Created
June 16, 2014 22:44
-
-
Save ancat/0d4b7f8740ae6faa6cc3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set $root = 0x804c36c | |
| # first element | |
| break *0x08049030 | |
| commands | |
| silent | |
| printf "allocated first_node->name @ 0x%x\n", $eax | |
| continue | |
| end | |
| break *0x0804903D | |
| commands | |
| silent | |
| printf "allocated first_node->value @ 0x%x\n", $eax | |
| continue | |
| end | |
| # overwrite | |
| break *0x08048FFF | |
| commands | |
| silent | |
| printf "node->value being overwritten! Freeing 0x%x\n", $eax | |
| continue | |
| end | |
| break *0x0804900F | |
| commands | |
| silent | |
| printf "Value of %s overwritten with 0x%x\n", *($esi), $eax | |
| continue | |
| end | |
| # create new node | |
| break *0x08048FCC | |
| commands | |
| silent | |
| printf "Allocated new node @ 0x%x!\n", $eax | |
| continue | |
| end | |
| break *0x08048FDC | |
| commands | |
| silent | |
| printf "node->name allocated @ 0x%x\n", $eax | |
| continue | |
| end | |
| break *0x08048FE6 | |
| commands | |
| silent | |
| printf "node->value allocated @ 0x%x\n", $eax | |
| continue | |
| end | |
| # delete node | |
| break *0x08048F9D | |
| commands | |
| silent | |
| printf "Freeing up node @ 0x%x\n", $esi | |
| continue | |
| end | |
| break *0x08048F6F | |
| commands | |
| silent | |
| printf "Deleting a node and freeing two blocks!\n" | |
| continue | |
| end | |
| break *0x08048F7C | |
| commands | |
| silent | |
| printf "Freeing up node->name @ 0x%x\n", $eax | |
| continue | |
| end | |
| break *0x08048F72 | |
| commands | |
| silent | |
| printf "Freeing up node->value @ 0x%x\n", $eax | |
| continue | |
| end | |
| define ll | |
| dump_ll $root | |
| end | |
| define structs | |
| set $target = $root | |
| set $limit = 0 | |
| set $cap = 1 | |
| while $target | |
| printf "[0x%x] node.name=0x%x; node.value=0x%x; node.next=0x%x; node.prev=0x%x\n", $target, *($target), *($target+4), *($target+8), *($target+0xc) | |
| set $old_target = $target | |
| set $target = *($target+8) | |
| set $cap = $cap + 1 | |
| if $old_target == $target | |
| set $limit = $limit + 1 | |
| end | |
| if $limit > 5 | |
| printf "Infinite loop?\n" | |
| set $target = 0 | |
| end | |
| end | |
| end | |
| define dump_ll | |
| set $target = $arg0 | |
| if *($target) == 0 | |
| printf "Not initialized yet?\n" | |
| set $target = 0 | |
| end | |
| set $limit = 0 | |
| set $cap = 1 | |
| while $target | |
| printf "0x%x -> 0x%x: %s=%s\n", $target, *($target+8), *($target), *($target+4) | |
| set $old_target = $target | |
| set $target = *($target+8) | |
| set $cap = $cap + 1 | |
| if $old_target == $target | |
| set $limit = $limit + 1 | |
| end | |
| if $limit > 5 | |
| printf "Infinite loop?\n" | |
| set $target = 0 | |
| end | |
| end | |
| end | |
| disable breakpoints | |
| # after dealing with setting | |
| break *0x080494BD | |
| commands | |
| silent | |
| structs | |
| continue | |
| end | |
| python os.system('clear') | |
| run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment