How it works...

In step 1, we run netcat in a new Terminal tab to catch the socket connection, and then, in step 2, we execute the system call instruction. After the system call is made at 4000fb, the Registers window will look like the one shown in the following screenshot. RAX is set to 0, indicating that the connect system call succeeded. We can also check our Terminal tab running netcat to see that the connection did succeed:

The next block of instructions we analyze looks as follows. In step 3, we run through each instruction, reviewing the Registers window:

After executing each instruction before the syscall, we see the following in ...

Get Binary Analysis Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.