Unlike the previous programs we've analyzed, we need to extend the output of objdump to include more than just the .text section in its output. Additionally, in this scenario, because we're analyzing a binary for vulnerabilities, and we're imagining this is a program that was developed within our organization, we may have access to the source code. This means we can extend our static analysis phase to include more disassembly and a source code review.

In this recipe, we will examine the objdump output, and we will review the C source code behind this binary. As we work through this recipe together, pay careful attention to the tool output and see whether you notice anything odd about the disassembled instructions. During our static analysis phase, we should really ask ourselves several questions:

• Are there instructions present within the output that just seem off?
• Are there instructions present within the output that are unfamiliar?
• Can we trust this output?
• Do we get a good idea of what the program is accomplishing?