DISASSEMBLY

//view the instructions within a specific function
gef> disas _start

 Dump of assembler code for function _start:
   0x0000000000401000 <+0>:	mov    eax,0x1
   0x0000000000401005 <+5>:	mov    edi,0x1
   0x000000000040100a <+10>:	movabs rsi,0x402000
   0x0000000000401014 <+20>:	mov    edx,0x12
   0x0000000000401019 <+25>:	syscall
   0x000000000040101b <+27>:	mov    eax,0x3c
   0x0000000000401020 <+32>:	mov    edi,0x0
   0x0000000000401025 <+37>:	syscall
 End of assembler dump.
 
 * disas is short for "disassemble"
 * the main focus is to identify the memory addresses for each instruction and 
   operands (i.e., arguments).
    - Having the memory address is critical for examining the variables/operands and 
      setting breakpoints for a certain instruction.
      
 * In Position-Independent Executables (PIE), memory addresses for instructions and 
   operands are often expressed relative to the instruction pointer (RIP), rather than 
   as fixed absolute addresses. This means that instead of hardcoding raw memory 
   addresses, the program calculates addresses based on the current location of the 
   instruction being executed. 
    - For example, an address like 0x0000000000402000 in the disassembly represents an 
      offset relative to RIP, rather than the actual runtime address in 
      memory (e.g., 0xffffffffaa8a25ff).
       - This allows the binary to be loaded at different base addresses each 
         time (thanks to ASLR), improving security and making exploitation harder. When 
         debugging or setting breakpoints, you use the RIP-relative addresses within 
         the disassembler or debugger, which are translated at runtime to the actual 
         memory locations.