ASM 110: Gdb (30 pts)

What You Need

A Google Cloud Debian 10 Linux Server

Purpose

To practice debugging simple 32-bit assembly code.

Hello, World in Assembler

Create this "hello.asm" file:

section .text global _start _start: mov edx, len mov ecx, msg mov ebx, 1 mov eax, 4 int 0x80 mov eax, 1 int 0x80 section .data msg db "Hello World!" len equ $ - msg

Execute these commands to compile, link, and run the program:

nasm -f elf32 hello.asm ld -m elf_i386 -o hello hello.o ./hello

The program runs, as shown below.

Debugging

Execute this command to debug the "hello" program:

gdb -q hello

The Gnu debugger opens, as shown below.

Execute this command to disassemble the code from the _start location:

disassemble _start

Notice the third command, outlined in green in the image below.

The command we entered in the hello.asm source code was:

mov ebx, 1

However, the arguments are reversed in the debugger.

Using Intel Format

In gdb, execute these commands:

set disassembly-flavor intel disassemble _start

Now the code resembles the source code more closely, as shown below.

Compare that output to the assembly code you wrote and notice these things:

Line 1: the constant "len" was resolved to its value of 0xc
Line 2: the address of the string "msg" appears in hex format
The other lines are exactly as they appeared in the source file

Breakpoints

In gdb, execute these commands:

break * _start + 10 break * _start + 15 run info registers

The program runs to the first breakpoint, just before the "mov ebx, 0x1" command, and displays the registers, as shown below.

Notice these things:

edx contains 0xc, because the "mov edx, 0xc" command has been executed
ecx contains 0x804a000, because the "mov ecx, 0x804a000" command has been executed
ebx does not contain 0x1, because "mov ebx, 0x1" command has not been executed

In gdb, execute these commands:

continue info registers

The program runs to the second breakpoint, just after the "mov ebx, 0x1" command, and displays the registers, as shown below.

Now ebx contains 0x1.

Memory Segments

In gdb, execute this command:

info proc mappings

The memory segments used by the program are listed, as shown below.

ASM 110.1: Data (5 pts)
In gdb, execute this command:
x/4x ($ecx)
The flag is covered by a green rectangle in the image below.
After getting the flag, execute these commands to exit gdb:
q y

ASM 110.2: Extra Command (10 pts)
In the shell, execute these commands:
sudo apt update sudo apt install wget -y wget https://samsclass.info/127/proj/ASM110-2 chmod +x ASM110-2 ./ASM110-2
The program prints out a lot of extra garbage after the desired "Hello, World!" message, as shown below.
There is one extra line of assembly code in the program causing that problem. Find the extra line. Submit that entire line as the flag.

ASM 110.3: Crash (15 pts)
In the shell, execute these commands:
wget https://samsclass.info/127/proj/ASM110-3 chmod +x ASM110-3 ./ASM110-3
The program crashes with a "Segmetation fault" error.
Find the command that caused the crash. That command, in Intel format, is the flag.

Sources

System calls in the Linux kernel. Part 1.
X86 Assembly/Interfacing with Linux
Linux System Call Table (32-bit)
List of Linux/i386 system calls
Assembly Programming Tutorial

Posted 7-16-2020
Hint added to ASM 100.18 7-17-2020