product iamge

Foundations of ARM64 Linux Debugging, Disassembling, and Reversing: Analyze Code, Understand Stack Memory Usage, and Reconstruct Original C/C++ Code with ARM64

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Gain a solid understanding of how Linux C and C++ compilers generate binary code. This book explains the reversing and binary analysis of ARM64 architecture now used by major Linux cloud providers and covers topics ranging from writing programs in assembly language, live debugging, and static binary analysis of compiled C and C++ code. It is ideal for those working with embedded devices, including mobile phones and tablets.

Using the latest version of Red Hat, you'll look closely at the foundations of diagnostics of core memory dumps, live and postmortem debugging of Linux applications, services, and systems. You'll also work with the GDB debugger and use it for disassembly and reversing. This book uses practical step-by-step exercises of increasing complexity with explanations and many diagrams, including some necessary background topics.  In addition, you will be able to analyze such code confidently, understand stack memory usage, and reconstruct original C/C++ code.  

And as you'll see, memory forensics, malware, and vulnerability analysis, require an understanding of ARM64 assembly language and how C and C++ compilers generate code, including memory layout and pointers. This book provides the background knowledge and practical foundations you’ll need to understand internal Linux program structure and behavior.  

Foundations of ARM64 Linux Debugging, Disassembling, and Reversing is the perfect companion to Foundations of Linux Debugging, Disassembling, and Reversing for readers interested in the cloud or cybersecurity.


 What You'll Learn
  • Review the basics of ARM64 assembly language
  • Examine the essential GDB debugger commands for debugging and binary analysis 
  • Study C and C++ compiler code generation with and without compiler optimizations 
  • Look at binary code disassembly and reversing patterns
  • See how pointers in C and C++ are implemented and used
Who This Book Is For

Software support and escalation engineers, cloud security engineers, site reliability engineers, DevSecOps, platform engineers, software testers, Linux C/C++ software engineers and security researchers without ARM64 assembly language background, and beginners learning Linux software reverse engineering techniques.

Author(s): Dmitry Vostokov
Edition: 1
Publisher: Apress
Year: 2023

Language: English
Pages: 184
City: Berkeley, CA
Tags: Linux; GNU Debugger; Diagonistics; ARM64; C; C++; Core Dump Analysis; Memory Dump Analysis; Binary Analysis

Table of Contents
About the Author
About the Technical Reviewer
Preface
Chapter 1: Memory, Registers, and Simple Arithmetic
Memory and Registers Inside an Idealized Computer
Memory and Registers Inside ARM 64-Bit Computer
“Arithmetic” Project: Memory Layout and Registers
“Arithmetic” Project: A Computer Program
“Arithmetic” Project: Assigning Numbers to Memory Locations
Assigning Numbers to Registers
“Arithmetic” Project: Adding Numbers to Memory Cells
Incrementing/Decrementing Numbers in Memory and Registers
Multiplying Numbers
Summary
Chapter 2: Code Optimization
“Arithmetic” Project: C/C++ Program
Downloading GDB
GDB Disassembly Output – No Optimization
GDB Disassembly Output – Optimization
Summary
Chapter 3: Number Representations
Numbers and Their Representations
Decimal Representation (Base Ten)
Ternary Representation (Base Three)
Binary Representation (Base Two)
Hexadecimal Representation (Base Sixteen)
Why Are Hexadecimals Used?
Summary
Chapter 4: Pointers
A Definition
“Pointers” Project: Memory Layout and Registers
“Pointers” Project: Calculations
Using Pointers to Assign Numbers to Memory Cells
Adding Numbers Using Pointers
Incrementing Numbers Using Pointers
Multiplying Numbers Using Pointers
Summary
Chapter 5: Bytes, Halfwords, Words, and Doublewords
Using Hexadecimal Numbers
Byte Granularity
Bit Granularity
Memory Layout
Summary
Chapter 6: Pointers to Memory
Pointers Revisited
Addressing Types
Registers Revisited
NULL Pointers
Invalid Pointers
Variables As Pointers
Pointer Initialization
Initialized and Uninitialized Data
More Pseudo Notation
“MemoryPointers” Project: Memory Layout
Summary
Chapter 7: Logical Instructions and PC
Instruction Format
Logical Shift Instructions
Logical Operations
Zeroing Memory or Registers
Program Counter
Code Section
Summary
Chapter 8: Reconstructing a Program with Pointers
Example of Disassembly Output: No Optimization
Reconstructing C/C++ Code: Part 1
Reconstructing C/C++ Code: Part 2
Reconstructing C/C++ Code: Part 3
Reconstructing C/C++ Code: C/C++ Program
Example of Disassembly Output: Optimized Program
Summary
Chapter 9: Memory and Stacks
Stack: A Definition
Stack Implementation in Memory
Things to Remember
Stack Push Implementation
Stack Pop Implementation
Register Review
Application Memory Simplified
Stack Overflow
Jumps
Calls
Call Stack
Exploring Stack in GDB
Summary
Chapter 10: Frame Pointer and Local Variables
Stack Usage
Register Review
Addressing Array Elements
Stack Structure (No Function Parameters)
Function Prolog
Raw Stack (No Local Variables and Function Parameters)
Function Epilog
“Local Variables” Project
Disassembly of Optimized Executable
Summary
Chapter 11: Function Parameters
“FunctionParameters” Project
Stack Structure
Function Prolog and Epilog
Project Disassembled Code with Comments
Parameter Mismatch Problem
Summary
Chapter 12: More Instructions
PSTATE Flags
Testing for 0
TST – Logical Compare
CMP – Compare Two Operands
TST or CMP?
Conditional Jumps
Function Return Value
Summary
Chapter 13: Function Pointer Parameters
“FunctionPointerParameters” Project
Commented Disassembly
Summary
Chapter 14: Summary of Code Disassembly Patterns
Function Prolog/Epilog
ADR (Address)
Passing Parameters
Accessing Saved Parameters and Local Variables
Summary
Index