Search⌘ K
AI Features
Home
Courses
Foundations of Linux ARM64: Debug, Disassemble, and Reverse

Reconstructing the C/C++ Code

Explore how to methodically reconstruct C/C++ code from ARM64 assembly and pseudocode using GDB. Understand pointer initialization, arithmetic operations, and memory manipulation to rebuild a complete program from disassembly output.

We'll cover the following...

Mixed assembly/pseudocode code

Now, we go from instruction to instruction and try to reconstruct the pseudocode, which is shown as comments against assembly language code.

C++
adrp    x0, 0x420000
add     x0, x0, #0x30          // x0 <- address var1 (0x420030)
adrp    x1, 0x420000           //
add     x1, x1, #0x28          // x1 <- address var2 (0x420028)
str     x1, [x0]               // [x0] <- x1
adrp    x0, 0x420000           //
add     x0, x0, #0x38          // x0 <- address var3 (0x420038)
adrp    x1, 0x420000
add     x1, x1, #0x2c          // x1 <- address var4 (0x42002c)
str     x1, [x0]               // [x0] <- x1

This code calculates the effective address, which it stores in a register. It then assigns the register value to the integer pointer. We do the same process for the other variable and store the other register value to the other integer pointer.

C++
adrp    x0, 0x420000
add     x0, x0, #0x30     // x0 <- address var1 (0x420030)
ldr     x0, [x0]          // x0 <- [x0]
mov     w1, #0x1          // w1 <- 1
str     w1, [x0]          // [x0] <- w1
adrp    x0, 0x420000
add     x0, x0, #0x38     // x0 <- address var3 (0x420038)
ldr     x0, [x0]          // x0 <- [x0]
mov     w1, #0x1          // w1 <- 1
str     w1, [x0]          // [x0] <- w1

The code snippet ...