Part 10 - Debugging Character Primitive Datatype

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/hacking\_c-\_arm64

Today we are going to debug our very simple character primitive datatype.

To begin let's open up our binary in Radare2.

radare2 ./0x03_asm64_char_primitive_datatype

Let's take advantage of Radare2's auto analysis feature.

aaa

The next thing we want to do logically is fire up the program in debug mode so it maps the raw machine code from disk to a running process.

ood

Now that we have a running instance we can seek to the main entry point of the binary.

s main

Let us take an initial examination by doing the following.

v

We can see that at 0x5576bff9ec we are moving 0x63 or ascii 'c' into the w0 register. REMEMBER your address will be different due to ASLR.

Let's set a breakpoint at 0x5576bff9ec and verify the contents.

[0x5576bff9e4]> db 0x5576bff9ec
[0x5576bff9e4]> dc
hit breakpoint at: 0x5576bff9ec
[0x5576bff9ec]> dr w0
0x00000001
[0x5576bff9ec]> ds
[0x5576bff9ec]> dr w0
0x00000063
[0x5576bff9ec]>

This is very simple but let's break it down. We set our breakpoint and continued. We looked inside the register w0 and saw that the value is 0x01.

We then stepped once and looked again to see that 0x63 was successfully moved into w0 as now we see it does in fact contain 0x63.

If we dc again we see it echoed to the stdout as expected.

[0x5576bff9ec]> dc
c
(10845) Process exited with status=0x0
[0x7f9727503c]>

In our next lesson we will hack the char to another value of our choice.