Course details

Binary Code Analysis

IAN Acad. year 2016/2017 Summer semester 4 credits

Current academic year

Guarantor

Vojnar Tomáš, prof. Ing., Ph.D. (DITS)

Language of instruction

Czech, English

Completion

Classified Credit

Time span

  • 14 hrs lectures
  • 12 hrs pc labs
  • 13 hrs projects

Assessment points

  • 40 pts mid-term test (written part)
  • 60 pts projects

Department

Department of Intelligent Systems (UITS)

Recommended prerequisites

Fundamental literature

  • Ljubuncic, I.: Linux Kernel Crash Book, 2011.

Syllabus of lectures

  1. Computer architectures in general, registers, implicit and explicit stack operations. The x86 and x86_64 computer architectures, common instructions. System V ABI on x86_64 architecture, red zone.
  2. Compilation, linking, and running code. Examples of compiler optimizations, stack optimizations (leaf and tail calls, function inlining), linker script, understanding of the Unix binary file (ELF, objdump).
  3. Linux crash dump analysis, DWARF debug symbols, using the crash(8) tool.
  4. Linux crash dump analysis, understanding kernel Oops, kernel flags, sysrq.
  5. Kernel process and memory management, task_struct, vmas, SLAB allocator.
  6. Interrupt processing, postponing work, bottom halves, softirqs and tasklets, work queues.
  7. Live kernel tracing (SystemTap, ftrace), locks, deadlocks and hangs and their analysis and reconstruction.

Syllabus of computer exercises

  1. Decomposition of an ELF binary file, decoding its sections, and code disassembling.
  2. Using the crash(1) tool on Linux.
  3. Crash dump analysis of a Linux system on the IA-32 architecture.
  4. Crash dump analysis of a Linux system on the AMD64 architecture.
  5. System tracing using SystemTap and ftrace.
  6. Tracing and analysis of system deadlocks.
Back to top