Part 35 - x64 C++ 2 Debug [Part 2]

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

Let’s review our code:

Part 35 - x64 C++ 2 Debug [Part 2] - 图1

Compile:

Part 35 - x64 C++ 2 Debug [Part 2] - 图2

Run:

Part 35 - x64 C++ 2 Debug [Part 2] - 图3

For literally years I have been using GDB as the debugger of choice. The reason is that it is on every Linux based system which runs just about every IoT and Server in the world. In addition, there are versions for Windows.

I have struggled hard with this but have decided to introduce another terminal based debugger called Radare 2. The reason I like Radare 2 so much is that it is still terminal based yet more robust with its feature set. If you are running a Kali Linux VM like I am here you can simply the below.

Let’s open up our binary for write mode and simply analyze the binary.

Part 35 - x64 C++ 2 Debug [Part 2] - 图4

Ok, there is a lot going on here. Let’s break it down. First, we open up Radare 2 in write mode by typing ‘r2 -w ./1‘ and then use the ‘aaa‘ command to analyze the binary. We then use ‘s sym.main‘ to seek to the main routine of the binary which is our entry point. We then do a ‘pdf‘ command to disassemble the binary.

We see what we refer to as the prologue where we push rbp the stack base pointer onto the stack. We then move rsp into rbp for safe keeping and then we reserve 0x10 hex bytes or 16 decimal bytes on the stack to make room for our string.

If none of this makes sense please go back to the beginning of the tutorial series to review basic assembly and the registers as it is CRITICAL you understand this before we move forward.

We can clearly see the qword of ‘Hello World\n‘ at memory address 0x2005 and then we see our C++ library call for the output stream which is cout to display our string to the terminal.

Let’s examine 0x2005 to verify that our string is at that location:

Part 35 - x64 C++ 2 Debug [Part 2] - 图5

Next week we will hack the value and modify the binary. I highly encourage you all to install VirtualBox which is free and get the Kali Linux VirtualBox image and install Vim as well.

There are tutorials on all of this in my prior series. Stay tuned for the hack next week!