Created
October 26, 2017 18:23
-
-
Save anonymous/1fd33ba28363b4f4f6c1499ca2cc8017 to your computer and use it in GitHub Desktop.
Fork Analysis #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@localhost:~/os/fork analysis# cat fork_analysis | |
| root@localhost:~/os# gdb fork1 | |
| GNU gdb (Debian 7.11.1-2) 7.11.1 | |
| Copyright (C) 2016 Free Software Foundation, Inc. | |
| License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | |
| This is free software: you are free to change and redistribute it. | |
| There is NO WARRANTY, to the extent permitted by law. Type "show copying" | |
| and "show warranty" for details. | |
| This GDB was configured as "x86_64-linux-gnu". | |
| Type "show configuration" for configuration details. | |
| For bug reporting instructions, please see: | |
| <http://www.gnu.org/software/gdb/bugs/>. | |
| Find the GDB manual and other documentation resources online at: | |
| <http://www.gnu.org/software/gdb/documentation/>. | |
| For help, type "help". | |
| Type "apropos word" to search for commands related to "word"... | |
| Reading symbols from fork1...(no debugging symbols found)...done. | |
| gdb-peda$ disas main | |
| Dump of assembler code for function main: | |
| 0x000000000000068a <+0>: push rbp | |
| 0x000000000000068b <+1>: mov rbp,rsp | |
| 0x000000000000068e <+4>: call 0x560 <fork@plt> | |
| 0x0000000000000693 <+9>: lea rdi,[rip+0xaa] # 0x744 | |
| 0x000000000000069a <+16>: call 0x550 <puts@plt> | |
| 0x000000000000069f <+21>: call 0x560 <fork@plt> | |
| 0x00000000000006a4 <+26>: lea rdi,[rip+0x9f] # 0x74a | |
| 0x00000000000006ab <+33>: call 0x550 <puts@plt> | |
| 0x00000000000006b0 <+38>: mov eax,0x0 | |
| 0x00000000000006b5 <+43>: pop rbp | |
| 0x00000000000006b6 <+44>: ret | |
| End of assembler dump. | |
| gdb-peda$ break * main+4 | |
| Breakpoint 1 at 0x68e | |
| gdb-peda$ break * main+16 | |
| Breakpoint 2 at 0x69a | |
| gdb-peda$ break * main+21 | |
| Breakpoint 3 at 0x69f | |
| gdb-peda$ break * main+33 | |
| Breakpoint 4 at 0x6ab | |
| gdb-peda$ r | |
| Starting program: /root/os/fork1 | |
| [----------------------------------registers-----------------------------------] | |
| RAX: 0x55555555468a (<main>: push rbp) | |
| RBX: 0x0 | |
| RCX: 0x0 | |
| RDX: 0x7fffffffe308 --> 0x7fffffffe5e6 ("LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc"...) | |
| RSI: 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| RDI: 0x1 | |
| RBP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RSP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RIP: 0x55555555468e (<main+4>: call 0x555555554560 <fork@plt>) | |
| R8 : 0x555555554730 (<__libc_csu_fini>: repz ret) | |
| R9 : 0x7ffff7de8ca0 (<_dl_fini>: push rbp) | |
| R10: 0x4 | |
| R11: 0x1 | |
| R12: 0x555555554580 (<_start>: xor ebp,ebp) | |
| R13: 0x7fffffffe2f0 --> 0x1 | |
| R14: 0x0 | |
| R15: 0x0 | |
| EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) | |
| [-------------------------------------code-------------------------------------] | |
| 0x555555554685 <frame_dummy+5>: jmp 0x5555555545f0 <register_tm_clones> | |
| 0x55555555468a <main>: push rbp | |
| 0x55555555468b <main+1>: mov rbp,rsp | |
| => 0x55555555468e <main+4>: call 0x555555554560 <fork@plt> | |
| 0x555555554693 <main+9>: lea rdi,[rip+0xaa] # 0x555555554744 | |
| 0x55555555469a <main+16>: call 0x555555554550 <puts@plt> | |
| 0x55555555469f <main+21>: call 0x555555554560 <fork@plt> | |
| 0x5555555546a4 <main+26>: lea rdi,[rip+0x9f] # 0x55555555474a | |
| No argument | |
| [------------------------------------stack-------------------------------------] | |
| 0000| 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| 0008| 0x7fffffffe218 --> 0x7ffff7a5c2e1 (<__libc_start_main+241>: mov edi,eax) | |
| 0016| 0x7fffffffe220 --> 0x40000 | |
| 0024| 0x7fffffffe228 --> 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| 0032| 0x7fffffffe230 --> 0x1f7b9d2a8 | |
| 0040| 0x7fffffffe238 --> 0x55555555468a (<main>: push rbp) | |
| 0048| 0x7fffffffe240 --> 0x0 | |
| 0056| 0x7fffffffe248 --> 0x81eabd7adf9dc289 | |
| [------------------------------------------------------------------------------] | |
| Legend: code, data, rodata, value | |
| Breakpoint 1, 0x000055555555468e in main () | |
| gdb-peda$ r | |
| Starting program: /root/os/fork1 | |
| [----------------------------------registers-----------------------------------] | |
| RAX: 0x55555555468a (<main>: push rbp) | |
| RBX: 0x0 | |
| RCX: 0x0 | |
| RDX: 0x7fffffffe308 --> 0x7fffffffe5e6 ("LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc"...) | |
| RSI: 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| RDI: 0x1 | |
| RBP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RSP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RIP: 0x55555555468e (<main+4>: call 0x555555554560 <fork@plt>) | |
| R8 : 0x555555554730 (<__libc_csu_fini>: repz ret) | |
| R9 : 0x7ffff7de8ca0 (<_dl_fini>: push rbp) | |
| R10: 0x4 | |
| R11: 0x1 | |
| R12: 0x555555554580 (<_start>: xor ebp,ebp) | |
| R13: 0x7fffffffe2f0 --> 0x1 | |
| R14: 0x0 | |
| R15: 0x0 | |
| EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) | |
| [-------------------------------------code-------------------------------------] | |
| 0x555555554685 <frame_dummy+5>: jmp 0x5555555545f0 <register_tm_clones> | |
| 0x55555555468a <main>: push rbp | |
| 0x55555555468b <main+1>: mov rbp,rsp | |
| => 0x55555555468e <main+4>: call 0x555555554560 <fork@plt> | |
| 0x555555554693 <main+9>: lea rdi,[rip+0xaa] # 0x555555554744 | |
| 0x55555555469a <main+16>: call 0x555555554550 <puts@plt> | |
| 0x55555555469f <main+21>: call 0x555555554560 <fork@plt> | |
| 0x5555555546a4 <main+26>: lea rdi,[rip+0x9f] # 0x55555555474a | |
| No argument | |
| [------------------------------------stack-------------------------------------] | |
| 0000| 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| 0008| 0x7fffffffe218 --> 0x7ffff7a5c2e1 (<__libc_start_main+241>: mov edi,eax) | |
| 0016| 0x7fffffffe220 --> 0x40000 | |
| 0024| 0x7fffffffe228 --> 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| 0032| 0x7fffffffe230 --> 0x1f7b9d2a8 | |
| 0040| 0x7fffffffe238 --> 0x55555555468a (<main>: push rbp) | |
| 0048| 0x7fffffffe240 --> 0x0 | |
| 0056| 0x7fffffffe248 --> 0x46a29da4f9ef8dcb | |
| [------------------------------------------------------------------------------] | |
| Legend: code, data, rodata, value | |
| Breakpoint 1, 0x000055555555468e in main () | |
| gdb-peda$ c | |
| Continuing. | |
| [New process 2927] | |
| LINUX | |
| REDHAT | |
| REDHAT | |
| [Switching to process 2927] | |
| [----------------------------------registers-----------------------------------] | |
| RAX: 0x0 | |
| RBX: 0x0 | |
| RCX: 0x7ffff7af437b (<__libc_fork+203>: cmp rax,0xfffffffffffff000) | |
| RDX: 0x0 | |
| RSI: 0x0 | |
| RDI: 0x555555554744 --> 0x45520058554e494c ('LINUX') | |
| RBP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RSP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RIP: 0x55555555469a (<main+16>: call 0x555555554550 <puts@plt>) | |
| R8 : 0x7ffff7fcc700 (0x00007ffff7fcc700) | |
| R9 : 0x7ffff7de8ca0 (<_dl_fini>: push rbp) | |
| R10: 0x7ffff7fcc9d0 --> 0xb6f ('o\x0b') | |
| R11: 0x246 | |
| R12: 0x555555554580 (<_start>: xor ebp,ebp) | |
| R13: 0x7fffffffe2f0 --> 0x1 | |
| R14: 0x0 | |
| R15: 0x0 | |
| EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) | |
| [-------------------------------------code-------------------------------------] | |
| 0x55555555468b <main+1>: mov rbp,rsp | |
| 0x55555555468e <main+4>: call 0x555555554560 <fork@plt> | |
| 0x555555554693 <main+9>: lea rdi,[rip+0xaa] # 0x555555554744 | |
| => 0x55555555469a <main+16>: call 0x555555554550 <puts@plt> | |
| 0x55555555469f <main+21>: call 0x555555554560 <fork@plt> | |
| 0x5555555546a4 <main+26>: lea rdi,[rip+0x9f] # 0x55555555474a | |
| 0x5555555546ab <main+33>: call 0x555555554550 <puts@plt> | |
| 0x5555555546b0 <main+38>: mov eax,0x0 | |
| Guessed arguments: | |
| arg[0]: 0x555555554744 --> 0x45520058554e494c ('LINUX') | |
| [------------------------------------stack-------------------------------------] | |
| 0000| 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| 0008| 0x7fffffffe218 --> 0x7ffff7a5c2e1 (<__libc_start_main+241>: mov edi,eax) | |
| 0016| 0x7fffffffe220 --> 0x40000 | |
| 0024| 0x7fffffffe228 --> 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| 0032| 0x7fffffffe230 --> 0x1f7b9d2a8 | |
| 0040| 0x7fffffffe238 --> 0x55555555468a (<main>: push rbp) | |
| 0048| 0x7fffffffe240 --> 0x0 | |
| 0056| 0x7fffffffe248 --> 0x46a29da4f9ef8dcb | |
| [------------------------------------------------------------------------------] | |
| Legend: code, data, rodata, value | |
| Thread 2.1 "fork1" hit Breakpoint 2, 0x000055555555469a in main () | |
| gdb-peda$ c | |
| Continuing. | |
| LINUX | |
| [----------------------------------registers-----------------------------------] | |
| RAX: 0x6 | |
| RBX: 0x0 | |
| RCX: 0x7ffff7b17720 (<__write_nocancel+7>: cmp rax,0xfffffffffffff001) | |
| RDX: 0x7ffff7dd5760 --> 0x0 | |
| RSI: 0x555555756010 --> 0xa58554e494c ('LINUX\n') | |
| RDI: 0x0 | |
| RBP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RSP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RIP: 0x55555555469f (<main+21>: call 0x555555554560 <fork@plt>) | |
| R8 : 0x555555756000 --> 0x0 | |
| R9 : 0x0 | |
| R10: 0x7ffff7dd3b58 --> 0x555555756410 --> 0x0 | |
| R11: 0x246 | |
| R12: 0x555555554580 (<_start>: xor ebp,ebp) | |
| R13: 0x7fffffffe2f0 --> 0x1 | |
| R14: 0x0 | |
| R15: 0x0 | |
| EFLAGS: 0x206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow) | |
| [-------------------------------------code-------------------------------------] | |
| 0x55555555468e <main+4>: call 0x555555554560 <fork@plt> | |
| 0x555555554693 <main+9>: lea rdi,[rip+0xaa] # 0x555555554744 | |
| 0x55555555469a <main+16>: call 0x555555554550 <puts@plt> | |
| => 0x55555555469f <main+21>: call 0x555555554560 <fork@plt> | |
| 0x5555555546a4 <main+26>: lea rdi,[rip+0x9f] # 0x55555555474a | |
| 0x5555555546ab <main+33>: call 0x555555554550 <puts@plt> | |
| 0x5555555546b0 <main+38>: mov eax,0x0 | |
| 0x5555555546b5 <main+43>: pop rbp | |
| No argument | |
| [------------------------------------stack-------------------------------------] | |
| 0000| 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| 0008| 0x7fffffffe218 --> 0x7ffff7a5c2e1 (<__libc_start_main+241>: mov edi,eax) | |
| 0016| 0x7fffffffe220 --> 0x40000 | |
| 0024| 0x7fffffffe228 --> 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| 0032| 0x7fffffffe230 --> 0x1f7b9d2a8 | |
| 0040| 0x7fffffffe238 --> 0x55555555468a (<main>: push rbp) | |
| 0048| 0x7fffffffe240 --> 0x0 | |
| 0056| 0x7fffffffe248 --> 0x46a29da4f9ef8dcb | |
| [------------------------------------------------------------------------------] | |
| Legend: code, data, rodata, value | |
| Thread 2.1 "fork1" hit Breakpoint 3, 0x000055555555469f in main () | |
| gdb-peda$ c | |
| Continuing. | |
| [New process 2990] | |
| REDHAT | |
| [Switching to process 2990] | |
| [----------------------------------registers-----------------------------------] | |
| RAX: 0x0 | |
| RBX: 0x0 | |
| RCX: 0x7ffff7af437b (<__libc_fork+203>: cmp rax,0xfffffffffffff000) | |
| RDX: 0x0 | |
| RSI: 0x0 | |
| RDI: 0x55555555474a --> 0x544148444552 ('REDHAT') | |
| RBP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RSP: 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| RIP: 0x5555555546ab (<main+33>: call 0x555555554550 <puts@plt>) | |
| R8 : 0x7ffff7fcc700 (0x00007ffff7fcc700) | |
| R9 : 0x0 | |
| R10: 0x7ffff7fcc9d0 --> 0xbae | |
| R11: 0x246 | |
| R12: 0x555555554580 (<_start>: xor ebp,ebp) | |
| R13: 0x7fffffffe2f0 --> 0x1 | |
| R14: 0x0 | |
| R15: 0x0 | |
| EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) | |
| [-------------------------------------code-------------------------------------] | |
| 0x55555555469a <main+16>: call 0x555555554550 <puts@plt> | |
| 0x55555555469f <main+21>: call 0x555555554560 <fork@plt> | |
| 0x5555555546a4 <main+26>: lea rdi,[rip+0x9f] # 0x55555555474a | |
| => 0x5555555546ab <main+33>: call 0x555555554550 <puts@plt> | |
| 0x5555555546b0 <main+38>: mov eax,0x0 | |
| 0x5555555546b5 <main+43>: pop rbp | |
| 0x5555555546b6 <main+44>: ret | |
| 0x5555555546b7: nop WORD PTR [rax+rax*1+0x0] | |
| Guessed arguments: | |
| arg[0]: 0x55555555474a --> 0x544148444552 ('REDHAT') | |
| [------------------------------------stack-------------------------------------] | |
| 0000| 0x7fffffffe210 --> 0x5555555546c0 (<__libc_csu_init>: push r15) | |
| 0008| 0x7fffffffe218 --> 0x7ffff7a5c2e1 (<__libc_start_main+241>: mov edi,eax) | |
| 0016| 0x7fffffffe220 --> 0x40000 | |
| 0024| 0x7fffffffe228 --> 0x7fffffffe2f8 --> 0x7fffffffe5d7 ("/root/os/fork1") | |
| 0032| 0x7fffffffe230 --> 0x1f7b9d2a8 | |
| 0040| 0x7fffffffe238 --> 0x55555555468a (<main>: push rbp) | |
| 0048| 0x7fffffffe240 --> 0x0 | |
| 0056| 0x7fffffffe248 --> 0x46a29da4f9ef8dcb | |
| [------------------------------------------------------------------------------] | |
| Legend: code, data, rodata, value | |
| Thread 3.1 "fork1" hit Breakpoint 4, 0x00005555555546ab in main () | |
| gdb-peda$ c | |
| Continuing. | |
| REDHAT | |
| [Inferior 3 (process 2990) exited normally] | |
| Warning: not running or target is remote | |
| gdb-peda$ REDHAT | |
| Undefined command: "REDHAT". Try "help". | |
| gdb-peda$ q | |
| root@localhost:~/os# ./fork1 | |
| LINUX | |
| REDHAT | |
| LINUX | |
| REDHAT | |
| REDHAT | |
| REDHAT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment