Chapter 5 Quiz: Your Development Environment

Open Assembly Language Project

Chapter 5 Quiz: Your Development Environment

16 questions covering the toolchain, GDB commands, assembling/linking, and binary analysis tools.

Multiple Choice

1. The correct NASM command to assemble hello.asm into an ELF64 object file named hello.o is:

A) nasm hello.asm -o hello.o B) nasm -f elf64 hello.asm -o hello.o C) nasm -elf64 hello.asm -o hello.o D) nasm --format=elf64 hello.asm -o hello.o

2. To link hello.o into an executable without using the C runtime (for a pure assembly program), the correct command is:

A) gcc hello.o -o hello B) cc hello.o -o hello C) ld hello.o -o hello D) as hello.o -o hello

3. In GDB, stepi (or si) is used to:

A) Step over a function call without entering the called function B) Execute one assembly instruction, entering any called functions C) Step to the next source code line D) Step back one instruction

4. Which GDB command shows the current values of all general-purpose registers?

A) print registers B) show registers C) info registers D) display all

5. The GDB command x/4gx $rsp means:

A) Execute 4 instructions starting at RSP B) Examine 4 8-byte (giant) values at the address in RSP, displayed in hex C) Extract 4 bytes from RSP and show them D) Display the top 4 items on the stack as 32-bit integers

6. In GDB's TUI mode, the command to show a combined register + assembly view is:

A) layout all B) tui enable C) layout regs (after already being in assembly mode, or use layout split) D) display tui

7. The objdump -d -M intel command:

A) Disassembles a binary and displays instructions in Intel syntax (destination before source) B) Disassembles in AT&T syntax C) Displays the binary in Intel's proprietary format D) Optimizes the binary for Intel processors

8. What is the difference between strace and ltrace?

A) strace traces system calls; ltrace traces library calls B) strace is for static binaries; ltrace is for dynamic binaries C) strace runs slower; ltrace is faster D) strace traces Linux programs; ltrace traces Linux and macOS

9. When linking an assembly program that calls printf from libc:

A) Use ld hello.o -o hello — ld handles libc automatically B) Use gcc hello.o -o hello — gcc adds the libc link and startup code C) The assembly must include extern printf and use nasm -f elf64 --link-libc D) You must manually specify: ld hello.o -o hello -lc -dynamic-linker /lib64/ld-linux.so.2

10. The NASM directive -F dwarf in the assemble step:

A) Outputs in the DWARF file format instead of ELF B) Adds DWARF debug information to the output, enabling source-level debugging in GDB C) Enables DWARF-style optimization D) Is a DWARF-specific target architecture flag

11. readelf -r hello.o shows relocation entries. These are:

A) Locations in the object file that need to be filled in with actual addresses by the linker B) Lists of registers that the code relocates C) Memory addresses that were relocated during program loading D) Security patches applied to the binary

12. In QEMU, the flags -s -S are used for:

A) "Silent" and "Secure" mode — running without output B) Starting the CPU halted and opening a GDB remote server on port 1234 C) "Small" and "Stripped" — minimizing the emulated memory footprint D) System and Software mode — enabling full system emulation

True/False

13. When running a pure assembly program (using _start, not main) linked with ld hello.o -o hello, the C library is NOT used at all, and there is no printf, malloc, or any other C runtime function available.

True / False

14. The display /x $rax` GDB command prints the value of RAX permanently after every command (like `stepi`), without you having to type `print $rax each time.

True / False

15. objdump -d and readelf -d both disassemble executables.

True / False

Short Answer

16. Given the following GDB session transcript, explain what each line is showing and what the programmer was trying to debug:

(gdb) break my_function
(gdb) run
(gdb) stepi
(gdb) stepi
(gdb) print/x $rax
$1 = 0xdeadbeef
(gdb) x/4gx $rsp
0x7fffe000:     0x0000000000000003      0x0000000000401234
0x7fffe010:     0x0000000000000000      0x0000000000402000
(gdb) stepi
(gdb) stepi
(gdb) print/x $rax
$2 = 0x0

a) What did RAX contain after the first two stepi commands? b) What is at RSP? What is the value at [rsp+8]? c) RAX changed from 0xdeadbeef to 0x0 — what kind of instruction likely caused this (name two possibilities)? d) What would you do next to understand why RAX became 0?