Gain insights into debugging C/C++ programs on Linux ARM64, delve into program disassembly, probe memory/register changes using GDB, and discover techniques for core dump analysis and assembly-level debugging.

Practical-Foundations-ARM64 Linus Debugging- Disassembly-Reversing.png

arm.tar.gz

Codeoptmization

Pointers_to_assign

Pointers

MemoryPointers

PointersAsVariables

PointersAsVariables-optimization

SimpleStack

LocalVariables

FunctionParameters

FunctionParameters-14

solution

FunctionParameters-14-copy

RawStack

MemoryPointers-copy

The GNU Debugger (GDB) is used for debugging C/C++ programs in LINUX/UNIX environments. It is a good tool to investigate what is happening inside a program and how the contents inside the memory are changed with the execution of the program.

The main focus of the course is the disassembly of the program. You’ll use the Linux ARM64 which is a popular RISC architecture. You’ll use simple operations in C/C++ such as assignment, increment, addition, multiplication. With the help of the GDB, you will probe into the contents of the registers and memory. You'll learn how they are changed while executing basic operations. With the help of the disassembly output, you’ll learn how a simple C/C++ program can be reconstructed. The disassembly output is important for debugging and core dump analysis.

By the end of this course, you should be able to debug the programs and memory contents at assembly level when a program executes or probe into the problem when a program crashes.

Foundations of Linux ARM64: Debug, Disassemble, and Reverse

## Function prolog

The sequence of instructions resulting in the initialization of the `sp` register, saving `x29` and `x30(lr)`, if there are further calls inside, and making room for local variables is called **function prolog**. One example of this is shown in the slides below, where `func` calls `func2`, which has one local variable, `var`. Sometimes saving necessary registers is also considered a part of a function prolog. 


# Function prolog

The sequence of instructions resulting in the initialization of the `sp` register, saving `x29` and `x30(lr)`, if there are further calls inside, and making room for local variables is called **function prolog**. One example of this is shown in the slides below, where `func` calls `func2`, which has one local variable, `var`. Sometimes saving necessary registers is also considered a part of a function prolog. 


 Learn how the frame pointers are updated during function prolog and epilog.

Functions in Frame Pointers and Local Variables

Learn how the frame pointers are updated during function prolog and epilog.

Introduction to the Course

Memory, Registers, and Simple Arithmetic

Code Optimization

Number Representations

Pointers

Bytes, Half Words, Words, and Double Words

Pointers to Memory

Logical Instructions and PC

Reconstructing a Program with Pointers

Memory and Stacks

Frame Pointer and Local Variables

Function Parameters

More Instructions

Function Pointer Parameters

Conclusion

ARM64 Linux Debugging, Disassembling, Reversing Exam

Functions in Frame Pointers and Local Variables

Function prolog