1 / 13

Disassembly

Disassembly. תרגול 7 ניתוח קוד. How to - Disassembly of code. Compilation of code: gcc code.c We get the file: a.out Disassembly: objdump -d a.out We get an assembly-like code that represents the c code appeared in file code.c Objdump –t a.out

Download Presentation

Disassembly

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Disassembly תרגול 7ניתוח קוד

  2. How to - Disassembly of code Compilation of code: gcc code.c We get the file: a.out Disassembly: objdump -d a.out We get an assembly-like code that represents the c code appeared in file code.c Objdump –t a.out This will print out the symbol table of the file. The symbol table includes the names of all functions and global variables in the file, the names of all the functions being called by the file, and their addresses.

  3. Basic: • Many times when we work with an executive file we are interested in the code behind it. • We can use the disassembly option or the debugger option in order to analyze the executive file, and understand what it does. • Sometimes we want to use both options. • Disassembly enable us to get an assembly-like file that represent the activity of the executive file.

  4. Important aspects • In disassembly we only get the code of the functions in the files and functions that were used by the files. • We don’t get the code of the system’s functions (printf, scanf…). • We don’t get the values of global constants or strings. • Many times there are optimizations or nops added by the compiler – which make it harder to understand. For example, • nop • xchg %cx, %cx

  5. An example • While using disassember there are many global general functions added (init, start) usually we don’t care about them. • Show disass.asm

  6. Byte 0 1 2 3 4 5 nop 0 0 addl 6 0 halt 1 0 subl 6 1 rrmovl rA, rB 2 0 rA rB andl 6 2 irmovl V, rB 3 0 8 rB V xorl 6 3 rmmovl rA, D(rB) 4 0 rA rB D jmp 7 0 mrmovl D(rB), rA 5 0 rA rB D jle 7 1 OPl rA, rB 6 fn rA rB jl 7 2 jXX Dest 7 fn Dest je 7 3 call Dest 8 0 Dest jne 7 4 ret 9 0 jge 7 5 pushl rA A 0 rA 8 jg 7 6 popl rA B 0 rA 8 Y86 Instruction Set

  7. main:

  8. hello: • Address 0x08048520 does not appear in the disassembly code we can see. • What does that tell us? • How can we find out what is its value?

  9. hello: • Function “puts” is a simplified version of the printf() function. It doesn’t have all printf formats and it always put the newline character in the end of its strings.

  10. main:

  11. even: • What kind of a loop is it?

  12. main: Cleaning up the stack!

  13. The C code:

More Related