Today we are going to debug our very simple int program. Let's review the code.
0x04_int.c
#include <stdio.h> #include "pico/stdlib.h" int main() { stdio_init_all(); while(1) { int x = 40; printf("%d\n", x); sleep_ms(1000); } return 0; }
Let's fire up in our debugger.
radare2 -w arm -b 16 0x04_int.elf
Let's auto analyze.
aaaa
Let's seek to main.
s main
Let's go into visual mode by typing V and then p twice to get to a good debugger view.
We start out by setting up our main return value.
push {r4, lr}
We call the standard I/O init.
bl sym.stdio_init_all
We then load our format modifier %d into r4.
ldr r4, [0x0000033c]
We can prove it.
:> psz @ [0x0000033c] %d
We then load our int '40' into _r1 _which is 0x28 hex.
movs r1, 0x28
We can prove it.
:> ? 0x28 int32 40 uint32 40 hex 0x28 octal 050 unit 40 segment 0000:0028 string "(" fvalue: 40.0 float: 0.000000f double: 0.000000 binary 0b00101000 ternary 0t1111
We then move our format modifier into r0.
movs r0, r4
We then branch long to the printf wrapper and call it.
bl sym.__wrap_printf
We then move 250 decimal or 0xfa hex into r0.
movs r0, 0xfa
We then move 250 decimal, which we know when logical shift left twice will be 1,000 decimal or 0xfa hex into r0.
lsls r0, r0, 2
We then call the sleep_ms function.
bl sym.sleep_ms
We then continue the while loop infinitely.
b 0x328
In our next lesson we will hack this very simple binary.