Skip to content

How to use Objdump – Intel Syntax – The Visual Guide

06/03/2014

1. Step 1 – Write your C program

Pico created our c program – called firstprog.c.

firstprog.c

2. Compile the C program using GCC.

gcc firstprog.c

ls -l a.out

./a.out

firstprog compile and run

Step 3 – Objdump to display first 20 lines

objdump -D a.out | grep -A20 main.:

firstprog objdump 1

Grep is set to display 20 lines after the regular expression main.:

Each byte is denoted by 2 hexadecimal digits.

Assembly has 2 versions or syntax, AT&T or Intel.  Often the Intel format is easier to read.

Step 4 – Change Objdump to Intel Syntax.

objdump -M intel -D a.out | grep -A20 main.:

firstprog intel

Nope… that’s not intel format is it.  ummh, interesting.  Okay, if we intend to use Intel syntax assembly language, we need to configure this syntax inside GDB.

Step 5 – Configure Intel Syntax Assembly inside GDB

gdb -q

(gdb) set dis intel

(gdb) quit

gdb intel

Now we double check intel has been set

echo “set dis intel” > ~/.gdbinit

cat ~/.gdbinit

gdb echo

Intel syntax reads as <destination> <source>

*****

Step 6 – Compile GCC with -g

The -g flag can be used by the GCC compiler to include extra debugging information, which will give GDB access to the source code.

gcc -g firstprog.c

ls -l a.out

firstprog -g

gdb -q ./a.out

gdb -q

(gdb) list

gdb list

(gdb) disassemble main

gdb intel output

Woohoo!!  Intel Syntax!!

*******

Step 7 – Locate the address of EIP

(gdb) break main

(gdb) run

(gdb) info register eip

firstprog eip

EIP = Ox80484666 –

Did you know that a short hand version of this command reads as:

i r eip

gdb ir eip

Step 8 – Using GDB X for examine command

GDB provides many ways to examine memory using the x command, short for examine of course.  The debugger allows us to directly reference the EIP register (as $eip). x = examine and 2nd  x = display in hexadecimal.

$eip = the EIP register

x/2x $eip

x/8x $eip

gdb eip 8The number assigned before $eip denotes the multiple memory addresses that can be examined.

****

ps if you’re struggling without a UK keyboard… use this command to get a UK keyboard

loadkeys uk

Reference:

Erickson, J.   (2008).   Hacking: The Art of Exploitation, 2nd edn.  San Francisco: No Starch Press.

******

How to compile a C program into assembly code.

https://uwnthesis.wordpress.com/2014/02/28/red-hat-how-to-compile-a-c-program-into-assembly-code/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: