Practical Foundations of Linux Debugging, Disassembling, Reversing: Training Course
- Length: 176 pages
- Edition: 1
- Language: English
- Publisher: Opentask
- Publication Date: 2021-01-03
- ISBN-10: 1912636344
- ISBN-13: 9781912636341
- Sales Rank: #3194717 (See Top 100 Books)
This training course is a Linux version of the previous Practical Foundations of Windows Debugging, Disassembly, Reversing book. It also complements Accelerated Linux Core Dump Analysis training course.
Although the book skeleton is the same as its Windows predecessor, the content was revised entirely because of a different operating system, debugger (GDB), toolchain (GCC, assembler, linker), application binary interface, and even an assembly language flavor, AT&T.
The course is useful for:
- Software technical support and escalation engineers
- Software engineers coming from JVM background
- Software testers
- Engineers coming from non-Linux environments, for example, Windows or Mac OS X
- Linux C/C++ software engineers without assembly language background
- Security researchers without assembly language background
- Beginners learning Linux software reverse engineering techniques
This book can also be used as x64 assembly language and Linux debugging supplement for relevant undergraduate level courses.
Contents Preface About the Author Chapter x64.1: Memory, Registers, and Simple Arithmetic Memory and Registers inside an Idealized Computer Memory and Registers inside Intel 64-bit PC “Arithmetic” Project: Memory Layout and Registers “Arithmetic” Project: A Computer Program “Arithmetic” Project: Assigning Numbers to Memory Locations Assigning Numbers to Registers “Arithmetic” Project: Adding Numbers to Memory Cells Incrementing/Decrementing Numbers in Memory and Registers Multiplying Numbers Chapter x64.2: Code Optimization “Arithmetic” Project: C/C++ Program Downloading GDB GDB Disassembly Output – No Optimization GDB Disassembly Output – Optimization Chapter x64.3: Number Representations Numbers and Their Representations Decimal Representation (Base Ten) Ternary Representation (Base Three) Binary Representation (Base Two) Hexadecimal Representation (Base Sixteen) Why are Hexadecimals used? Chapter x64.4: Pointers A Definition “Pointers” Project: Memory Layout and Registers “Pointers” Project: Calculations Using Pointers to Assign Numbers to Memory Cells Adding Numbers Using Pointers Incrementing Numbers Using Pointers Multiplying Numbers Using Pointers Chapter x64.5: Bytes, Words, Double, and Quad Words Using Hexadecimal Numbers Byte Granularity Bit Granularity Memory Layout Chapter x64.6: Pointers to Memory Pointers Revisited Addressing Types Registers Revisited NULL Pointers Invalid Pointers Variables as Pointers Pointer Initialization Initialized and Uninitialized Data More Pseudo Notation “MemoryPointers” Project: Memory Layout Chapter x64.7: Logical Instructions and RIP Instruction Format Logical Shift Instructions Logical Operations Zeroing Memory or Registers Instruction Pointer Code Section Chapter x64.8: Reconstructing a Program with Pointers Example of Disassembly Output: No Optimization Reconstructing C/C++ Code: Part 1 Reconstructing C/C++ Code: Part 2 Reconstructing C/C++ Code: Part 3 Reconstructing C/C++ Code: C/C++ program Example of Disassembly Output: Optimized Program Chapter x64.9: Memory and Stacks Stack: A Definition Stack Implementation in Memory Things to Remember PUSH Instruction POP instruction Register Review Application Memory Simplified Stack Overflow Jumps Calls Call Stack Exploring Stack in GDB Chapter x64.10: Frame Pointer and Local Variables Stack Usage Register Review Addressing Array Elements Stack Structure (No Function Parameters) Function Prolog Raw Stack (No Local Variables and Function Parameters) Function Epilog “Local Variables” Project Disassembly of Optimized Executable Chapter x64.11: Function Parameters “FunctionParameters” Project Stack Structure Function Prolog and Epilog Project Disassembled Code with Comments Parameter Mismatch Problem Chapter x64.12: More Instructions CPU Flags Register The Fast Way to Fill Memory Testing for 0 TEST - Logical Compare CMP – Compare Two Operands TEST or CMP? Conditional Jumps The Structure of Registers Function Return Value Using Byte Registers Chapter x64.13: Function Pointer Parameters “FunctionPointerParameters” Project Commented Disassembly Chapter x64.14: Summary of Code Disassembly Patterns Function Prolog / Epilog LEA (Load Effective Address) Passing Parameters Accessing Parameters and Local Variables
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.