(gdb) disas
Dump of assembler code for function getbuf:
0x0000000000400da0 <+0>: push %rbp
0x0000000000400da1 <+1>: mov %rsp,%rbp
0x0000000000400da4 <+4>: sub $0x30,%rsp
0x0000000000400da8 <+8>: lea -0x30(%rbp),%rdi
=> 0x0000000000400dac <+12>: callq 0x400cb0 <Gets>
0x0000000000400db1 <+17>: movabs $0xcccccccccccccccd,%rdx
0x0000000000400dbb <+27>: mov %rax,%rcx
0x0000000000400dbe <+30>: mul %rdx
0x0000000000400dc1 <+33>: shr $0x5,%rdx
0x0000000000400dc5 <+37>: lea (%rdx,%rdx,4),%rax
0x0000000000400dc9 <+41>: mov %rcx,%rdx
0x0000000000400dcc <+44>: shl $0x3,%rax
0x0000000000400dd0 <+48>: sub %rax,%rdx
0x0000000000400dd3 <+51>: mov $0x24,%eax
0x0000000000400dd8 <+56>: cmp $0x24,%rdx
0x0000000000400ddc <+60>: cmovae %rdx,%rax
0x0000000000400de0 <+64>: xor %ecx,%ecx
0x0000000000400de2 <+66>: add $0x1e,%rax
0x0000000000400de6 <+70>: and $0xfffffffffffffff0,%rax
0x0000000000400dea <+74>: sub %rax,%rsp
0x0000000000400ded <+77>: lea 0xf(%rsp),%r8
0x0000000000400df2 <+82>: and $0xfffffffffffffff0,%r8
0x0000000000400df6 <+86>: nopw %cs:0x0(%rax,%rax,1)
0x0000000000400e00 <+96>: movzbl -0x30(%rbp,%rcx,1),%edi
0x0000000000400e05 <+101>: lea (%r8,%rcx,1),%rsi
0x0000000000400e09 <+105>: add $0x1,%rcx
0x0000000000400e0d <+109>: cmp $0x24,%rcx
0x0000000000400e11 <+113>: mov %dil,(%rsi)
0x0000000000400e14 <+116>: jne 0x400e00 <getbuf+96>
0x0000000000400e16 <+118>: mov %rdx,%rax
0x0000000000400e19 <+121>: leaveq
---Type <return> to continue, or q <return> to quit---
0x0000000000400e1a <+122>: retq
End of assembler dump.
(gdb) i f
Stack level 0, frame at 0x7fffffffb3e0:
rip = 0x400dac in getbuf (bufbomb.c:136); saved rip 0x400ef3
called by frame at 0x7fffffffb410
source language c.
Arglist at 0x7fffffffb3d0, args:
Locals at 0x7fffffffb3d0, Previous frame's sp is 0x7fffffffb3e0
Saved registers:
rbp at 0x7fffffffb3d0, rip at 0x7fffffffb3d8
(gdb) i r
rax 0x0 0
rbx 0x47982bd9 1201155033
rcx 0xdeadbeef 3735928559
rdx 0x7ffff7dd8e10 140737351880208
rsi 0x401344 4199236
rdi 0x7fffffffb3a0 140737488335776
rbp 0x7fffffffb3d0 0x7fffffffb3d0
rsp 0x7fffffffb3a0 0x7fffffffb3a0
r8 0x7ffff7ff700d 140737354100749
r9 0xc0000 786432
r10 0x0 0
r11 0x7ffff7ad6d32 140737348726066
r12 0x607f80 6324096
r13 0x7fffffffe360 140737488348000
r14 0x0 0
r15 0x0 0
rip 0x400dac 0x400dac <getbuf+12>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x /64x 0x7fffffffb3a0
0x7fffffffb3a0: 0xffffe260 0x00007fff 0x00607f80 0x00000000
0x7fffffffb3b0: 0xffffe360 0x00007fff 0xf7df0a55 0x00007fff
0x7fffffffb3c0: 0x00002e10 0x00000000 0xf7afe947 0x00007fff
0x7fffffffb3d0: 0xffffb400 0x00007fff 0x00400ef3 0x00000000
0x7fffffffb3e0: 0xffffb410 0x00007fff 0xdeadbeef 0x00000000
0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000
0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000
0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb430: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb440: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb450: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb460: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb470: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb480: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb490: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
(gdb) x /64x 0x7fffffffb3a0
0x7fffffffb3a0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
0x7fffffffb3b0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
0x7fffffffb3c0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
0x7fffffffb3d0: 0xaaaaaaaa 0xaaaaaaaa 0xc0010400 0x00000000
0x7fffffffb3e0: 0xffffb410 0x00007fff 0xdeadbeef 0x00000000
0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000
0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000
0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb430: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb440: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb450: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb460: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb470: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb480: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb490: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
1 (gdb) c
2 Continuing.
3 Type string: Misfire: You called fizz(0xdeadbe00)
4 [Inferior 1 (process 27846) exited normally]
5
6 (gdb) x /24x 0x7fffffffb3d0
7 0x7fffffffb3d0: 0xaaaaaaaa 0xaaaaaaaa 0x00401070 0x00000000
8 0x7fffffffb3e0: 0xaaaaaaaa 0xaaaaaaaa 0xdeadbe00 0x00000000
9 0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000
10 0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000
11 0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
12 0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
(gdb) c
Continuing.
Type string: Misfire: global_value = 0x0
[Inferior 1 (process 28731) exited normally]
(gdb) i f
Stack level 0, frame at 0x7fffffffb3e0:
rip = 0x400dac in getbuf (bufbomb.c:136); saved rip 0x400ef3
called by frame at 0x7fffffffb410
source language c.
Arglist at 0x7fffffffb3d0, args:
Locals at 0x7fffffffb3d0, Previous frame's sp is 0x7fffffffb3e0
Saved registers:
rbp at 0x7fffffffb3d0, rip at 0x7fffffffb3d8
(gdb) x /64x 0x7fffffffb3d0
0x7fffffffb3d0: 0xffffb400 0x00007fff 0x00400ef3 0x00000000
0x7fffffffb3e0: 0xffffb410 0x00007fff 0xdeadbeef 0x00000000
0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000
0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000
0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb430: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb440: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb450: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb460: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb470: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb480: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb490: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb4a0: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb4b0: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
0x7fffffffb4c0: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
浙公网安备 33010602011771号