|
http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=287 [º¹»ç]
Á¦°¡ ¾î¼ÀÀ» ³Ê¹« ¸ð¸£±â¿¡ ¾ÆÁÖ ÇãÁ¢ÇÑ ¹æ¹ýÀ¸·Î °øºÎ¸¦ ÇÏ°í Àִµ¥
Àú°°Àº ºÐÀÌ °è½Ã´Ù¸é Âü°íÇϽöó°í ³²°Ü¿ä -_-;;
(±×³É¹ö¸®±â ¾Æ±î¿ö¼ ¿Ã¸°°Å¶ó´Â ÆÜ!...)
¸ÇÀ§¿¡²¨´Â esp¿Í ebpÀÇ º¯È¸¦ ÀûÀº°Å°í¿ä
Áß°£¿¡²¨´Â main disassm ÇÑ°Å ÀûÀº°Å°í¿ä.
¾Æ·¡²¨´Â info reg·Î reg¿¡ µé¾îÀִ°ª ÀûÀº°Å¿¡¿ä.
¹®¼ÆÄÀÏ ¼¼°³¿©¼Å¼ ÇÑÁÙ ÇÑÁÙ ºñ±³ÇÏ¸é¼ º¸½Ã¸é
´ëÃæ °¨ÀÌ ¿À½Ç²¨¿¡¿ä... (Àú¸¸±×·±Áöµµ-_-;;)
esp 0xbffffafc 0xbffffafc
ebp 0xbffffb18 0xbffffb18
esp 0xbffffaf8 0xbffffaf8
ebp 0xbffffb18 0xbffffb18
esp 0xbffffaf8 0xbffffaf8
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esp 0xbffffafc 0xbffffafc
ebp 0xbffffb18 0xbffffb18
esp 0xbffffb00 0xbffffb00
ebp 0xbffffb18 0xbffffb18
0x08048470 <main+0>: push %ebp
0x08048471 <main+1>: mov %esp,%ebp
0x08048473 <main+3>: sub $0x108,%esp
0x08048479 <main+9>: sub $0x8,%esp
0x0804847c <main+12>: push $0xc14
0x08048481 <main+17>: push $0xc14
0x08048486 <main+22>: call 0x804834c <setreuid>
0x0804848b <main+27>: add $0x10,%esp
0x0804848e <main+30>: sub $0x8,%esp
0x08048491 <main+33>: mov 0xc(%ebp),%eax
0x08048494 <main+36>: add $0x4,%eax
0x08048497 <main+39>: pushl (%eax)
0x08048499 <main+41>: lea 0xfffffef8(%ebp),%eax
0x0804849f <main+47>: push %eax
0x080484a0 <main+48>: call 0x804835c <strcpy>
0x080484a5 <main+53>: add $0x10,%esp
0x080484a8 <main+56>: sub $0xc,%esp
0x080484ab <main+59>: lea 0xfffffef8(%ebp),%eax
0x080484b1 <main+65>: push %eax
0x080484b2 <main+66>: call 0x804833c <printf>
0x080484b7 <main+71>: add $0x10,%esp
0x080484ba <main+74>: leave
---Type <return> to continue, or q <return> to quit---
0x080484bb <main+75>: ret
0x080484bc <main+76>: nop
0x080484bd <main+77>: nop
0x080484be <main+78>: nop
0x080484bf <main+79>: nop
End of assembler dump.
Breakpoint 1, 0x08048470 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffffafc 0xbffffafc
ebp 0xbffffb18 0xbffffb18
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048470 0x8048470
eflags 0x246 582
Breakpoint 2, 0x08048471 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffffaf8 0xbffffaf8
ebp 0xbffffb18 0xbffffb18
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048471 0x8048471
eflags 0x346 838
Breakpoint 3, 0x08048473 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffffaf8 0xbffffaf8
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048473 0x8048473
eflags 0x346 838
Breakpoint 4, 0x08048479 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048479 0x8048479
eflags 0x386 902
Breakpoint 5, 0x0804847c in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x804847c 0x804847c
eflags 0x396 918
Breakpoint 6, 0x08048481 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048481 0x8048481
eflags 0x396 918
Breakpoint 7, 0x08048486 in main ()
(gdb) info reg
eax 0x2 2
ecx 0x40156a0c 1075145228
edx 0x8049538 134518072
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048486 0x8048486
eflags 0x396 918
Breakpoint 8, 0x0804848b in main ()
(gdb) info reg
eax 0xffffffff -1
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x804848b 0x804848b
eflags 0x397 919
Breakpoint 9, 0x0804848e in main ()
(gdb) info reg
eax 0xffffffff -1
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x804848e 0x804848e
eflags 0x386 902
Breakpoint 10, 0x08048491 in main ()
(gdb) info reg
eax 0xffffffff -1
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048491 0x8048491
eflags 0x396 918
Breakpoint 11, 0x08048494 in main ()
(gdb) info reg
eax 0xbffffb44 -1073743036
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048494 0x8048494
eflags 0x396 918
Breakpoint 12, 0x08048497 in main ()
(gdb) info reg
eax 0xbffffb48 -1073743032
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e8 0xbffff9e8
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048497 0x8048497
eflags 0x386 902
Breakpoint 13, 0x08048499 in main ()
(gdb) info reg
eax 0xbffffb48 -1073743032
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x8048499 0x8048499
eflags 0x386 902
break 14,
info reg
eax 0xbffff9f0 -1073743376
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x804849f 0x804849f
eflags 0x386 902
Breakpoint 15, 0x080484a0 in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0x40159580 1075156352
edx 0x40159580 1075156352
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484a0 0x80484a0
eflags 0x386 902
Breakpoint 16, 0x080484a5 in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0xfffffda9 -599
edx 0xbffffc4b -1073742773
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484a5 0x80484a5
eflags 0x346 838
Breakpoint 17, 0x080484a8 in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0xfffffda9 -599
edx 0xbffffc4b -1073742773
ebx 0x401591c0 1075155392
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484a8 0x80484a8
eflags 0x386 902
Breakpoint 18, 0x080484ab in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0xfffffda9 -599
edx 0xbffffc4b -1073742773
ebx 0x401591c0 1075155392
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484ab 0x80484ab
eflags 0x396 918
Breakpoint 19, 0x080484b1 in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0xfffffda9 -599
edx 0xbffffc4b -1073742773
ebx 0x401591c0 1075155392
esp 0xbffff9e4 0xbffff9e4
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484b1 0x80484b1
eflags 0x396 918
Breakpoint 20, 0x080484b2 in main ()
(gdb) info reg
eax 0xbffff9f0 -1073743376
ecx 0xfffffda9 -599
edx 0xbffffc4b -1073742773
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484b2 0x80484b2
eflags 0x396 918
Breakpoint 21, 0x080484b7 in main ()
(gdb) info reg
eax 0x4 4
ecx 0x401575c0 1075148224
edx 0x4 4
ebx 0x401591c0 1075155392
esp 0xbffff9e0 0xbffff9e0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484b7 0x80484b7
eflags 0x346 838
Breakpoint 22, 0x080484ba in main ()
(gdb) info reg
eax 0x4 4
ecx 0x401575c0 1075148224
edx 0x4 4
ebx 0x401591c0 1075155392
esp 0xbffff9f0 0xbffff9f0
ebp 0xbffffaf8 0xbffffaf8
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484ba 0x80484ba
eflags 0x386 902
Breakpoint 23, 0x080484bb in main ()
(gdb) info reg
eax 0x4 4
ecx 0x401575c0 1075148224
edx 0x4 4
ebx 0x401591c0 1075155392
esp 0xbffffafc 0xbffffafc
ebp 0xbffffb18 0xbffffb18
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x80484bb 0x80484bb
eflags 0x386 902
0x40038917 in __libc_start_main () from /lib/libc.so.6
(gdb) info reg
eax 0x4 4
ecx 0x401575c0 1075148224
edx 0x4 4
ebx 0x401591c0 1075155392
esp 0xbffffb00 0xbffffb00
ebp 0xbffffb18 0xbffffb18
esi 0x40015360 1073828704
edi 0xbffffb44 -1073743036
eip 0x40038917 0x40038917
eflags 0x386 902 |
Hit : 11744 Date : 2005/08/08 02:30
|
1603, 
78/81 
