bufbomb

(gdb) disas
Dump of assembler code for function getbuf:
   0x0000000000400da0 <+0>:    push   %rbp
   0x0000000000400da1 <+1>:    mov    %rsp,%rbp
   0x0000000000400da4 <+4>:    sub    $0x30,%rsp
   0x0000000000400da8 <+8>:    lea    -0x30(%rbp),%rdi
=> 0x0000000000400dac <+12>:    callq  0x400cb0 <Gets>
   0x0000000000400db1 <+17>:    movabs $0xcccccccccccccccd,%rdx
   0x0000000000400dbb <+27>:    mov    %rax,%rcx
   0x0000000000400dbe <+30>:    mul    %rdx
   0x0000000000400dc1 <+33>:    shr    $0x5,%rdx
   0x0000000000400dc5 <+37>:    lea    (%rdx,%rdx,4),%rax
   0x0000000000400dc9 <+41>:    mov    %rcx,%rdx
   0x0000000000400dcc <+44>:    shl    $0x3,%rax
   0x0000000000400dd0 <+48>:    sub    %rax,%rdx
   0x0000000000400dd3 <+51>:    mov    $0x24,%eax
   0x0000000000400dd8 <+56>:    cmp    $0x24,%rdx
   0x0000000000400ddc <+60>:    cmovae %rdx,%rax
   0x0000000000400de0 <+64>:    xor    %ecx,%ecx
   0x0000000000400de2 <+66>:    add    $0x1e,%rax
   0x0000000000400de6 <+70>:    and    $0xfffffffffffffff0,%rax
   0x0000000000400dea <+74>:    sub    %rax,%rsp
   0x0000000000400ded <+77>:    lea    0xf(%rsp),%r8
   0x0000000000400df2 <+82>:    and    $0xfffffffffffffff0,%r8
   0x0000000000400df6 <+86>:    nopw   %cs:0x0(%rax,%rax,1)
   0x0000000000400e00 <+96>:    movzbl -0x30(%rbp,%rcx,1),%edi
   0x0000000000400e05 <+101>:    lea    (%r8,%rcx,1),%rsi
   0x0000000000400e09 <+105>:    add    $0x1,%rcx
   0x0000000000400e0d <+109>:    cmp    $0x24,%rcx
   0x0000000000400e11 <+113>:    mov    %dil,(%rsi)
   0x0000000000400e14 <+116>:    jne    0x400e00 <getbuf+96>
   0x0000000000400e16 <+118>:    mov    %rdx,%rax
   0x0000000000400e19 <+121>:    leaveq 
---Type <return> to continue, or q <return> to quit---
   0x0000000000400e1a <+122>:    retq   
End of assembler dump.
(gdb) i f
Stack level 0, frame at 0x7fffffffb3e0:
 rip = 0x400dac in getbuf (bufbomb.c:136); saved rip 0x400ef3
 called by frame at 0x7fffffffb410
 source language c.
 Arglist at 0x7fffffffb3d0, args: 
 Locals at 0x7fffffffb3d0, Previous frame's sp is 0x7fffffffb3e0
 Saved registers:
  rbp at 0x7fffffffb3d0, rip at 0x7fffffffb3d8
(gdb) i r
rax            0x0    0
rbx            0x47982bd9    1201155033
rcx            0xdeadbeef    3735928559
rdx            0x7ffff7dd8e10    140737351880208
rsi            0x401344    4199236
rdi            0x7fffffffb3a0    140737488335776
rbp            0x7fffffffb3d0    0x7fffffffb3d0
rsp            0x7fffffffb3a0    0x7fffffffb3a0
r8             0x7ffff7ff700d    140737354100749
r9             0xc0000    786432
r10            0x0    0
r11            0x7ffff7ad6d32    140737348726066
r12            0x607f80    6324096
r13            0x7fffffffe360    140737488348000
r14            0x0    0
r15            0x0    0
rip            0x400dac    0x400dac <getbuf+12>
eflags         0x206    [ PF IF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
gs             0x0    0
(gdb) x /64x 0x7fffffffb3a0
0x7fffffffb3a0:    0xffffe260    0x00007fff    0x00607f80    0x00000000
0x7fffffffb3b0:    0xffffe360    0x00007fff    0xf7df0a55    0x00007fff
0x7fffffffb3c0:    0x00002e10    0x00000000    0xf7afe947    0x00007fff
0x7fffffffb3d0:    0xffffb400    0x00007fff    0x00400ef3    0x00000000
0x7fffffffb3e0:    0xffffb410    0x00007fff    0xdeadbeef    0x00000000
0x7fffffffb3f0:    0xf7dd70e0    0x00007fff    0x47982bd9    0x00000000
0x7fffffffb400:    0xffffe260    0x00007fff    0x00400fdd    0x00000000
0x7fffffffb410:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb420:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb430:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb440:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb450:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb460:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb470:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb480:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb490:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4

(gdb) x /64x 0x7fffffffb3a0
0x7fffffffb3a0:    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa
0x7fffffffb3b0:    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa
0x7fffffffb3c0:    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa    0xaaaaaaaa
0x7fffffffb3d0:    0xaaaaaaaa    0xaaaaaaaa    0xc0010400    0x00000000
0x7fffffffb3e0:    0xffffb410    0x00007fff    0xdeadbeef    0x00000000
0x7fffffffb3f0:    0xf7dd70e0    0x00007fff    0x47982bd9    0x00000000
0x7fffffffb400:    0xffffe260    0x00007fff    0x00400fdd    0x00000000
0x7fffffffb410:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb420:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb430:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb440:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb450:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb460:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb470:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb480:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb490:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4

 1 (gdb) c
 2 Continuing.
 3 Type string: Misfire: You called fizz(0xdeadbe00)
 4 [Inferior 1 (process 27846) exited normally]
 5 
 6 (gdb) x /24x 0x7fffffffb3d0 
 7 0x7fffffffb3d0:    0xaaaaaaaa    0xaaaaaaaa    0x00401070    0x00000000
 8 0x7fffffffb3e0:    0xaaaaaaaa    0xaaaaaaaa    0xdeadbe00    0x00000000
 9 0x7fffffffb3f0:    0xf7dd70e0    0x00007fff    0x47982bd9    0x00000000
10 0x7fffffffb400:    0xffffe260    0x00007fff    0x00400fdd    0x00000000
11 0x7fffffffb410:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
12 0x7fffffffb420:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4

(gdb) c
Continuing.
Type string: Misfire: global_value = 0x0
[Inferior 1 (process 28731) exited normally]
(gdb) i f
Stack level 0, frame at 0x7fffffffb3e0:
 rip = 0x400dac in getbuf (bufbomb.c:136); saved rip 0x400ef3
 called by frame at 0x7fffffffb410
 source language c.
 Arglist at 0x7fffffffb3d0, args: 
 Locals at 0x7fffffffb3d0, Previous frame's sp is 0x7fffffffb3e0
 Saved registers:
  rbp at 0x7fffffffb3d0, rip at 0x7fffffffb3d8
(gdb) x /64x 0x7fffffffb3d0
0x7fffffffb3d0:    0xffffb400    0x00007fff    0x00400ef3    0x00000000
0x7fffffffb3e0:    0xffffb410    0x00007fff    0xdeadbeef    0x00000000
0x7fffffffb3f0:    0xf7dd70e0    0x00007fff    0x47982bd9    0x00000000
0x7fffffffb400:    0xffffe260    0x00007fff    0x00400fdd    0x00000000
0x7fffffffb410:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb420:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb430:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb440:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb450:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb460:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb470:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb480:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb490:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb4a0:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb4b0:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4
0x7fffffffb4c0:    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4    0xf4f4f4f4

相关阅读:
一本名副其实的 Web架构“圣经”——关于《HTTP权威指南》
图灵生日会——纪念阿兰图灵诞辰100周年及图灵公司七周年线下交流会
 跟着图灵听课去！（六月）
“电梯演讲”最精炼、贴切的语言
 送你一把开启演讲之路的钥匙——《演讲的艺术》
翻译是一份严谨的工作——关于HTTP中文翻译的讨论
 浪潮之巅作者吴军推荐序——《推荐系统实践》
如何到达永生？揭示科学之美
 软件行业大牛告诉你何谓成功？
C#线程系列讲座(3)：线程池和文件下载服务器
原文地址：https://www.cnblogs.com/been/p/3901614.html