API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 10th, 2019
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
GDB 22.65 KB | None | 0 0
raw download clone embed print report
  1. https://pastebin.com/PUEP0Rmv
  2.  
  3. $ gcc -g -no-pie -o helloworld-no-pie helloworld.c
  4.  
  5. $ readelf -r helloworld-no-pie | grep puts
  6.  
  7. 000000601018  000100000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
  8.  
  9. $ LD_BIND_NOW=1 gdb -q helloworld-no-pie
  10. Reading symbols from helloworld-no-pie...done.
  11. gdb-peda$ disp/gx 0x601018
  12. 1: x/xg 0x601018  0x601018:     0x00000000004003f6
  13. gdb-peda$ b main
  14. Breakpoint 1 at 0x4004eb: file helloworld.c, line 21.
  15. gdb-peda$ r
  16. Starting program: /home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie
  17. [----------------------------------registers-----------------------------------]
  18. RAX: 0x4004e7 (<main>:  push   rbp)
  19. RBX: 0x0
  20. RCX: 0x400500 (<__libc_csu_init>:       push   r15)
  21. RDX: 0x7fffffffe348 --> 0x7fffffffe607 ("HOME=/home/ubuntu")
  22. RSI: 0x7fffffffe338 --> 0x7fffffffe5cd ("/home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie")
  23. RDI: 0x1
  24. RBP: 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:    push   r15)
  25. RSP: 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:    push   r15)
  26. RIP: 0x4004eb (<main+4>:        lea    rdi,[rip+0x92]        # 0x400584)
  27. R8 : 0x7ffff7dd0d80 --> 0x0
  28. R9 : 0x7ffff7dd0d80 --> 0x0
  29. R10: 0x0
  30. R11: 0x1
  31. R12: 0x400400 (<_start>:        xor    ebp,ebp)
  32. R13: 0x7fffffffe330 --> 0x1
  33. R14: 0x0
  34. R15: 0x0
  35. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  36. [-------------------------------------code-------------------------------------]
  37.    0x4004e5 <frame_dummy+5>:    jmp    0x400470 <register_tm_clones>
  38.    0x4004e7 <main>:     push   rbp
  39.    0x4004e8 <main+1>:   mov    rbp,rsp
  40. => 0x4004eb <main+4>:   lea    rdi,[rip+0x92]        # 0x400584
  41.    0x4004f2 <main+11>:  call   0x4003f0 <puts@plt>
  42.    0x4004f7 <main+16>:  mov    eax,0x0
  43.    0x4004fc <main+21>:  pop    rbp
  44.    0x4004fd <main+22>:  ret
  45. [------------------------------------stack-------------------------------------]
  46. 0000| 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:   push   r15)
  47. 0008| 0x7fffffffe258 --> 0x7ffff7a05b97 (<__libc_start_main+231>:       mov    edi,eax)
  48. 0016| 0x7fffffffe260 --> 0x1
  49. 0024| 0x7fffffffe268 --> 0x7fffffffe338 --> 0x7fffffffe5cd ("/home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie")
  50. 0032| 0x7fffffffe270 --> 0x100008000
  51. 0040| 0x7fffffffe278 --> 0x4004e7 (<main>:      push   rbp)
  52. 0048| 0x7fffffffe280 --> 0x0
  53. 0056| 0x7fffffffe288 --> 0x987654d3638367ad
  54. [------------------------------------------------------------------------------]
  55. Legend: code, data, rodata, value
  56.  
  57. Breakpoint 1, main () at helloworld.c:21
  58. 21          printf("Hello world!\n");
  59. 1: x/xg 0x601018  0x601018:     0x00007ffff7a649c0
  60. gdb-peda$ x/4i 0x00007ffff7a649c0
  61.    0x7ffff7a649c0 <_IO_puts>:   push   r13
  62.    0x7ffff7a649c2 <_IO_puts+2>: push   r12
  63.    0x7ffff7a649c4 <_IO_puts+4>: mov    r12,rdi
  64.    0x7ffff7a649c7 <_IO_puts+7>: push   rbp
  65. gdb-peda$ set env LD_BIND_NOW
  66. Setting environment variable "LD_BIND_NOW" to null value.
  67. gdb-peda$ r
  68. Starting program: /home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie
  69. [----------------------------------registers-----------------------------------]
  70. RAX: 0x4004e7 (<main>:  push   rbp)
  71. RBX: 0x0
  72. RCX: 0x400500 (<__libc_csu_init>:       push   r15)
  73. RDX: 0x7fffffffe348 --> 0x7fffffffe608 ("HOME=/home/ubuntu")
  74. RSI: 0x7fffffffe338 --> 0x7fffffffe5ce ("/home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie")
  75. RDI: 0x1
  76. RBP: 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:    push   r15)
  77. RSP: 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:    push   r15)
  78. RIP: 0x4004eb (<main+4>:        lea    rdi,[rip+0x92]        # 0x400584)
  79. R8 : 0x7ffff7dd0d80 --> 0x0
  80. R9 : 0x7ffff7dd0d80 --> 0x0
  81. R10: 0x0
  82. R11: 0x1
  83. R12: 0x400400 (<_start>:        xor    ebp,ebp)
  84. R13: 0x7fffffffe330 --> 0x1
  85. R14: 0x0
  86. R15: 0x0
  87. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  88. [-------------------------------------code-------------------------------------]
  89.    0x4004e5 <frame_dummy+5>:    jmp    0x400470 <register_tm_clones>
  90.    0x4004e7 <main>:     push   rbp
  91.    0x4004e8 <main+1>:   mov    rbp,rsp
  92. => 0x4004eb <main+4>:   lea    rdi,[rip+0x92]        # 0x400584
  93.    0x4004f2 <main+11>:  call   0x4003f0 <puts@plt>
  94.    0x4004f7 <main+16>:  mov    eax,0x0
  95.    0x4004fc <main+21>:  pop    rbp
  96.    0x4004fd <main+22>:  ret
  97. [------------------------------------stack-------------------------------------]
  98. 0000| 0x7fffffffe250 --> 0x400500 (<__libc_csu_init>:   push   r15)
  99. 0008| 0x7fffffffe258 --> 0x7ffff7a05b97 (<__libc_start_main+231>:       mov    edi,eax)
  100. 0016| 0x7fffffffe260 --> 0x1
  101. 0024| 0x7fffffffe268 --> 0x7fffffffe338 --> 0x7fffffffe5ce ("/home/ubuntu/Dropbox/Workspace/c/doodle/helloworld-no-pie")
  102. 0032| 0x7fffffffe270 --> 0x100008000
  103. 0040| 0x7fffffffe278 --> 0x4004e7 (<main>:      push   rbp)
  104. 0048| 0x7fffffffe280 --> 0x0
  105. 0056| 0x7fffffffe288 --> 0xc4b72acf028116a5
  106. [------------------------------------------------------------------------------]
  107. Legend: code, data, rodata, value
  108.  
  109. Breakpoint 1, main () at helloworld.c:21
  110. 21          printf("Hello world!\n");
  111. 1: x/xg 0x601018  0x601018:     0x00000000004003f6
  112.  
  113. ➜ gdb -q helloworld-no-pie
  114. Reading symbols from helloworld-no-pie...done.
  115. gdb-peda$ disas main
  116. Dump of assembler code for function main:
  117.    0x00000000004004e7 <+0>: push   rbp
  118.    0x00000000004004e8 <+1>: mov    rbp,rsp
  119.    0x00000000004004eb <+4>: lea    rdi,[rip+0x92]        # 0x400584
  120.    0x00000000004004f2 <+11>:  call   0x4003f0 <puts@plt>
  121.    0x00000000004004f7 <+16>:  mov    eax,0x0
  122.    0x00000000004004fc <+21>:  pop    rbp
  123.    0x00000000004004fd <+22>:  ret
  124. End of assembler dump.
  125. gdb-peda$ b *(main+11)
  126. Breakpoint 1 at 0x4004f2: file helloworld.c, line 21.
  127. gdb-peda$ disp/gx 0x601018
  128. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  129. gdb-peda$ r
  130. Starting program: /home/ubuntu/c/helloworld-no-pie
  131. [----------------------------------registers-----------------------------------]
  132. RAX: 0x4004e7 (<main>:  push   rbp)
  133. RBX: 0x0
  134. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  135. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  136. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  137. RDI: 0x400584 ("Hello world!")
  138. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  139. RSP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  140. RIP: 0x4004f2 (<main+11>: call   0x4003f0 <puts@plt>)
  141. R8 : 0x7ffff7dd0d80 --> 0x0
  142. R9 : 0x7ffff7dd0d80 --> 0x0
  143. R10: 0x0
  144. R11: 0x1
  145. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  146. R13: 0x7fffffffe390 --> 0x1
  147. R14: 0x0
  148. R15: 0x0
  149. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  150. [-------------------------------------code-------------------------------------]
  151.    0x4004e7 <main>: push   rbp
  152.    0x4004e8 <main+1>: mov    rbp,rsp
  153.    0x4004eb <main+4>: lea    rdi,[rip+0x92]        # 0x400584
  154. => 0x4004f2 <main+11>:  call   0x4003f0 <puts@plt>
  155.    0x4004f7 <main+16>:  mov    eax,0x0
  156.    0x4004fc <main+21>:  pop    rbp
  157.    0x4004fd <main+22>:  ret
  158.    0x4004fe:  xchg   ax,ax
  159. Guessed arguments:
  160. arg[0]: 0x400584 ("Hello world!")
  161. [------------------------------------stack-------------------------------------]
  162. 0000| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  163. 0008| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  164. 0016| 0x7fffffffe2c0 --> 0x1
  165. 0024| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  166. 0032| 0x7fffffffe2d0 --> 0x100008000
  167. 0040| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  168. 0048| 0x7fffffffe2e0 --> 0x0
  169. 0056| 0x7fffffffe2e8 --> 0xb8a1e122917df5b0
  170. [------------------------------------------------------------------------------]
  171. Legend: code, data, rodata, value
  172.  
  173. Breakpoint 1, 0x00000000004004f2 in main () at helloworld.c:21
  174. 21      printf("Hello world!\n");
  175. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  176. gdb-peda$ si
  177. [----------------------------------registers-----------------------------------]
  178. RAX: 0x4004e7 (<main>:  push   rbp)
  179. RBX: 0x0
  180. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  181. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  182. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  183. RDI: 0x400584 ("Hello world!")
  184. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  185. RSP: 0x7fffffffe2a8 --> 0x4004f7 (<main+16>:  mov    eax,0x0)
  186. RIP: 0x4003f0 (<puts@plt>:  jmp    QWORD PTR [rip+0x200c22]        # 0x601018)
  187. R8 : 0x7ffff7dd0d80 --> 0x0
  188. R9 : 0x7ffff7dd0d80 --> 0x0
  189. R10: 0x0
  190. R11: 0x1
  191. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  192. R13: 0x7fffffffe390 --> 0x1
  193. R14: 0x0
  194. R15: 0x0
  195. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  196. [-------------------------------------code-------------------------------------]
  197.    0x4003e1:  xor    eax,0x200c22
  198.    0x4003e6:  jmp    QWORD PTR [rip+0x200c24]        # 0x601010
  199.    0x4003ec:  nop    DWORD PTR [rax+0x0]
  200. => 0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  201.  | 0x4003f6 <puts@plt+6>: push   0x0
  202.  | 0x4003fb <puts@plt+11>:  jmp    0x4003e0
  203.  | 0x400400 <_start>: xor    ebp,ebp
  204.  | 0x400402 <_start+2>: mov    r9,rdx
  205.  |->   0x4003f6 <puts@plt+6>: push   0x0
  206.        0x4003fb <puts@plt+11>:  jmp    0x4003e0
  207.        0x400400 <_start>: xor    ebp,ebp
  208.        0x400402 <_start+2>: mov    r9,rdx
  209.                                                                   JUMP is taken
  210. [------------------------------------stack-------------------------------------]
  211. 0000| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  212. 0008| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  213. 0016| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  214. 0024| 0x7fffffffe2c0 --> 0x1
  215. 0032| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  216. 0040| 0x7fffffffe2d0 --> 0x100008000
  217. 0048| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  218. 0056| 0x7fffffffe2e0 --> 0x0
  219. [------------------------------------------------------------------------------]
  220. Legend: code, data, rodata, value
  221. 0x00000000004003f0 in puts@plt ()
  222. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  223. gdb-peda$ si
  224. [----------------------------------registers-----------------------------------]
  225. RAX: 0x4004e7 (<main>:  push   rbp)
  226. RBX: 0x0
  227. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  228. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  229. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  230. RDI: 0x400584 ("Hello world!")
  231. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  232. RSP: 0x7fffffffe2a8 --> 0x4004f7 (<main+16>:  mov    eax,0x0)
  233. RIP: 0x4003f6 (<puts@plt+6>:  push   0x0)
  234. R8 : 0x7ffff7dd0d80 --> 0x0
  235. R9 : 0x7ffff7dd0d80 --> 0x0
  236. R10: 0x0
  237. R11: 0x1
  238. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  239. R13: 0x7fffffffe390 --> 0x1
  240. R14: 0x0
  241. R15: 0x0
  242. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  243. [-------------------------------------code-------------------------------------]
  244.    0x4003e6:  jmp    QWORD PTR [rip+0x200c24]        # 0x601010
  245.    0x4003ec:  nop    DWORD PTR [rax+0x0]
  246.    0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  247. => 0x4003f6 <puts@plt+6>: push   0x0
  248.    0x4003fb <puts@plt+11>:  jmp    0x4003e0
  249.    0x400400 <_start>: xor    ebp,ebp
  250.    0x400402 <_start+2>: mov    r9,rdx
  251.    0x400405 <_start+5>: pop    rsi
  252. [------------------------------------stack-------------------------------------]
  253. 0000| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  254. 0008| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  255. 0016| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  256. 0024| 0x7fffffffe2c0 --> 0x1
  257. 0032| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  258. 0040| 0x7fffffffe2d0 --> 0x100008000
  259. 0048| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  260. 0056| 0x7fffffffe2e0 --> 0x0
  261. [------------------------------------------------------------------------------]
  262. Legend: code, data, rodata, value
  263. 0x00000000004003f6 in puts@plt ()
  264. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  265. gdb-peda$ ni
  266. [----------------------------------registers-----------------------------------]
  267. RAX: 0x4004e7 (<main>:  push   rbp)
  268. RBX: 0x0
  269. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  270. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  271. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  272. RDI: 0x400584 ("Hello world!")
  273. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  274. RSP: 0x7fffffffe2a0 --> 0x0
  275. RIP: 0x4003fb (<puts@plt+11>: jmp    0x4003e0)
  276. R8 : 0x7ffff7dd0d80 --> 0x0
  277. R9 : 0x7ffff7dd0d80 --> 0x0
  278. R10: 0x0
  279. R11: 0x1
  280. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  281. R13: 0x7fffffffe390 --> 0x1
  282. R14: 0x0
  283. R15: 0x0
  284. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  285. [-------------------------------------code-------------------------------------]
  286.    0x4003ec:  nop    DWORD PTR [rax+0x0]
  287.    0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  288.    0x4003f6 <puts@plt+6>: push   0x0
  289. => 0x4003fb <puts@plt+11>:  jmp    0x4003e0
  290.  | 0x400400 <_start>: xor    ebp,ebp
  291.  | 0x400402 <_start+2>: mov    r9,rdx
  292.  | 0x400405 <_start+5>: pop    rsi
  293.  | 0x400406 <_start+6>: mov    rdx,rsp
  294.  |->   0x4003e0:  push   QWORD PTR [rip+0x200c22]        # 0x601008
  295.        0x4003e6:  jmp    QWORD PTR [rip+0x200c24]        # 0x601010
  296.        0x4003ec:  nop    DWORD PTR [rax+0x0]
  297.        0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  298.                                                                   JUMP is taken
  299. [------------------------------------stack-------------------------------------]
  300. 0000| 0x7fffffffe2a0 --> 0x0
  301. 0008| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  302. 0016| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  303. 0024| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  304. 0032| 0x7fffffffe2c0 --> 0x1
  305. 0040| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  306. 0048| 0x7fffffffe2d0 --> 0x100008000
  307. 0056| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  308. [------------------------------------------------------------------------------]
  309. Legend: code, data, rodata, value
  310. 0x00000000004003fb in puts@plt ()
  311. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  312. gdb-peda$ ni
  313. [----------------------------------registers-----------------------------------]
  314. RAX: 0x4004e7 (<main>:  push   rbp)
  315. RBX: 0x0
  316. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  317. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  318. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  319. RDI: 0x400584 ("Hello world!")
  320. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  321. RSP: 0x7fffffffe2a0 --> 0x0
  322. RIP: 0x4003e0 (push   QWORD PTR [rip+0x200c22]        # 0x601008)
  323. R8 : 0x7ffff7dd0d80 --> 0x0
  324. R9 : 0x7ffff7dd0d80 --> 0x0
  325. R10: 0x0
  326. R11: 0x1
  327. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  328. R13: 0x7fffffffe390 --> 0x1
  329. R14: 0x0
  330. R15: 0x0
  331. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  332. [-------------------------------------code-------------------------------------]
  333. => 0x4003e0:  push   QWORD PTR [rip+0x200c22]        # 0x601008
  334.    0x4003e6:  jmp    QWORD PTR [rip+0x200c24]        # 0x601010
  335.    0x4003ec:  nop    DWORD PTR [rax+0x0]
  336.    0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  337. [------------------------------------stack-------------------------------------]
  338. 0000| 0x7fffffffe2a0 --> 0x0
  339. 0008| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  340. 0016| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  341. 0024| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  342. 0032| 0x7fffffffe2c0 --> 0x1
  343. 0040| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  344. 0048| 0x7fffffffe2d0 --> 0x100008000
  345. 0056| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  346. [------------------------------------------------------------------------------]
  347. Legend: code, data, rodata, value
  348. 0x00000000004003e0 in ?? ()
  349. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  350. gdb-peda$ ni
  351. [----------------------------------registers-----------------------------------]
  352. RAX: 0x4004e7 (<main>:  push   rbp)
  353. RBX: 0x0
  354. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  355. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  356. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  357. RDI: 0x400584 ("Hello world!")
  358. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  359. RSP: 0x7fffffffe298 --> 0x7ffff7ffe170 --> 0x0
  360. RIP: 0x4003e6 (jmp    QWORD PTR [rip+0x200c24]        # 0x601010)
  361. R8 : 0x7ffff7dd0d80 --> 0x0
  362. R9 : 0x7ffff7dd0d80 --> 0x0
  363. R10: 0x0
  364. R11: 0x1
  365. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  366. R13: 0x7fffffffe390 --> 0x1
  367. R14: 0x0
  368. R15: 0x0
  369. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  370. [-------------------------------------code-------------------------------------]
  371.    0x4003de <_init+22>: ret
  372.    0x4003df:  add    bh,bh
  373.    0x4003e1:  xor    eax,0x200c22
  374. => 0x4003e6:  jmp    QWORD PTR [rip+0x200c24]        # 0x601010
  375.  | 0x4003ec:  nop    DWORD PTR [rax+0x0]
  376.  | 0x4003f0 <puts@plt>: jmp    QWORD PTR [rip+0x200c22]        # 0x601018
  377.  | 0x4003f6 <puts@plt+6>: push   0x0
  378.  | 0x4003fb <puts@plt+11>:  jmp    0x4003e0
  379.  |->   0x7ffff7dec680 <_dl_runtime_resolve_xsave>:  push   rbx
  380.        0x7ffff7dec681 <_dl_runtime_resolve_xsave+1>:  mov    rbx,rsp
  381.        0x7ffff7dec684 <_dl_runtime_resolve_xsave+4>:  and    rsp,0xffffffffffffffc0
  382.        0x7ffff7dec688 <_dl_runtime_resolve_xsave+8>:  sub    rsp,QWORD PTR [rip+0x210179]        # 0x7ffff7ffc808 <_rtld_global_ro+168>
  383.                                                                   JUMP is taken
  384. [------------------------------------stack-------------------------------------]
  385. 0000| 0x7fffffffe298 --> 0x7ffff7ffe170 --> 0x0
  386. 0008| 0x7fffffffe2a0 --> 0x0
  387. 0016| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  388. 0024| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  389. 0032| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  390. 0040| 0x7fffffffe2c0 --> 0x1
  391. 0048| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  392. 0056| 0x7fffffffe2d0 --> 0x100008000
  393. [------------------------------------------------------------------------------]
  394. Legend: code, data, rodata, value
  395. 0x00000000004003e6 in ?? ()
  396. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  397. gdb-peda$ ni
  398. [----------------------------------registers-----------------------------------]
  399. RAX: 0x4004e7 (<main>:  push   rbp)
  400. RBX: 0x0
  401. RCX: 0x400500 (<__libc_csu_init>: push   r15)
  402. RDX: 0x7fffffffe3a8 --> 0x7fffffffe63e ("LANG=en_US.UTF-8")
  403. RSI: 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  404. RDI: 0x400584 ("Hello world!")
  405. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  406. RSP: 0x7fffffffe298 --> 0x7ffff7ffe170 --> 0x0
  407. RIP: 0x7ffff7dec680 (<_dl_runtime_resolve_xsave>: push   rbx)
  408. R8 : 0x7ffff7dd0d80 --> 0x0
  409. R9 : 0x7ffff7dd0d80 --> 0x0
  410. R10: 0x0
  411. R11: 0x1
  412. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  413. R13: 0x7fffffffe390 --> 0x1
  414. R14: 0x0
  415. R15: 0x0
  416. EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
  417. [-------------------------------------code-------------------------------------]
  418.    0x7ffff7dec674 <_dl_runtime_resolve_fxsave+116>: add    rsp,0x18
  419.    0x7ffff7dec678 <_dl_runtime_resolve_fxsave+120>: bnd jmp r11
  420.    0x7ffff7dec67c:  nop    DWORD PTR [rax+0x0]
  421. => 0x7ffff7dec680 <_dl_runtime_resolve_xsave>:  push   rbx
  422.    0x7ffff7dec681 <_dl_runtime_resolve_xsave+1>:  mov    rbx,rsp
  423.    0x7ffff7dec684 <_dl_runtime_resolve_xsave+4>:  and    rsp,0xffffffffffffffc0
  424.    0x7ffff7dec688 <_dl_runtime_resolve_xsave+8>:  sub    rsp,QWORD PTR [rip+0x210179]        # 0x7ffff7ffc808 <_rtld_global_ro+168>
  425.    0x7ffff7dec68f <_dl_runtime_resolve_xsave+15>: mov    QWORD PTR [rsp],rax
  426. [------------------------------------stack-------------------------------------]
  427. 0000| 0x7fffffffe298 --> 0x7ffff7ffe170 --> 0x0
  428. 0008| 0x7fffffffe2a0 --> 0x0
  429. 0016| 0x7fffffffe2a8 --> 0x4004f7 (<main+16>: mov    eax,0x0)
  430. 0024| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  431. 0032| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  432. 0040| 0x7fffffffe2c0 --> 0x1
  433. 0048| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  434. 0056| 0x7fffffffe2d0 --> 0x100008000
  435. [------------------------------------------------------------------------------]
  436. Legend: code, data, rodata, value
  437. _dl_runtime_resolve_xsave () at ../sysdeps/x86_64/dl-trampoline.h:71
  438. 71  ../sysdeps/x86_64/dl-trampoline.h: No such file or directory.
  439. 1: x/xg 0x601018  0x601018: 0x00000000004003f6
  440. gdb-peda$ finish
  441. Run till exit from #0  _dl_runtime_resolve_xsave () at ../sysdeps/x86_64/dl-trampoline.h:71
  442. Hello world!
  443. [----------------------------------registers-----------------------------------]
  444. RAX: 0xd ('\r')
  445. RBX: 0x0
  446. RCX: 0x7ffff7af4154 (<__GI___libc_write+20>:  cmp    rax,0xfffffffffffff000)
  447. RDX: 0x7ffff7dd18c0 --> 0x0
  448. RSI: 0x602260 ("Hello world!\n")
  449. RDI: 0x1
  450. RBP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  451. RSP: 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>:  push   r15)
  452. RIP: 0x4004f7 (<main+16>: mov    eax,0x0)
  453. R8 : 0x0
  454. R9 : 0x0
  455. R10: 0x602010 --> 0x0
  456. R11: 0x246
  457. R12: 0x400400 (<_start>:  xor    ebp,ebp)
  458. R13: 0x7fffffffe390 --> 0x1
  459. R14: 0x0
  460. R15: 0x0
  461. EFLAGS: 0x206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow)
  462. [-------------------------------------code-------------------------------------]
  463.    0x4004e8 <main+1>: mov    rbp,rsp
  464.    0x4004eb <main+4>: lea    rdi,[rip+0x92]        # 0x400584
  465.    0x4004f2 <main+11>:  call   0x4003f0 <puts@plt>
  466. => 0x4004f7 <main+16>:  mov    eax,0x0
  467.    0x4004fc <main+21>:  pop    rbp
  468.    0x4004fd <main+22>:  ret
  469.    0x4004fe:  xchg   ax,ax
  470.    0x400500 <__libc_csu_init>:  push   r15
  471. [------------------------------------stack-------------------------------------]
  472. 0000| 0x7fffffffe2b0 --> 0x400500 (<__libc_csu_init>: push   r15)
  473. 0008| 0x7fffffffe2b8 --> 0x7ffff7a05b97 (<__libc_start_main+231>: mov    edi,eax)
  474. 0016| 0x7fffffffe2c0 --> 0x1
  475. 0024| 0x7fffffffe2c8 --> 0x7fffffffe398 --> 0x7fffffffe604 ("/home/ubuntu/c/helloworld-no-pie")
  476. 0032| 0x7fffffffe2d0 --> 0x100008000
  477. 0040| 0x7fffffffe2d8 --> 0x4004e7 (<main>:  push   rbp)
  478. 0048| 0x7fffffffe2e0 --> 0x0
  479. 0056| 0x7fffffffe2e8 --> 0xb8a1e122917df5b0
  480. [------------------------------------------------------------------------------]
  481. Legend: code, data, rodata, value
  482. 0x00000000004004f7 in main () at helloworld.c:21
  483. 21      printf("Hello world!\n");
  484. 1: x/xg 0x601018  0x601018: 0x00007ffff7a649c0
  485. gdb-peda$ x/4i 0x00007ffff7a649c0
  486.    0x7ffff7a649c0 <_IO_puts>: push   r13
  487.    0x7ffff7a649c2 <_IO_puts+2>: push   r12
  488.    0x7ffff7a649c4 <_IO_puts+4>: mov    r12,rdi
  489.    0x7ffff7a649c7 <_IO_puts+7>: push   rbp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!