Lab 4 -- Exploring Executable Code.

Due date : October 1st, 2012, 11:59pm

You may work in groups for this lab. Each group can turn in one writeup.

I have generated two executables with two different optimization levels (-O0 and -O1). First, download them: testO1 and testO0. This program has been compiled on the jazz machines --- I recommend you perform your investigation on one of the jazz machines as well.

Once you have the program, you can use gdb, objdump, and strings on the executable file.

gdb
The GNU debugger, this is a command line debugger tool available on virtually every platform. You can trace through a program line by line, examine memory and registers, look at both the source code and assembly code (in this case, you do not have any source code), set breakpoints, set memory watch points, and write scripts. Here are some tips for using gdb.
For other documentation, type help at the gdb command prompt, or type man gdb, or info gdb at a Unix prompt. Some people also like to run gdb under gdb-mode in emacs.
Note that you do not need to use gdb for this lab, but there will be later labs where it becomes critical.

objdump -t
This will print out the symbol table. The symbol table includes the names of all functions and global variables, the names of all the functions, and their addresses. You may learn something by looking at the function names!

objdump -d
Use this to disassemble all of the code. You can also just look at individual functions. Reading the assembler code can tell you how the program works.
Although objdump -d gives you a lot of information, it doesn't tell you the whole story. Calls to system-level functions are displayed in a cryptic form. For example, a call to sscanf might appear as:
8048c36: e8 99 fc ff ff call 80488d4 <_init+0x1a0>
To determine that the call was to sscanf, you would need to disassemble within gdb.

strings
This utility will display the printable strings in your code.

Once you have explored the software, try to answer the following questions.

  1. What procedure calls were implemented in the original C source code, including parameters used.
  2. What does each function do?
  3. To the best of your ability, recreate the C source code.
  4. The linux memory map is divided into regions. In a sentence or two, explain what regions the procedures are stored in. You should be able to intuit this information by reading about how the objdump utility works. Hint: look at -h

Write up your answers and submit them in .pdf or plaintext via Moodle.