GDB Debug Assembler Stack

GDB Debugging Assembly Stack Prep work

• Terminal Compilation tool:

  • Compile a 64-bit Linux version 32-bit binary file, you need to install a library, use the instructions sudo apt-get install libc6-dev-i386

• Test code:

  • TEST.c

Analysis process

• 1. Generate assembly code: GCC-G Gdbtest.c-o gdbtest-m32
• 2. Debug: GDB Test
• 3. Set breakpoints, because the purpose is to parse instead of debugging bugs, so we set breakpoints in the main function
• 4. Start GdB debugging: R (un), if you want to get the assembly code at this time, the available instructions: disassemble

• 5. The value of the register can be viewed at this time: I (NFO) R (egisters), the format shown is 3 columns:

  • 1th Column: Register name
  • 2nd Column: The address of the Register
  • 3rd column: The value stored in the Register

• 6: Combine the display commands and registers or the internal variables of the PC to do the following: display/i $pc so that the currently executing statement will be displayed each time the next assembly statement is executed. The following shows the changes in%esp,%EBP, and stack contents at each step:

Procedure (the instruction in the command is actually a pending command)

• Initial

• Push $0x7

• Call 0x80483e8 calls F (0x80483e8)

• Push%EBP executes the F function, F initializes the frame pointer, moves the base address of the previous function into the stack, and the current%ESP as the new base address

• MOV%esp,%ebp allocating stack space, preparing for the transfer of parameters

• PUSHL 0x8 (%EBP) to deposit 8 of%ESP in the stack

• Call 0x80483db calls G (0x80483db)

• Push%EBP initialization stack pointer

• mov%esp,%ebp allocation stack space

• mov 0x8 (%EBP),%eax will be 8 deposited in the stack

• Add $0x1336495,%eax adds%eax to the immediate number 20145301

• Pop%ebp%EBP Before the end of the stack

• RET returns call position, End Function

• Add $0x4,%esp adds%esp to the immediate number 4

• Leave back to Prep stack

• RET returns call position, End Function

• Add $0x4,%esp adds%esp to the immediate number 4

• Add $0x1,%eax adds%eax to the immediate number 1

Analysis of Assembly code

Register analysis start to end of main function

instruction	%eip	%esp	%EBP	%eax	Stack
Initial	0x80483fb	0xffffd068	0xffffd068	0xf7fbaddc	Empty
Push $0x7	0x80483fd	0xffffd064	0xffffd068	0xf7fbaddc	0x7
Call 0x80483e8	0x80483e8	0xffffd060	0xffffd068	0xf7fbaddc	0x8048402 0x7
Push%EBP	0x80483e9	0xffffd05c	0xffffd068	0xf7fbaddc	0xffffd068 0x8048402 0x7
MOV%ESP,%EBP	0x80483eb	0xffffd05c	0xffffd05c	0xf7fbaddc	0xffffd068 0x8048402 0x7
PUSHL 0x8 (%EBP)	0x80483ee	0xffffd058	0xffffd05c	0xf7fbaddc	0x7 0xffffd068 0x8048402 0x7
Call 0x80483db	0x80483db	0xffffd054	0xffffd05c	0xf7fbaddc	0X80483F3 0x7 0xffffd068 0x8048402 0x7
Push%EBP	0x80483dc	0xffffd050	0xffffd05c	0xf7fbaddc	0xffffd05c 0x80483f3 0x7 0xffffd068 0x8048402 0x7
MOV%ESP,%EBP	0x80483de	0xffffd050	0xffffd050	0xf7fbaddc	0xffffd05c 0x80483f3 0x7 0xffffd068 0x8048402 0x7
mov 0x8 (%EBP),%eax	0x80483e1	0xffffd050	0xffffd050	0x7	0xffffd05c 0x80483f3 0x7 0xffffd068 0x8048402 0x7
Add $0x1336495,%eax	0x80483e6	0xffffd050	0xffffd050	0x133649c	0xffffd05c 0x80483f3 0x7 0xffffd068 0x8048402 0x7
Pop%EBP	0x80483e7	0xffffd054	0xffffd05c	0x133649c	0X80483F3 0x7 0xffffd068 0x8048402 0x7
Ret	0x80483f3	0xffffd058	0xffffd05c	0x133649c	0x7 0xffffd068 0x8048402 0x7
Add $0x4,%esp	0x80483f6	0xffffd05c	0xffffd05c	0x133649c	0xffffd068 0x8048402 0x7
Leave	0x80483f7	0xffffd060	0xffffd068	0x133649c	0x8048402 0x7
Ret	0x8048402	0xffffd064	0xffffd068	0x133649c	0x7
Add $0x4,%esp	0x8048405	0xffffd068	0xffffd068	0x133649c	Empty
Add $0x1,%eax	0x8048408	0xffffd068	0xffffd068	0x133649d	Empty
Leave	0x8048409	0xffffd06c	0x0	0x133649d

GDB Debug Assembler Stack