Skip to content

Instantly share code, notes, and snippets.

@Lorak-mmk

Lorak-mmk/gdbscript Secret

Created Dec 28, 2020
Embed
What would you like to do?
source ~/CTF/peda/peda.py
break *(compute+24)
break *(compute+2132)
break *(compute+2462)
break *(compute+502)
commands
silent
printf "Unary +\n"
printf "pos: %d, sp: %d, stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+651)
commands
silent
printf "Unary -\n"
printf "pos: %d, sp: %d, stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+806)
commands
silent
printf "MULTIPLY\n"
printf "pos: %d, sp: %d, stack_value[sp-3]: 0x%016llx (%.20e), stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+951)
commands
silent
printf "DIVIDE\n"
printf "pos: %d, sp: %d, stack_value[sp-3]: 0x%016llx (%.20e), stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+1150)
commands
silent
printf "ADD\n"
printf "pos: %d, sp: %d, stack_value[sp-3]: 0x%016llx (%.20e), stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+1349)
commands
silent
printf "SUBTRACT\n"
printf "pos: %d, sp: %d, stack_value[sp-3]: 0x%016llx (%.20e), stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 3], ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+1511)
commands
silent
printf "PARSE ')'\n"
printf "pos: %d, sp: %d, stack_value[sp-1]: 0x%016llx (%.20e)\n", *((int*)($rbp-0x1a4)), *((int*)($rbp-0x1a8)), ((unsigned long long*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1], ((double*)($rbp-0x110))[*((int*)($rbp-0x1a8)) - 1]
c
end
break *(compute+1923)
commands
silent
printf "WRITE VARIABLE %c to slot %d\n", ((char*)&expr)[*((int*)($rbp-0x1a4))], *((int*)($rbp-0x1a8))
c
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment