How to use Objdump – Intel Syntax – The Visual Guide
1. Step 1 – Write your C program
Pico created our c program – called firstprog.c.
2. Compile the C program using GCC.
ls -l a.out
Step 3 – Objdump to display first 20 lines
objdump -D a.out | grep -A20 main.:
Grep is set to display 20 lines after the regular expression main.:
Each byte is denoted by 2 hexadecimal digits.
Assembly has 2 versions or syntax, AT&T or Intel. Often the Intel format is easier to read.
Step 4 – Change Objdump to Intel Syntax.
objdump -M intel -D a.out | grep -A20 main.:
Nope… that’s not intel format is it. ummh, interesting. Okay, if we intend to use Intel syntax assembly language, we need to configure this syntax inside GDB.
Step 5 – Configure Intel Syntax Assembly inside GDB
(gdb) set dis intel
Now we double check intel has been set
echo “set dis intel” > ~/.gdbinit
Intel syntax reads as <destination> <source>
Step 6 – Compile GCC with -g
The -g flag can be used by the GCC compiler to include extra debugging information, which will give GDB access to the source code.
gcc -g firstprog.c
ls -l a.out
gdb -q ./a.out
(gdb) disassemble main
Woohoo!! Intel Syntax!!
Step 7 – Locate the address of EIP
(gdb) break main
(gdb) info register eip
EIP = Ox80484666 –
Did you know that a short hand version of this command reads as:
i r eip
Step 8 – Using GDB X for examine command
GDB provides many ways to examine memory using the x command, short for examine of course. The debugger allows us to directly reference the EIP register (as $eip). x = examine and 2nd x = display in hexadecimal.
$eip = the EIP register
ps if you’re struggling without a UK keyboard… use this command to get a UK keyboard
Erickson, J. (2008). Hacking: The Art of Exploitation, 2nd edn. San Francisco: No Starch Press.