Published on

comp3703 Lab1

Table of Contents

Task 1

  • Executable header
readelf -h /bin/cat
  • Section headers
readelf -S -W /bin/cat
  • Writeable sections
readelf -S -W /bin/cat | grep "W"

Make sure the .text section is executable and not writeable

  • Offset to dynamic symbol section
readelf -S -W /bin/cat | grep ".dynsym"
  • Disassembly of all sections containing instructions
objdump -x /bin/cat
  • Content of the .rodata section
objdump -s --section .rodata /bin/cat

or through readelf

Task 2

2a

objdump -dj .text hello
0000000000401126 <main>:
  401126:	55                   	push   rbp
  401127:	48 89 e5             	mov    rbp,rsp
  40112a:	bf 04 20 40 00       	mov    edi,0x402004
  40112f:	e8 fc fe ff ff       	call   401030 <puts@plt>
  401134:	b8 00 00 00 00       	mov    eax,0x0
  401139:	5d                   	pop    rbp
  40113a:	c3                   	ret    
  40113b:	0f 1f 44 00 00       	nop    DWORD PTR [rax+rax*1+0x0]

Looking at main, 40112a: bf 04 20 40 00 mov edi,0x402004

objdump -sj .rodata hello

2b

binary@comp3703:~/Documents/lab1$ objdump -M intel -d count_me.o 


count_me.o:     file format elf64-x86-64




Disassembly of section .text:


0000000000000000 <.text>:
   0:	55                   	push   rbp
   1:	48 89 e5             	mov    rbp,rsp
   4:	c7 45 fc 00 00 00 00 	mov    DWORD PTR [rbp-0x4],0x0
   b:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
   e:	83 c0 01             	add    eax,0x1
  11:	5d                   	pop    rbp
  12:	c3                   	ret    
  13:	55                   	push   rbp
  14:	48 89 e5             	mov    rbp,rsp
  17:	c7 45 fc 01 00 00 00 	mov    DWORD PTR [rbp-0x4],0x1
  1e:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
  21:	83 c0 02             	add    eax,0x2
  24:	5d                   	pop    rbp
  25:	c3                   	ret    
  26:	55                   	push   rbp
  27:	48 89 e5             	mov    rbp,rsp
  2a:	c7 45 fc 02 00 00 00 	mov    DWORD PTR [rbp-0x4],0x2
  31:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
  34:	83 c0 03             	add    eax,0x3
  37:	5d                   	pop    rbp
  38:	c3                   	ret    
  39:	55                   	push   rbp
  3a:	48 89 e5             	mov    rbp,rsp
  3d:	c7 45 fc 03 00 00 00 	mov    DWORD PTR [rbp-0x4],0x3
  44:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
  47:	83 c0 04             	add    eax,0x4
  4a:	5d                   	pop    rbp
  4b:	c3                   	ret    
  4c:	55                   	push   rbp
  4d:	48 89 e5             	mov    rbp,rsp
  50:	bf 00 00 00 00       	mov    edi,0x0
  55:	e8 00 00 00 00       	call   0x5a
  5a:	b8 00 00 00 00       	mov    eax,0x0
  5f:	5d                   	pop    rbp
  60:	c3                   	ret

5 functions, as there are distince moves setting the base pointier to the stack pointer of the next function.

2c

Running program is off by one

./off_by_one

Editing the assembly file,

original

.L3:
        mov     eax, DWORD PTR [rbp-20]
        cdqe
        mov     rax, QWORD PTR [rbp-16+rax*8]
        mov     rsi, rax
        mov     edi, OFFSET FLAT:.LC7
        mov     eax, 0
        call    printf
        mov     eax, 0

modified

.L3:
        mov     eax, DWORD PTR [rbp-20]
        cdqe
        mov     rax, QWORD PTR [rbp-24+rax*8]
        mov     rsi, rax
        mov     edi, OFFSET FLAT:.LC7
        mov     eax, 0
        call    printf
        mov     eax, 0

8 byte downwards so change rbp offset by 8 to fix the off by one error

2d (*)

Task 3