.820 --> 12:58.990 So in order to do that we will just go for example XD. 13:00.330 --> 13:05.860 Actually let's get first a string and write that down here. 13:05.880 --> 13:10.800 Have string message one string message. 13:13.800 --> 13:22.830 But we first need this radius and pi here so we know that the value of radius, we obviously can see 13:22.830 --> 13:23.700 it here. 13:24.480 --> 13:24.660 Uh. 13:24.660 --> 13:27.480 King taking that He. 13:29.400 --> 13:31.080 Open a mousepad. 13:31.230 --> 13:34.740 So here we see this variables and values. 13:34.740 --> 13:37.800 But there's a strange here, so there's something wrong, actually. 13:38.580 --> 13:39.930 Our program will work, but. 13:41.100 --> 13:44.290 It has some warnings here, which we. 13:45.780 --> 13:48.620 You need to learn, uh, what what stands for. 13:48.630 --> 13:50.190 So I need to explain to you. 13:50.340 --> 13:51.330 Explain it to you. 13:51.330 --> 13:53.880 And now the W here. 13:54.000 --> 13:55.770 We will firstly get the radius. 13:55.770 --> 14:01.020 So, uh, with, with the W we get the radius value here. 14:01.020 --> 14:03.480 In this case, let's actually reduce. 14:03.480 --> 14:04.440 But we don't need that. 14:04.440 --> 14:06.030 We already can see it. 14:06.060 --> 14:13.530 We will use x, w and again we will also use f x here for the P. 14:16.420 --> 14:17.350 As the P here. 14:17.380 --> 14:18.160 That's it. 14:24.390 --> 14:26.110 X 50. 14:44.080 --> 14:45.790 Uh, yeah, that's it. 14:46.270 --> 14:46.960 So. 14:48.070 --> 14:49.750 As I said, instead of. 14:50.750 --> 14:51.230 This. 14:53.940 --> 14:56.130 0165. 14:57.060 --> 15:00.020 You're seeing 6501. 15:00.030 --> 15:04.320 So this is the bytes. 15:04.320 --> 15:10.050 The one byte in two hex numbers are in reverse order. 15:10.050 --> 15:13.680 So this characteristics is called indianness. 15:13.680 --> 15:19.830 So the big Indian format stores numbers the way we are used to seeing them. 15:19.830 --> 15:26.430 So with the most significant digits starting at the left and the left, Indian format stores the least 15:26.430 --> 15:29.570 significant numbers starting at the left. 15:29.580 --> 15:37.740 So Intel processors use little endian and that can be very confusing when looking at the hexadecimal 15:37.740 --> 15:38.010 code. 15:38.010 --> 15:44.040 So why do they have such strange names like Big in Indian and Little in Indian? 15:44.040 --> 15:50.820 So in 1726, Jonathan Swift wrote a famous novel. 15:51.150 --> 15:55.890 Villiers travels in the novel appear to fictional islands. 15:55.890 --> 16:03.940 So Lilliput and Blefuscu inhabitants of Lilliput are at war with the people of Blefuscu. 16:03.940 --> 16:08.830 But after break, eggs on the small island or on the bigger end. 16:08.860 --> 16:11.410 So little boats are little Indians. 16:11.410 --> 16:12.160 Indians. 16:12.160 --> 16:21.460 So preferring to break their eggs on the smaller ones and Basophils are big Indians, not Indians. 16:21.640 --> 16:22.540 Indians. 16:22.600 --> 16:28.480 Now you see that the modern computing has traditions rooted in the distant past. 16:28.480 --> 16:31.780 So take the time to single step through the program. 16:31.810 --> 16:34.450 Break main run Next, next, next. 16:34.450 --> 16:40.540 And you can see that GDB steps over the function block and edit the source code. 16:40.540 --> 16:45.880 Delete the function prologue epilogue and we make the program single step again with a gdb. 16:45.910 --> 16:50.590 In our case, gdb does not does refuse to single step at. 16:52.130 --> 16:52.910 The program. 16:52.910 --> 17:00.140 And when assembling with another assembler based on NSM, we can safely omit the prologue and epilogue 17:00.140 --> 17:02.750 code and step through the code with GDB. 17:02.900 --> 17:05.510 And sometimes it's necessary to experiment. 17:05.570 --> 17:07.880 Tinker and giggle around.