How to walk through disassembly from the beginning on Linux?

Question

   │0x565554fd <main>                       lea    0x4(%esp),%ecx                      │
   │0x56555501 <main+4>                     and    $0xfffffff0,%esp                    │
   │0x56555504 <main+7>                     pushl  -0x4(%ecx)                          │
   │0x56555507 <main+10>                    push   %ebp                                │
   │0x56555508 <main+11>                    mov    %esp,%ebp                           │
   │0x5655550a <main+13>                    push   %ebx                                │
   │0x5655550b <main+14>                    push   %ecx                                │
   │0x5655550c <main+15>                    call   0x56555529 <__x86.get_pc_thunk.ax>  │
   │0x56555511 <main+20>                    add    $0x1acb,%eax                        │
B+>│0x56555516 <main+25>                    mov    %eax,%ebx                           │
   │0x56555518 <main+27>                    call   0x5655552d <swap>                   │
   │0x5655551d <main+32>                    mov    $0x0,%eax                           │
   │0x56555522 <main+37>                    pop    %ecx                                │
   │0x56555523 <main+38>                    pop    %ebx                                │
   │0x56555524 <main+39>                    pop    %ebp                                │
   │0x56555525 <main+40>                    lea    -0x4(%ecx),%esp                     │
   │0x56555528 <main+43>                    ret                                        │
   │0x56555529 <__x86.get_pc_thunk.ax>      mov    (%esp),%eax                         │
   │0x5655552c <__x86.get_pc_thunk.ax+3>    ret                                        │
   │0x5655552d <swap>                       push   %ebp                                │
   │0x5655552e <swap+1>                     mov    %esp,%ebp                           │
   │0x56555530 <swap+3>                     sub    $0x10,%esp                          │
   │0x56555533 <swap+6>                     call   0x56555529 <__x86.get_pc_thunk.ax>  │
   │0x56555538 <swap+11>                    add    $0x1aa4,%eax                        │
   │0x5655553d <swap+16>                    lea    0x3c(%eax),%edx                     │
   │0x56555543 <swap+22>                    lea    0x2c(%eax),%ecx                     │
   │0x56555549 <swap+28>                    lea    0x4(%ecx),%ecx

Here is the thing. Plz give me any clue how to use GDB walk through the assembly from the very beginning? Every time I start the program, it goes from the main() function, rather than the beginning of the __libc_start_main().

I would be hugely appreciate if anyone can do me this favour.

that will jump to __libc_start_main, and what I want should be walking through on the routine process — Edee, Nov 19 '19 at 07:08
When you break at `__libc_start_main` I believe you use `si` to step the assembler. — jww, Nov 19 '19 at 07:15
simple saying, how to start from 0x565554fd on my code snippet? — Edee, Nov 19 '19 at 07:19

score 3 · Answer 1 · answered Nov 19 '19 at 08:30

Use GDB's starti command to run, but stop before the first user-space instruction (even if that's inside the dynamic linker). It's like setting a temporary breakpoint on the entry point before run. With older GDB versions that don't support starti, there are hacks like b *0 to create an invalid breakpoint which you then remove after using run. (Stopping at the first machine code instruction in GDB)

Or if you only want to start at __libc_start_main instead of your _start or the dynamic linker's _start, set a breakpoint there.

From there you can use si (aka stepi) to single-step by instructions.

You probably want layout reg or layout asm for this.

You might want to build a non-PIE executable (gcc -no-pie -fno-pie), although either way the dynamic linker will execute some code before jumping to your executable's _start.

how to start from 0x565554fd on my code snippet?

That's a totally different question.

That's just the top of main

GDB is partly designed for C debugging, and sometimes likes to save you the trouble of dealing with function prologues. In this case, 32-bit main's prologue aligns the stack and gets a GOT pointer using PC-relative methods (because it's a PIE executable).

You could just b *0x565554fd and run your program again.

Or with a non-PIE, you can easily get the real address of main before running the first time.

You can use `b *main` to break at the very first instruction of `main`, rather than having to type out the address. — Andrew, Nov 21 '19 at 16:17

How to walk through disassembly from the beginning on Linux?

1 Answers1