fgsahoward/med64_debugging2

## med64_debugging2
[howard@sterling bof]$ gdb -q ./med64
Reading symbols from ./med64...(no debugging symbols found)...done.
(gdb) disas main
Dump of assembler code for function main:
   0x0000000000400643 <+0>:push   %rbp
   0x0000000000400644 <+1>:mov    %rsp,%rbp
   0x0000000000400647 <+4>:sub    bashx20,%rsp
   0x000000000040064b <+8>:mov    %edi,-0x4(%rbp)
   0x000000000040064e <+11>:mov    %rsi,-0x10(%rbp)
   0x0000000000400652 <+15>:mov    %rdx,-0x18(%rbp)
   0x0000000000400656 <+19>:mov    bashx0,%eax
   0x000000000040065b <+24>:callq  0x4005d6 <vulnerable>
   0x0000000000400660 <+29>:mov    bashx0,%eax
   0x0000000000400665 <+34>:leaveq
   0x0000000000400666 <+35>:retq
End of assembler dump.
(gdb) b *main
Breakpoint 1 at 0x400643
(gdb) r /bin/sh -p
Starting program: /home/howard/repos/bof/med64 /bin/sh -p

Breakpoint 1, 0x0000000000400643 in main ()
(gdb) i R
rax            0x400643         4195907
rbx            0x0              0
rcx            0x0              0
rdx            0x7fffffffe9a8   140737488349608
rsi            0x7fffffffe988   140737488349576
rdi            0x3              3
rbp            0x400670         0x400670 <__libc_csu_init>
rsp            0x7fffffffe8a8   0x7fffffffe8a8
r8             0x4006e0         4196064
r9             0x7ffff7de9900   140737351948544
r10            0x0              0
r11            0x7ffff7b98d00   140737349520640
r12            0x4004e0         4195552
r13            0x7fffffffe980   140737488349568
r14            0x0              0
r15            0x0              0
rip            0x400643         0x400643 <main>
eflags         0x246            [ PF ZF IF ]
cs             0x33             51
ss             0x2b             43
ds             0x0              0
es             0x0              0
fs             0x0              0
gs             0x0              0
(gdb) x/xg
0x7fffffffe988: 0x00007fffffffec29
(gdb)
0x7fffffffe990: 0x00007fffffffec46
(gdb)
0x7fffffffe998: 0x00007fffffffec4e
(gdb)
0x7fffffffe9a0: 0x0000000000000000
(gdb) x/s 0x00007fffffffec46
0x7fffffffec46: "/bin/sh"
(gdb)
0x7fffffffec4e: "-p"
(gdb)
	[howard@sterling bof]$ gdb -q ./med64
	Reading symbols from ./med64...(no debugging symbols found)...done.
	(gdb) disas main
	Dump of assembler code for function main:
	0x0000000000400643 <+0>:push %rbp
	0x0000000000400644 <+1>:mov %rsp,%rbp
	0x0000000000400647 <+4>:sub bashx20,%rsp
	0x000000000040064b <+8>:mov %edi,-0x4(%rbp)
	0x000000000040064e <+11>:mov %rsi,-0x10(%rbp)
	0x0000000000400652 <+15>:mov %rdx,-0x18(%rbp)
	0x0000000000400656 <+19>:mov bashx0,%eax
	0x000000000040065b <+24>:callq 0x4005d6 <vulnerable>
	0x0000000000400660 <+29>:mov bashx0,%eax
	0x0000000000400665 <+34>:leaveq
	0x0000000000400666 <+35>:retq
	End of assembler dump.
	(gdb) b *main
	Breakpoint 1 at 0x400643
	(gdb) r /bin/sh -p
	Starting program: /home/howard/repos/bof/med64 /bin/sh -p

	Breakpoint 1, 0x0000000000400643 in main ()
	(gdb) i R
	rax 0x400643 4195907
	rbx 0x0 0
	rcx 0x0 0
	rdx 0x7fffffffe9a8 140737488349608
	rsi 0x7fffffffe988 140737488349576
	rdi 0x3 3
	rbp 0x400670 0x400670 <__libc_csu_init>
	rsp 0x7fffffffe8a8 0x7fffffffe8a8
	r8 0x4006e0 4196064
	r9 0x7ffff7de9900 140737351948544
	r10 0x0 0
	r11 0x7ffff7b98d00 140737349520640
	r12 0x4004e0 4195552
	r13 0x7fffffffe980 140737488349568
	r14 0x0 0
	r15 0x0 0
	rip 0x400643 0x400643 <main>
	eflags 0x246 [ PF ZF IF ]
	cs 0x33 51
	ss 0x2b 43
	ds 0x0 0
	es 0x0 0
	fs 0x0 0
	gs 0x0 0
	(gdb) x/xg
	0x7fffffffe988: 0x00007fffffffec29
	(gdb)
	0x7fffffffe990: 0x00007fffffffec46
	(gdb)
	0x7fffffffe998: 0x00007fffffffec4e
	(gdb)
	0x7fffffffe9a0: 0x0000000000000000
	(gdb) x/s 0x00007fffffffec46
	0x7fffffffec46: "/bin/sh"
	(gdb)
	0x7fffffffec4e: "-p"
	(gdb)