Lab 2 - Command Line Debugging Tools Continued

This is a continuation of Lab 1, where we are learning standard command-line debugging tools that can be used in Unix/Linux systems (with equivalents on other operating systems). These tools allow you to investigate a piece of binary code, even if you do not have the source code available.

Today we are going to focus on "dumping" tools, as opposed to interactive tools like gdb. These tools dump all information that can be extracted from the executable to stdout or a file.

For this lab, continue to use lab1.cpp from Lab 1. Also feel free to try out all these tools, including gdb, on your own code. This is strongly encouraged.

Resources

Part 1 - Strings command

The strings command extracts human-readable information from any file, including executables. Depending on how the executable is compiled and processed, this can reveal information such as the function and variable names, pathways on the developer's system, and so on.

The strings command can be very verbose, so I recommend piping it to less (or redirecting to a file): 

strings <filename> | less
This may or may not reveal much information, depending on how the executable was compiled. For example, you might not get much insight beyond what libraries the executable uses and string-based prompts/print-outs in the program.

Part 2 - Hex editors

The real "old school" way of debugging an executable is to fire up a command line hex reader or hex editor and break out your binary to assembly manually. While this can be a tiresome task for debugging a large program, it is still useful to know how to view a binary file in hexadecimal (or binary) format.

To simply dump the contents of a file in hex, use the following: 

hexdump <filename>
This can be rather wordy, so another common technique is to invoke the xxd command from within the vi editor to display the file in hex (with a sidebar of ASCII). Open the binary file in vi and then issue the following vi command to convert it to hex: 
:%!xxd
You can then use standard vi commands to move around (and change, although I don't recommend trying to make changes at this point) the binary file. When you are done, you can issue the following vi command to convert back to binary: 
:%!xxd -r
Or if you've made no changes, you can just use :q! to quit vi without saving.

Part 3 - Readelf command

The readelf command dumps information about an ELF format executable (the executable format for Linux). In some cases, readelf will even show the original source code filename in the output.

You must give a display option to readelf, refer to the man page or the above tutorial for more information on the display options. The most common option to begin with is --all (abbreviated -a), as in the following: 

readelf -a <filename> | less
Again, this is a verbose command, so piping to less or redirecting to a file is recommended.

Part 4 - Objdump command

The objdump command is a non-interactive way to disassemble a binary. It can be more useful on stripped binaries than gdb, but can also generate a lot more information to dig through.

As with readelf, there are many display options for objdump. The simplest for disassembly is --disassemble (abbreviated -d) or --disassemble-all (abbreviated -D): 

objdump -d <filename> | less

What to Do for the Lab

Try out all of these commands on the debugging info (-g option), "don't care" (just use g++), and stripped binaries created from lab1.cpp (or your own source code). Compare this information to the information you gleaned in gdb during Lab 1.

What to Turn In

This is a skills-based lab, so you can either call me over during class to look at your terminal buffer to see that you've tried all portions of the lab (instant grading! highly recommended!).... OR .... you can upload a log file of your terminal session to Moodle (and I don't guarantee the speediness of grading).

Update: Forgot to update this section for virtual operation. Submit a log of your terminal session to Moodle. See the screen tutorial for more information on logging your terminal session if your terminal software does not support logging.