ebeip90/stack.md

## stack.md

      
    Raw
  

              stack.md
            
          
    gdb-peda$ telescope $sp 20
00:0000| esp 0xffffdef0 --> 0x4                                 argc
01:0004|     0xffffdef4 --> 0xffffdfd3 ("arg0")                 argv[]
02:0008|     0xffffdef8 --> 0xffffdfd8 ("arg1")
03:0012|     0xffffdefc --> 0xffffdfdd ("arg2")
04:0016|     0xffffdf00 --> 0xffffdfe2 ("arg3")
05:0020|     0xffffdf04 --> 0x0                                 end of argv[]
06:0024|     0xffffdf08 --> 0xffffdfe7 ("env0")                 envp[]
07:0028|     0xffffdf0c --> 0xffffdfec ("env1")
08:0032|     0xffffdf10 --> 0x0                                 end of envp[]

#define AT_SYSINFO		32
#define AT_SYSINFO_EHDR		33

#define ARCH_DLINFO						\
do {								\
	if ( vsyscall_ehdr ) {					\
		NEW_AUX_ENT(AT_SYSINFO,	__kernel_vsyscall);	\
		NEW_AUX_ENT(AT_SYSINFO_EHDR, vsyscall_ehdr);	\
	}							\
} while (0)
09:0036|     0xffffdf14 --> 0x20 (b' ')
10:0040|     0xffffdf18 --> 0xf7ffd420 (push   ecx)
11:0044|     0xffffdf1c --> 0x21 (b'!')
12:0048|     0xffffdf20 --> 0xf7ffd000 (jg     0xf7ffd047)

These two don't make sense:
13:0052|     0xffffdf24 --> 0x10 
14:0056|     0xffffdf28 --> 0x1fabfbff 

The rest are accounted for
#ifdef ARCH_DLINFO
	/* 
	 * ARCH_DLINFO must come first so PPC can do its special alignment of
	 * AUXV.
	 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
	 * ARCH_DLINFO changes
	 */
	ARCH_DLINFO;
#endif
	NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
	NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
	NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
	NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
	NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
	NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
	NEW_AUX_ENT(AT_BASE, interp_load_addr);
	NEW_AUX_ENT(AT_FLAGS, 0);
	NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
	NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
15:0060|     0xffffdf2c --> 0x6 
16:0064|     0xffffdf30 --> 0x1000 
17:0068|     0xffffdf34 --> 0x11 
18:0072|     0xffffdf38 --> 0x64 (b'd')
19:0076|     0xffffdf3c --> 0x3 
20:0080|     0xffffdf40 --> 0x8048034 (add    DWORD PTR [eax],eax)
21:0084|     0xffffdf44 --> 0x4 
22:0088|     0xffffdf48 --> 0x20 (b' ')
23:0092|     0xffffdf4c --> 0x5 
24:0096|     0xffffdf50 --> 0x2 
25:0100|     0xffffdf54 --> 0x7 
26:0104|     0xffffdf58 --> 0x0 
27:0108|     0xffffdf5c --> 0x8 
28:0112|     0xffffdf60 --> 0x0 
29:0116|     0xffffdf64 --> 0x9 (b'\t')
30:0120|     0xffffdf68 --> 0x8048074 (pop    eax) <--- entry point
...