If you are familiar with debugging under Windows, you may notice that gdb under linux has AT&T instead of intel asm syntax.
This can be changed using the command in gdb:
set disassembly-flavor intel
If you want to compile a c program to intel asm code, you can use the following syntax:
gcc test.c -S -o test.s -masm=intel
The -S switch generates assembly code instead of an executable.
To compile the code to an executable later on, run
gcc -gstabs test.s -o test
The gstabs switch is used to include debug symbols.
To turn off address space layout randomization use
sysctl -w kernel.randomize_va_space=0
as root.
Useful gdb commands:
start - Continues until the beginning of the main procedure
layout command for changing views! - Very useful
lay asm, lay src, lay reg
If you have no debug output compiled and you want to step through asm code use the stepi nexti commands!
Display the current instruction: x/i $pc
step - next instruction
break *address - break at an address where no source is available
x/50bx address - displays 50 bytes starting from address in x (hexadecimal), d is decimal, x/s displays a string
Also strace is a very useful command for monitoring system calls a program executes...
f.e.: strace -o strace_ls_output.txt ls
Tips for assembler in linux
Use
nasm -o shellcd shellcd.s
to compile an assembler code snippet to binary code.
Example snippet:
BITS 32
pop esi
xor eax, eax
mov al,36
int 0x80
mov al,36
int 0x80
mov al, 88
mov ebx, 0xfee1dead
mov ecx, 672274793
mov edx, 0x1234567
int 0x80
To disassemble that snippet, use:
ndisasm -u ./shellcd
The -u switch uses 32bit mode...
The ldd command is helpful for checking which dependencies a library or an executable has.
Use it like: ldd name