API tools faq
paste
Guest User

Untitled

a guest
Apr 20th, 2018
49
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.42 KB | None | 0 0
raw download clone embed print report
  1. grep call foo.txt | wc -l
  2. 187
  3.  
  4. 0:000> bp kernel32!ConsoleClientCallServer
  5. 0:000> tc 130
  6. 012f1005 e856000000 call consapp!printf (012f1060)
  7. 012f1067 e84fa20000 call consapp!__acrt_iob_func (01
  8. 012f1078 e8a3ffffff call consapp!__local_stdio_print
  9. 012f1082 e8b9b80100 call consapp!__stdio_common_vfpr
  10. 0130c9bc e8e6ecfeff call consapp!__crt_seh_guarded_c
  11. 012fb6ae e8dd63ffff call consapp!__SEH_prolog4 (012f
  12. 012fb6bc e89cfcffff call consapp!_lock_file (012fb35
  13. 012fb369 ff154cf03201 call dword ptr [consapp!_imp__En
  14. 012fb6c9 e81f520000 call consapp!<lambda_df52180bf14
  15. 0130090b e869780100 call consapp!__acrt_stdio_begin_
  16. 01318183 e812feffff call consapp!_fileno (01317f9a)
  17. 01318189 e82bc80000 call consapp!_isatty (013249b9)
  18. 0131819f e81731feff call consapp!__acrt_iob_func (01
  19. 013181e8 e88989ffff call consapp!_malloc_base (01310
  20. 01310ba8 ff15b0f03201 call dword ptr [consapp!_imp__He
  21. 77115adb e80c000000 call ntdll!RtlpAllocateHeap (771
  22. 77115af6 e811d1ffff call ntdll!_SEH_prolog4 (77112c0
  23. 7714a405 e8a4ba0300 call ntdll!RtlDebugAllocateHeap
  24. 77185eb5 e852cdf8ff call ntdll!_SEH_prolog4 (77112c0
  25. 77185ef2 e87379f9ff call ntdll!RtlpCheckHeapSignatur
  26. 77185f46 e84518f8ff call ntdll!RtlEnterCriticalSecti
  27. 77185f54 e8d5f9ffff call ntdll!RtlpValidateHeap (771
  28. 77185949 e8cef1ffff call ntdll!RtlpValidateHeapHeade
  29. 77185f5e e873cef8ff call ntdll!RtlAllocateHeap (7711
  30. 77115adb e80c000000 call ntdll!RtlpAllocateHeap (771
  31. 77115af6 e811d1ffff call ntdll!_SEH_prolog4 (77112c0
  32. 7714a53b e8b0b6faff call ntdll!RtlCompareMemoryUlong
  33. 77115d55 e890080000 call ntdll!RtlpCreateSplitBlock
  34. 77149ed4 e8b7bdfaff call ntdll!RtlFillMemoryUlong (7
  35. 7714a689 e802b6faff call ntdll!RtlFillMemoryUlong (7
  36. 770eeb45 e8ddffffff call ntdll!RtlpGetExtraStuffPoin
  37. 770eeb60 e8fe870200 call ntdll!RtlGetNtGlobalFlags (
  38. 77115db9 e81d000000 call ntdll!RtlpAllocateHeap+0xe7
  39. 77115dce e87eceffff call ntdll!_SEH_epilog4 (77112c5
  40. 77185f6a e8adebffff call ntdll!RtlpValidateHeapHeade
  41. 77185fb1 e8718bf6ff call ntdll!RtlpGetExtraStuffPoin
  42. 77186082 e8dc12f9ff call ntdll!RtlGetNtGlobalFlags (
  43. 771861a9 e810000000 call ntdll!RtlDebugAllocateHeap+
  44. 771861cd e87e15f8ff call ntdll!RtlLeaveCriticalSecti
  45. 771861b1 e89bcaf8ff call ntdll!_SEH_epilog4 (77112c5
  46. 77115dce e87eceffff call ntdll!_SEH_epilog4 (77112c5
  47. 013181f1 e84689ffff call consapp!_free_base (01310b3
  48. 01300922 e8f3f9ffff call consapp!_LocaleUpdate::_Loc
  49. 01300957 e88af6ffff call consapp!__crt_stdio_output:
  50. 012fffee e860ffffff call consapp!__crt_stdio_output:
  51. 01300966 e828150000 call consapp!__crt_stdio_output:
  52. 01301e9e e834950000 call consapp!__crt_stdio_output:
  53. 0130b3f1 e859090000 call consapp!__acrt_stdio_char_t
  54. 0130bd63 e832c20000 call consapp!_fileno (01317f9a)
  55. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  56. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  57. 0130305e e8df010000 call consapp!__crt_stdio_output:
  58. 0130324d e85b020000 call consapp!__crt_stdio_output:
  59. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  60. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  61. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  62. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  63. 0130305e e8df010000 call consapp!__crt_stdio_output:
  64. 0130324d e85b020000 call consapp!__crt_stdio_output:
  65. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  66. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  67. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  68. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  69. 0130305e e8df010000 call consapp!__crt_stdio_output:
  70. 0130324d e85b020000 call consapp!__crt_stdio_output:
  71. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  72. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  73. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  74. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  75. 0130305e e8df010000 call consapp!__crt_stdio_output:
  76. 0130324d e85b020000 call consapp!__crt_stdio_output:
  77. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  78. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  79. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  80. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  81. 0130305e e8df010000 call consapp!__crt_stdio_output:
  82. 0130324d e85b020000 call consapp!__crt_stdio_output:
  83. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  84. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  85. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  86. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  87. 0130305e e8df010000 call consapp!__crt_stdio_output:
  88. 0130324d e85b020000 call consapp!__crt_stdio_output:
  89. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  90. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  91. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  92. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  93. 0130305e e8df010000 call consapp!__crt_stdio_output:
  94. 0130324d e85b020000 call consapp!__crt_stdio_output:
  95. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  96. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  97. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  98. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  99. 0130305e e8df010000 call consapp!__crt_stdio_output:
  100. 0130324d e85b020000 call consapp!__crt_stdio_output:
  101. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  102. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  103. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  104. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  105. 0130305e e8df010000 call consapp!__crt_stdio_output:
  106. 0130324d e85b020000 call consapp!__crt_stdio_output:
  107. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  108. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  109. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  110. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  111. 0130305e e8df010000 call consapp!__crt_stdio_output:
  112. 0130324d e85b020000 call consapp!__crt_stdio_output:
  113. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  114. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  115. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  116. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  117. 0130305e e8df010000 call consapp!__crt_stdio_output:
  118. 0130324d e85b020000 call consapp!__crt_stdio_output:
  119. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  120. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  121. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  122. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  123. 0130305e e8df010000 call consapp!__crt_stdio_output:
  124. 0130324d e85b020000 call consapp!__crt_stdio_output:
  125. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  126. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  127. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  128. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  129. 0130305e e8df010000 call consapp!__crt_stdio_output:
  130. 0130324d e85b020000 call consapp!__crt_stdio_output:
  131. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  132. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  133. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  134. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  135. 0130305e e8df010000 call consapp!__crt_stdio_output:
  136. 0130324d e85b020000 call consapp!__crt_stdio_output:
  137. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  138. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  139. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  140. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  141. 0130305e e8df010000 call consapp!__crt_stdio_output:
  142. 0130324d e85b020000 call consapp!__crt_stdio_output:
  143. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  144. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  145. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  146. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  147. 0130305e e8df010000 call consapp!__crt_stdio_output:
  148. 0130324d e85b020000 call consapp!__crt_stdio_output:
  149. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  150. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  151. 01301ef1 e8d7eeffff call consapp!__crt_stdio_output:
  152. 01301f0c e84d110000 call consapp!__crt_stdio_output:
  153. 0130305e e8df010000 call consapp!__crt_stdio_output:
  154. 0130324d e85b020000 call consapp!__crt_stdio_output:
  155. 01303265 e8778c0000 call consapp!__crt_stdio_output:
  156. 0130bf05 e8b6c00000 call consapp!_fputc_nolock (0131
  157. 01300973 e892fbffff call consapp!__crt_stdio_output:
  158. 01300515 e822060100 call consapp!_free_base (01310b3
  159. 01300995 e894780100 call consapp!__acrt_stdio_end_te
  160. 0131824b e856c4ffff call consapp!__acrt_stdio_flush_
  161. 013146d6 e8bf380000 call consapp!_fileno (01317f9a)
  162. 013146dd e8f2bb0000 call consapp!_write (013202d4)
  163. 013202db e8b017fdff call consapp!__SEH_prolog4 (012f
  164. 01320333 e878acffff call consapp!__acrt_lowio_lock_f
  165. 0131afcb ff154cf03201 call dword ptr [consapp!_imp__En
  166. 01320370 e847000000 call consapp!_write_nolock (0132
  167. 0132047b e8e4faffff call consapp!write_requires_doub
  168. 0131ff6f e8454a0000 call consapp!_isatty (013249b9)
  169. 0131ff97 e81a71ffff call consapp!__acrt_getptd (0131
  170. 013170ba ff1544f03201 call dword ptr [consapp!_imp__Ge
  171. 013170cd e8fdc6ffff call consapp!__acrt_FlsGetValue
  172. 013137f1 e85bfbffff call consapp!try_get_function (0
  173. 01313804 ff154cf13201 call dword ptr [consapp!__guard_
  174. 0131380a ffd6 call esi
  175. 0131381a e898e4fdff call consapp!__security_check_co
  176. 01317152 ff1548f03201 call dword ptr [consapp!_imp__Se
  177. 01320516 e8bffaffff call consapp!write_text_ansi_nol
  178. 0131ffe4 e857af0000 call consapp!_chkstk (0132af40)
  179. 01320075 ff1584f03201 call dword ptr [consapp!_imp__Wr
  180. 75e3bf44 e8d4ffffff call kernel32!WriteConsoleA (75e
  181. 75e3bf30 e8c0feffff call kernel32!WriteConsoleIntern
  182. 75e3bdff e8dc380000 call kernel32!_SEH_prolog4_GS (7
  183. 75e3be58 e847050000 call kernel32!memcpy (75e3c3a4)
  184. 75e3be77 e8a38c0000 call kernel32!ConsoleClientCallS
  185. Breakpoint 0 hit
  186. 75e44b1f 8bff mov edi,edi
  187. 75e44b68 ff158016df75 call dword ptr [kernel32!_imp__N
  188. 771064a2 ff12 call dword ptr [edx]
  189. 771070f2 0f34 sysenter <<<<<<<<<<<<<<<<<<<<<<<
  190. 75e3bea6 e87d380000 call kernel32!_SEH_epilog4_GS (7
  191.  
  192. #include <stdio.h>
  193. #include <sys/types.h>
  194. #include <unistd.h>
  195.  
  196. int main(void) {
  197. pid_t current_PID = getpid();
  198. pid_t parent_PID = getppid();
  199.  
  200. printf("Current process ID: %dn", current_PID);
  201. printf("Parent process ID: %dn", parent_PID);
  202.  
  203. return 0;
  204. }
  205.  
  206. $ echo $$
  207. 29760
  208.  
  209. $ ./pid
  210. Current process ID: 9071
  211. Parent process ID: 29760
  212.  
  213. <main>:
  214. push %ebp
  215. mov %esp,%ebp
  216. and $0xfffffff0,%esp
  217. sub $0x20,%esp
  218. call 8048340 <getpid@plt> # libc wrapper around getpid() system call
  219. mov %eax,0x18(%esp) # write return value (PID) in register to stack
  220. call 8048370 <getppid@plt> # libc wrapper around getppid() system call
  221. mov %eax,0x1c(%esp) # write return value (PPID) in register to stack
  222. mov 0x18(%esp),%eax # read from stack, write to register
  223. mov %eax,0x4(%esp) # write register value to stack as 2nd arg to printf (PID)
  224. movl $0x8048560,(%esp) # read format string from memory, write to stack as 1st arg to printf
  225. call 8048330 <printf@plt> # libc wrapper around write() system call
  226. mov 0x1c(%esp),%eax # read PPID saved on stack, write to register
  227. mov %eax,0x4(%esp) # write PPID in register to stack as 2nd arg to printf
  228. movl $0x8048578,(%esp) # read format string from memory, write to stack as 1st arg to printf
  229. call 8048330 <printf@plt> # libc wrapper around write() system call
  230. mov $0x0,%eax
  231. leave
  232. ret
  233.  
  234. $ strace ./pid
  235. execve("./pid", ["./pid"], [/* 53 vars */]) = 0
  236. [ Process PID=10017 runs in 32 bit mode. ]
  237. brk(0) = 0x943d000
  238. access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
  239. mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfffffffff7793000
  240. access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  241. open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  242. fstat64(3, {st_mode=S_IFREG|0644, st_size=155012, ...}) = 0
  243. mmap2(NULL, 155012, PROT_READ, MAP_PRIVATE, 3, 0) = 0xfffffffff776d000
  244. close(3) = 0
  245. access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
  246. open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  247. read(3, "177ELF111331P2341004"..., 512) = 512
  248. fstat64(3, {st_mode=S_IFREG|0755, st_size=1763068, ...}) = 0
  249. mmap2(NULL, 1772156, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xfffffffff75bc000
  250. mmap2(0xf7767000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1aa000) = 0xfffffffff7767000
  251. mmap2(0xf776a000, 10876, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xfffffffff776a000
  252. close(3) = 0
  253. mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfffffffff75bb000
  254. set_thread_area(0xffc17c00) = 0
  255. mprotect(0xf7767000, 8192, PROT_READ) = 0
  256. mprotect(0x8049000, 4096, PROT_READ) = 0
  257. mprotect(0xf77b8000, 4096, PROT_READ) = 0
  258. munmap(0xf776d000, 155012) = 0
  259. getpid() = 10017
  260. getppid() = 10014
  261. fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 13), ...}) = 0
  262. mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfffffffff7792000
  263. write(1, "Current process ID: 10017n", 26Current process ID: 10017
  264. ) = 26
  265. write(1, "Parent process ID: 10014n", 25Parent process ID: 10014
  266. ) = 25
  267. exit_group(0) = ?
  268. +++ exited with 0 +++
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!