This recipe begins by running GDB with our ch04-example executable. GDB loads the file into memory, and tells us we're ready to begin by presenting the (gdb) prompt. The command in step 2 tells GDB we want the output displayed using the Intel syntax, and then, in step 3, we instruct GDB to place a breakpoint at the address of the main function. Once GDB confirms it's placed a breakpoint for us in the right location, we issue the run command to tell GDB to execute the binary. GDB does so, and pauses at our breakpoint set on the main function. In step 5, we issue the info registers command to view all of our registers at the entry point to the main function. In step 6, we iteratively issue the nexti command to tell GDB we want it to run the next instruction, then we view the registers again, run the next instruction, view the registers again, and finally we take a sneak peek at the RIP register (64-bit, otherwise EIP in 32-bit)  by issuing the  x/s $rip command, if you're using the 64-bit system. Essentially, this final command in step 6 tells GDB we want to examine the RIP register and display the output as a string. In step 7, we issue the disassemble command in GDB, which instructs the debugger to disassemble the executable portions of the binary and display them. Notice GDB also uses an arrow to point to the current instruction being executed. We exit out of GDB and instruct it to stop the running process of our executable in step 8 and the first part of step 9.

Next, we move onto using EDB to analyze our example executable in the last part of step 9. In step 10 to step 12, we use the power of one of EDB's plugins to graphically display the main function and its disassembly along with the general control flow of our executable. The EDB plugins are installed by default if you followed the installation instructions in Chapter 1, Setting Up the Lab, and are similar to those offered in commercial debuggers. EDB offers several ways for us to interrogate a binary dynamically and will be a powerful ally in later recipes. We finally close EDB and stop the running executable in step 13.

The strace tool is our focus for step 14 and step 15, which helps us examine any system calls our example binary employs. Finally, in step 16 and step 17, we use the ltrace tool to look at which libraries our executable uses. Note that we can see the use of the strcmp() function in this tool's output, and notice the actual values being passed to the strcmp() function. This is a handy tool to use for CTF competitions that offer binary analysis challenges.