0

enter image description here

you'll need to save the image to read the instructions in the image

well, here's the problem.

I'm working on a bomblab just for killtime and I'm stuck with the issue

of different assembly code generation of objdump and gdb.

my laptop is running 64-bit Ubuntu 14.04 LTS and

I've installed 32bit glibc to work on bomblab.(since it's compiled in 32-bit env)

well, first the symbols aren't showing and I don't really get what gdb is spitting out.

Can someone explain me what's going on?

ksp0422
  • 349
  • 1
  • 4
  • 14
  • Waht do you get in gdb if you disassemble `phase_2` before running the code? – mofoe May 06 '14 at 12:04
  • @mofoe in fact, I can't get the disassembled result before running the code – ksp0422 May 06 '14 at 12:33
  • oh. any idea why that is? what happens if you open gdb and enter > `disas phase_2` ? – mofoe May 06 '14 at 13:54
  • remove the breakpoint at `phase_2` after it's hit, then `disass` the code and see whether it looks more like what you expect. The `int3` is the breakpoint instruction the debugger placed there, and a few following disassembled instructions are going to be wrong until the series of instructions gets "resynchronized". – Mark Plotnick May 06 '14 at 15:33
  • Good point! id up vote this comment! – mofoe May 06 '14 at 15:59
  • @MarkPlotnick ahh~ thnx now it works, but what was the problem? I mean why is it different? – ksp0422 May 06 '14 at 16:06
  • It's different because `gdb` placed a breakpoint instruction near the top of `phase_2`. I've written an explanation below. – Mark Plotnick May 06 '14 at 20:07

1 Answers1

1

When you placed a breakpoint at phase_2, gdb patched the running image to place an int3 instruction at 0x8048b50, which is just after phase_2's function prologue has finished setting up the stack frame. So instead of

0x8048b50: 8b  mov edx,DWORD PTR [ebp+0x8]
0x8048b51: 55
0x8048b52: 08

you now have

0x8048b50: cc  int3
0x8048b51: 55  push ebp
0x8048b52: 08  first byte of an 'or' instruction

and that is what gdb is displaying. Eventually things get synced back up and the disassemble command starts to display the correct series of instructions.

The difference in what is displayed won't affect correct execution of the program; before proceeding from the breakpoint, gdb will either place that 8b byte back into the image or it will synthetically execute the mov instruction and then continue execution at 0x8048b53.

Mark Plotnick
  • 9,598
  • 1
  • 24
  • 40