130 likes | 283 Views
Disassembly. תרגול 7 ניתוח קוד. How to - Disassembly of code. Compilation of code: gcc code.c We get the file: a.out Disassembly: objdump -d a.out We get an assembly-like code that represents the c code appeared in file code.c Objdump –t a.out
E N D
Disassembly תרגול 7ניתוח קוד
How to - Disassembly of code Compilation of code: gcc code.c We get the file: a.out Disassembly: objdump -d a.out We get an assembly-like code that represents the c code appeared in file code.c Objdump –t a.out This will print out the symbol table of the file. The symbol table includes the names of all functions and global variables in the file, the names of all the functions being called by the file, and their addresses.
Basic: • Many times when we work with an executive file we are interested in the code behind it. • We can use the disassembly option or the debugger option in order to analyze the executive file, and understand what it does. • Sometimes we want to use both options. • Disassembly enable us to get an assembly-like file that represent the activity of the executive file.
Important aspects • In disassembly we only get the code of the functions in the files and functions that were used by the files. • We don’t get the code of the system’s functions (printf, scanf…). • We don’t get the values of global constants or strings. • Many times there are optimizations or nops added by the compiler – which make it harder to understand. For example, • nop • xchg %cx, %cx
An example • While using disassember there are many global general functions added (init, start) usually we don’t care about them. • Show disass.asm
Byte 0 1 2 3 4 5 nop 0 0 addl 6 0 halt 1 0 subl 6 1 rrmovl rA, rB 2 0 rA rB andl 6 2 irmovl V, rB 3 0 8 rB V xorl 6 3 rmmovl rA, D(rB) 4 0 rA rB D jmp 7 0 mrmovl D(rB), rA 5 0 rA rB D jle 7 1 OPl rA, rB 6 fn rA rB jl 7 2 jXX Dest 7 fn Dest je 7 3 call Dest 8 0 Dest jne 7 4 ret 9 0 jge 7 5 pushl rA A 0 rA 8 jg 7 6 popl rA B 0 rA 8 Y86 Instruction Set
hello: • Address 0x08048520 does not appear in the disassembly code we can see. • What does that tell us? • How can we find out what is its value?
hello: • Function “puts” is a simplified version of the printf() function. It doesn’t have all printf formats and it always put the newline character in the end of its strings.
even: • What kind of a loop is it?
main: Cleaning up the stack!