daan@ubuntu:~/hax/fmt/dtor$ gcc test.c -fno-stack-protector -z execstack -ggdb -

1. daan@ubuntu:~/hax/fmt/dtor$ gcc test.c -fno-stack-protector -z execstack -ggdb -o test
2.  
3. daan@ubuntu:~/hax/fmt/dtor$ readelf -t ./test | grep -A2 .dtors
4. [19] .dtors
5. PROGBITS 08049f1c 000f1c 000008 00 0 0 4
6. [00000003]: WRITE, ALLOC
7.  
8. daan@ubuntu:~/hax/fmt/dtor$ gdb -q ./test
9. Reading symbols from /home/daan/hax/fmt/dtor/test...done.
10. (gdb) list
11. 1 main() {
12. 2 unsigned int *dtors = (unsigned int *) 0x08049f20;
13. 3 *dtors = 0x41414141;
14. 4 }
15.  
16. (gdb) x/x 0x08049f20
17. 0x8049f20 <__DTOR_END__>: 0x00000000
18.  
19. (gdb) run
20. Program received signal SIGSEGV, Segmentation fault.
21. 0x080483c4 in main () at test.c:3
22. 3 *dtors = 0x41414141;
23.  
24. (gdb) x/i 0x080483c4
25. => 0x80483c4 <main+16>: movl $0x41414141,(%eax)
26.  
27. (gdb) i r eax
28. eax 0x8049f20 134520608
29.  
30. (gdb) x/x 0x08049f20
31. 0x8049f20 <__DTOR_END__>: 0x00000000
32.  
33. (gdb) maintenance info sections
34. ...
35. 0x8049f1c->0x8049f24 at 0x00000f1c: .dtors ALLOC LOAD DATA HAS_CONTENTS
36. ...
37.  
38. (gdb) bt
39. #0 0x080483c4 in main () at test.c:3
40.  
41. (gdb) i f
42. Stack level 0, frame at 0xbffff340:
43. eip = 0x80483c4 in main (test.c:3); saved eip 0xb7e65113
44. source language c.
45. Arglist at 0xbffff338, args:
46. Locals at 0xbffff338, Previous frame's sp is 0xbffff340
47. Saved registers:
48. ebp at 0xbffff338, eip at 0xbffff33c