# Reverse Engineering - Intro Demo

1. Write simple C program

```
#include <stdio.h>

int main()
{
    int i;
    for(i=0; i < 10; i++)
    {
        puts("Hello World\n");
    }
    return 0;
}
```

##### Compile Program
`$ gcc simpleprog.c`

##### View Machine Language Output
`$ cat a.out` 

##### Use objdump to view assembly 
`objdump -D a.out //look for main section and explain headers`

`objdump -D a.out | grep -A20 main.:` 

or 

`objdump -D a.out -M intel | grep -A20 main.:` 

1. Explain each byte is represented in hex
1. First number is location in memory
1. Middle number is really binary in memory location to the CPU but shown as hex for readability
1. Right most values are assembly and usually involve an instruction and an optional source/destination

##### Use gdb to debug compiled binary
```
gdb -q ./a.out
(gdb) break main
Breakpoint 1 at ... //Can show this is the same memory location as shown in objdump output
run
(gdb) info registers //view current register values
rax //Accumulator
rbx //Base
rcx //Counter
rdx //Data
rsi //Source Index
rdi //Destination Index
rbp //Base Pointer
rsp //Stack Pointer
```

##### Walk through each instruction in objdump and view register values
`$ gcc -g simpleprog.c //compile with debugging info`

`$ gdb -q a.out`
```
(gdb) list
//shows code output
(gdb) disassemble main
//shows assembly output
(gdb) break main
(gdb) run
//shows current line of code
(gdb) info register eip //shows the current instruction pointer
(gdb) disassemble main //shows the current line of debugging, matching value in rip
```

##### Inspect memory during debugging
```
(gdb)inspect register rip
//output will be memory address in instruction pointer
(gdb) x/o 0x8043333 //octal
(gdb) x/x $rip //hex
(gdb) x/u $rip //unsigned/base 10 decimal
(gdb) x/t $rip //binary
```

#### TODO: Finish from p. 30 in art of exploitation book

