257 lines
4.8 KiB
Plaintext
257 lines
4.8 KiB
Plaintext
r
|
|
c
|
|
c
|
|
r
|
|
1
|
|
c
|
|
c
|
|
print main_arena
|
|
x __malloc_hook
|
|
x &__malloc_hook
|
|
x 0x7ffff7dd0bc0
|
|
x &main_arena
|
|
q
|
|
print &main_arena
|
|
print main_arena
|
|
db main_arena
|
|
db &main_arena 100
|
|
print main_arena
|
|
print &main_arena
|
|
db &main_arena
|
|
db &main_arena + 1
|
|
db &main_arena+1
|
|
find_fake_fast main_arena.fastbinsY
|
|
find_fake_fast &main_arena.fastbinsY
|
|
x &main_arena.fastbinsY
|
|
db main_arena
|
|
db &main_arena
|
|
db &main_arena+1
|
|
db &main_arena+0
|
|
dq &main_arena+0
|
|
dq &main_arena+1
|
|
x/x 00007fc130a1cb60
|
|
x/x 0x00007fc130a1cb60
|
|
x/x 0x7fc130a1cb69
|
|
x main_arena
|
|
x &main_arena
|
|
x 0x0x7fc130a1cb68
|
|
x 0x7fc130a1cb68
|
|
x 0x7fc130a1cb68+1
|
|
x/10x 0x7fc130a1cb68+1
|
|
x/10x 0x7fc130a1cb68+0
|
|
x/10x 0x7fc130a1cb68+1
|
|
x/10x 0x7fc130a1cb69
|
|
db 0x7fc130a1cb69
|
|
db 0x7fc130a1cb71
|
|
db 0x7fc130a1cb70
|
|
x main_arena
|
|
print &main_arena
|
|
db &main_arena+1
|
|
dq &main_arena+1
|
|
q
|
|
x 0x7f7151e3cb70
|
|
db 0x7f7151e3cb70
|
|
db main_arena
|
|
db &main_arena
|
|
print main_arena
|
|
x main_arena
|
|
print &main_arena
|
|
db 0x7f7151e3cb69
|
|
db 0x7f7151e3cb68
|
|
db 0x7f7151e3cb67
|
|
db 0x7f7151e3cb68
|
|
db 0x7f7151e3cb69
|
|
dq 0x7f7151e3cb69
|
|
db 0x7f7151e3cb69
|
|
db 0x7f7151e3cb67
|
|
db 0x7f7151e3cb69
|
|
db 0x7f7151e3cb68
|
|
find_fake_fast main_arena
|
|
find_fake_fast &main_arena
|
|
db 0x7f7151e3cb68
|
|
db 0x7f7151e3cb69
|
|
db 0x7f7151e3cb67
|
|
db 0x7f7151e3cb68
|
|
db 0x7f7151e3cb70
|
|
db 0x7fc130a1cb69
|
|
db 0x7f7151e3cb70
|
|
db 0x7f7151e3cb69
|
|
find_fake_fast &__free_hook
|
|
find_fake_fast &__realloc_hook
|
|
find_fake_fast &__memalign_hook
|
|
find_fake_fast &__malloc_initialize_hook
|
|
find_fake_fast &__after_morecore_hook
|
|
find_fake_fast q
|
|
q
|
|
quit
|
|
q
|
|
fastbins
|
|
c
|
|
frame 4
|
|
context code
|
|
x 0x7fd533e9cb68
|
|
db 0x7fd533e9cb68
|
|
x fastbins
|
|
print main_heap
|
|
print &main_heap
|
|
print &main_arena
|
|
print main_arena
|
|
db 0x7fee89f0ee10
|
|
db 0x7fee89f0ee10 10
|
|
db 0x7fee89f0ee10 48
|
|
db 0x7fee89f0ee10-3 48
|
|
db 0x7fee89f0ee10-3 (16*4)
|
|
db 0x7fee89f0ee10
|
|
db 0x7fee89f0ee10 - 1
|
|
db 0x7fee89f0ee10-1
|
|
db 0x7fee89f0ee10-1 1
|
|
db 0x7fee89f0ee10-1 32
|
|
db 0x7fee89f0ee10-1 (48)
|
|
db 0x7fee89f0ee10-1 (48 * 3)
|
|
db 0x7fee89f0ee10-1 (48*3)
|
|
db 0x7fee89f0ee10-1
|
|
db 0x7fee89f0ee10
|
|
q
|
|
print main_arena
|
|
x 0x7fdb92f8ee10
|
|
c
|
|
find_fake_fast &malloc_hook
|
|
find_fake_fast &__malloc_hook
|
|
x __malloc_hook
|
|
x &__malloc_hook
|
|
x &__malloc_hook
|
|
x &__malloc_hook - 16
|
|
x &__malloc_hook
|
|
db &__malloc_hook-100
|
|
db &__malloc_hook-100 100
|
|
db &__malloc_hook-1
|
|
db &__malloc_hook
|
|
db &__malloc_hook-48 48
|
|
db &__malloc_hook-48 48 * 8
|
|
db &__malloc_hook-48 48*8
|
|
db &__malloc_hook-48*8 48
|
|
db &__malloc_hook-80*8 80
|
|
db &__malloc_hook-160*8 80
|
|
db &__malloc_hook-160 80
|
|
db -h
|
|
db &__malloc_hook
|
|
x __malloc_hook
|
|
x &__malloc_hook
|
|
x __malloc_hook-100
|
|
x &__malloc_hook-100
|
|
x &__malloc_hook-100 100
|
|
x &__malloc_hook-100 100
|
|
db &__malloc_hook-100 100
|
|
db &__malloc_hook-100 100*8
|
|
print (void*)&malloc_hook
|
|
print (void*)&__malloc_hook
|
|
db &__malloc_hook-100 101*8
|
|
db &__malloc_hook-100 101*8
|
|
db &__malloc_hook-100 100*8
|
|
db &__malloc_hook-100
|
|
db &__malloc_hook-(16*9)
|
|
db &__malloc_hook-(16*9) 16*9
|
|
db &__malloc_hook-(10) (10*16)
|
|
db &__malloc_hook-(10) (10*8)
|
|
db &__malloc_hook-(1) (10*8)
|
|
db &__malloc_hook-(11
|
|
db &__malloc_hook
|
|
db &__malloc_hook-1
|
|
db &__malloc_hook-8
|
|
db &__malloc_hook
|
|
db &__malloc_hook-32
|
|
db &__malloc_hook-(32/8)
|
|
db &__malloc_hook-(32/8) 1
|
|
db &__malloc_hook-(32/8) 10
|
|
db 0x7f5575614b2a 1
|
|
db 0x7f5575614b2a
|
|
db 0x7f5575614b20
|
|
db &__malloc_loc
|
|
db &__malloc_hook-(16) (16*8)
|
|
print (void*)__malloc_hook
|
|
print (void*)&__malloc_hook
|
|
db 0x7f5575614b36
|
|
0x7f5575614b2a
|
|
find_fake_fast
|
|
find_fake_fast &__malloc_hook
|
|
print (void*)&__malloc_hook
|
|
exit
|
|
quit
|
|
print main_arena
|
|
x 0x7f265fd4cb2d
|
|
x 0x7f265fd4cb2d
|
|
db 0x7f265fd4cb2d
|
|
print (void*)&__malloc_hook
|
|
find_fake_fast &__malloc_hook
|
|
db 0x7f265fd4cb2d
|
|
db 0x7f265fd4cb2d - 1
|
|
db 0x7f265fd4cb2d-1
|
|
db
|
|
c
|
|
db &__malloc_hook-(16) (16*8)
|
|
exit
|
|
quit
|
|
x rsp
|
|
print $rsp+50
|
|
print $rsp
|
|
print $*rsp
|
|
print $rsp
|
|
print (void*)$rsp
|
|
print (void*)$rsp+50
|
|
print (void*)*$rsp+50
|
|
print (void*)&$rsp+50
|
|
x 0x7ffc1644e71a
|
|
print (void*)&$rsp+50
|
|
print (void*)$rsp+50
|
|
print (void*)$rsp+0x50
|
|
x 0x7ffc1644e738
|
|
quit
|
|
q
|
|
print main_arena
|
|
find_fake_fast &__malloc_hook
|
|
q
|
|
quit
|
|
fastbins
|
|
find_fake_fast &__malloc_hook
|
|
print (void*)&__malloc_hook
|
|
q
|
|
x &__malloc_hook
|
|
db &__malloc_hook-(16) (16*8)
|
|
db &__malloc_hook-(16) (17*8)
|
|
db &__malloc_hook-(16) (18*8)
|
|
db &__malloc_hook-(16) (19*8)
|
|
db &__malloc_hook-(16) (20*8)
|
|
quit
|
|
db &__malloc_hook-(16) (20*8)
|
|
db &__malloc_hook-(16) (16*8)
|
|
db &__malloc_hook-(16) (20*8)
|
|
quit
|
|
db &__malloc_hook-(16) (20*8)
|
|
find_fake_fast &__malloc_hook
|
|
db 0x7fd4a6cf7b2d-(16) (20*8)
|
|
q
|
|
print main_arena
|
|
vis_heap_chunks
|
|
db 0x7f37a78ddb7d-(16) (20*8)
|
|
db 0x7f37a78ddb7d-(32) (20*8)
|
|
quit
|
|
db 0x7f37a78ddb7d-(32) (20*8)
|
|
db main_arena.top-(32) (20*8)
|
|
search 0x7f323f6f0fa1
|
|
search 0x7f323f6f0fa1
|
|
search --help
|
|
search --qword 0x7f323f6f0fa1
|
|
search -p 0x7f323f6f0fa1
|
|
search -p 0x0fa1
|
|
search -p 0xa10f
|
|
search -hexp 0x7f323f6f0fa1
|
|
search --hex 0x7f323f6f0fa1
|
|
search --hex 7f323f6f0fa1
|
|
search --hex -8 7f323f6f0fa1
|
|
search -8 --hex 7f323f6f0fa1
|
|
search -t qword --hex 7f323f6f0fa1
|
|
search -t qword -x 7f323f6f0fa1
|
|
search -t qword -x 0x7f323f6f0fa1
|
|
search -t qword 0x7f323f6f0fa1
|
|
quit
|