From 9e8ef584e36f10214d24cb26f77a15f009afa85c Mon Sep 17 00:00:00 2001 From: midipix Date: Tue, 2 Jun 2015 16:09:42 -0400 Subject: bug chasing: shared objects and data symbols --- dataimp/a.c | 7 +++ dataimp/a.o | Bin 0 -> 940 bytes dataimp/a.o.dis | 23 ++++++++++ dataimp/a.out | Bin 0 -> 8754 bytes dataimp/a.out.dis | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ dataimp/a.s | 31 +++++++++++++ 6 files changed, 194 insertions(+) create mode 100644 dataimp/a.c create mode 100644 dataimp/a.o create mode 100644 dataimp/a.o.dis create mode 100755 dataimp/a.out create mode 100644 dataimp/a.out.dis create mode 100644 dataimp/a.s diff --git a/dataimp/a.c b/dataimp/a.c new file mode 100644 index 0000000..7e59bf3 --- /dev/null +++ b/dataimp/a.c @@ -0,0 +1,7 @@ +#include + +int main(int argc, char ** argv) +{ + fflush(stdout); + return argc; +} diff --git a/dataimp/a.o b/dataimp/a.o new file mode 100644 index 0000000..da64796 Binary files /dev/null and b/dataimp/a.o differ diff --git a/dataimp/a.o.dis b/dataimp/a.o.dis new file mode 100644 index 0000000..e0ebdcf --- /dev/null +++ b/dataimp/a.o.dis @@ -0,0 +1,23 @@ + +a.o: Dateiformat pe-x86-64 + + +Disassembly of section .text.startup: + +0000000000000000
: + 0: 53 push %rbx + 1: 48 83 ec 20 sub $0x20,%rsp + 5: 89 cb mov %ecx,%ebx + 7: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # e + a: R_X86_64_PC32 stdout + e: e8 00 00 00 00 callq 13 + f: R_X86_64_PC32 fflush + 13: 89 d8 mov %ebx,%eax + 15: 48 83 c4 20 add $0x20,%rsp + 19: 5b pop %rbx + 1a: c3 retq + 1b: 90 nop + 1c: 90 nop + 1d: 90 nop + 1e: 90 nop + 1f: 90 nop diff --git a/dataimp/a.out b/dataimp/a.out new file mode 100755 index 0000000..0f78a87 Binary files /dev/null and b/dataimp/a.out differ diff --git a/dataimp/a.out.dis b/dataimp/a.out.dis new file mode 100644 index 0000000..e13a5f4 --- /dev/null +++ b/dataimp/a.out.dis @@ -0,0 +1,133 @@ + +a.out: Dateiformat pei-x86-64 + + +Disassembly of section .text: + +0000000001921000 <.init>: + 1921000: 48 31 c0 xor %rax,%rax + 1921003: 50 push %rax + 1921004: 51 push %rcx + 1921005: 52 push %rdx + 1921006: 90 nop + 1921007: 90 nop + +0000000001921008 <.init>: + 1921008: 5a pop %rdx + 1921009: 59 pop %rcx + 192100a: 41 5a pop %r10 + 192100c: 4c 09 d0 or %r10,%rax + 192100f: c3 retq + +0000000001921010 <_start>: + 1921010: 44 8b 05 e9 1f 00 00 mov 0x1fe9(%rip),%r8d # 1923000 <.weak.__crtopt_posix._start> + 1921017: 44 0b 05 e2 1f 00 00 or 0x1fe2(%rip),%r8d # 1923000 <.weak.__crtopt_posix._start> + 192101e: 48 8d 0d 4b 00 00 00 lea 0x4b(%rip),%rcx # 1921070
+ 1921025: 48 8b 15 60 70 00 00 mov 0x7060(%rip),%rdx # 192808c <__imp___psx_init> + 192102c: 48 8b 05 39 70 00 00 mov 0x7039(%rip),%rax # 192806c <__IAT_start__> + 1921033: 48 ff e0 rex.W jmpq *%rax + 1921036: 90 nop + 1921037: 90 nop + 1921038: 90 nop + 1921039: 90 nop + 192103a: 90 nop + 192103b: 90 nop + 192103c: 90 nop + 192103d: 90 nop + 192103e: 90 nop + 192103f: 90 nop + +0000000001921040 <_pei386_runtime_relocator>: + 1921040: c3 retq + +0000000001921041 <_init>: + 1921041: e9 ba ff ff ff jmpq 1921000 <.init> + +0000000001921046 <_fini>: + 1921046: e9 65 00 00 00 jmpq 19210b0 <.fini> + 192104b: 90 nop + 192104c: 90 nop + 192104d: 90 nop + 192104e: 90 nop + 192104f: 90 nop + +0000000001921050 <__libc_entry_routine>: + 1921050: ff 25 16 70 00 00 jmpq *0x7016(%rip) # 192806c <__IAT_start__> + 1921056: 90 nop + 1921057: 90 nop + +0000000001921058 : + 1921058: ff 25 16 70 00 00 jmpq *0x7016(%rip) # 1928074 <__imp_fflush> + 192105e: 90 nop + 192105f: 90 nop + +0000000001921060 <__psx_init>: + 1921060: ff 25 26 70 00 00 jmpq *0x7026(%rip) # 192808c <__imp___psx_init> + 1921066: 90 nop + 1921067: 90 nop + 1921068: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) + 192106f: 00 + +0000000001921070
: + 1921070: 53 push %rbx + 1921071: 48 83 ec 20 sub $0x20,%rsp + 1921075: 89 cb mov %ecx,%ebx + 1921077: 48 8b 0d fe 6f 00 00 mov 0x6ffe(%rip),%rcx # 192807c <__imp_stdout> + +000000000192107a <__fu0_stdout>: + 192107a: fe (bad) + 192107b: 6f outsl %ds:(%rsi),(%dx) + 192107c: 00 00 add %al,(%rax) + 192107e: e8 d5 ff ff ff callq 1921058 + 1921083: 89 d8 mov %ebx,%eax + 1921085: 48 83 c4 20 add $0x20,%rsp + 1921089: 5b pop %rbx + 192108a: c3 retq + 192108b: 90 nop + 192108c: 90 nop + 192108d: 90 nop + 192108e: 90 nop + 192108f: 90 nop + +0000000001921090 <__CTOR_LIST__>: + 1921090: ff (bad) + 1921091: ff (bad) + 1921092: ff (bad) + 1921093: ff (bad) + 1921094: ff (bad) + 1921095: ff (bad) + 1921096: ff (bad) + 1921097: ff 00 incl (%rax) + 1921099: 00 00 add %al,(%rax) + 192109b: 00 00 add %al,(%rax) + 192109d: 00 00 add %al,(%rax) + ... + +00000000019210a0 <__DTOR_LIST__>: + 19210a0: ff (bad) + 19210a1: ff (bad) + 19210a2: ff (bad) + 19210a3: ff (bad) + 19210a4: ff (bad) + 19210a5: ff (bad) + 19210a6: ff (bad) + 19210a7: ff 00 incl (%rax) + 19210a9: 00 00 add %al,(%rax) + 19210ab: 00 00 add %al,(%rax) + 19210ad: 00 00 add %al,(%rax) + ... + +00000000019210b0 <.fini>: + 19210b0: 48 31 c0 xor %rax,%rax + 19210b3: 50 push %rax + 19210b4: 51 push %rcx + 19210b5: 52 push %rdx + 19210b6: 90 nop + 19210b7: 90 nop + +00000000019210b8 <.fini>: + 19210b8: 5a pop %rdx + 19210b9: 59 pop %rcx + 19210ba: 41 5a pop %r10 + 19210bc: 4c 09 d0 or %r10,%rax + 19210bf: c3 retq diff --git a/dataimp/a.s b/dataimp/a.s new file mode 100644 index 0000000..b83280b --- /dev/null +++ b/dataimp/a.s @@ -0,0 +1,31 @@ + .file "a.c" + .section .text.startup,"x" + .p2align 4,,15 + .globl main + .def main; .scl 2; .type 32; .endef + .seh_proc main +main: +.LFB0: + .cfi_startproc + .seh_pushreg %rbx + pushq %rbx + .cfi_def_cfa_offset 16 + .cfi_offset 3, -16 + .seh_stackalloc 32 + subq $32, %rsp + .cfi_def_cfa_offset 48 + .seh_endprologue + movl %ecx, %ebx + movq stdout(%rip), %rcx + call fflush + movl %ebx, %eax + addq $32, %rsp + .cfi_def_cfa_offset 16 + popq %rbx + .cfi_def_cfa_offset 8 + .cfi_restore 3 + ret + .cfi_endproc +.LFE0: + .seh_endproc + .def fflush; .scl 2; .type 32; .endef -- cgit v1.2.3