Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new pd fun #512

Closed
zonkzonk opened this issue Jan 5, 2014 · 5 comments
Closed

new pd fun #512

zonkzonk opened this issue Jan 5, 2014 · 5 comments

Comments

@zonkzonk
Copy link
Contributor

zonkzonk commented Jan 5, 2014

morrn,

the never ending /bin/ls debug session :)

$ r2 /bin/ls
[0x0040488f]> af
[0x0040488f]> pd `~`
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dc1\E[0m': command not found
sh: 0x00404dc5: No such file or directory
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[34m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dcd\E[0m': command not found
sh: -c: line 0: unexpected EOF while looking for matching ``'
sh: -c: line 1: syntax error: unexpected end of file
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[34m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dd5\E[0m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
Slurping file '0x00404ddc    75e9         jnz 0x404dc7 |      ||   0x00404dde    6690         nop |   .---`-> 0x00404de0    f3c3         repe ret |   |  |    0x00404de2    660f1f440000 o16 nop [rax+rax] |   |  `--> 0x00404de8    803e30       cmp byte [rsi], 0x30 |   `=====< 0x00404deb    74f3         jz 0x404de0 |           '
cannot open file
parse: Missing backtick in expression.
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `             fcn.00410b40(unk, unk, unk, unk)'
sh: $'\E[0m\E[32m0x00404e27\E[0m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[32m0x00404e2a\E[0m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3ef5088 in _int_free () from /usr/lib/libc.so.6

(gdb) bt
#0  0x00007ffff3ef5088 in _int_free () from /usr/lib/libc.so.6
#1  0x00007ffff5f576be in r_cmd_macro_add (mac=0x68e878, 
[..]

(gdb) x/i $pc
=> 0x7ffff3ef5088 <_int_free+1160>:     cmp    0x18(%rax),%r13

"
[23673.497863] traps: r2[10686] general protection ip:7f554235a088 sp:7fff779249d0 error:0 in libc-2.18.so[7f55422e1000+1a0000]
"

Greetings
z.
@zonkzonk
Copy link
Contributor Author

zonkzonk commented Jan 7, 2014

hm, this does not dump core with /bin/rm, but also with /bin/cp

@radare
Copy link
Collaborator

radare commented Jan 8, 2014

Can you show full Backtrace? Valgrind log and specific command that produces the crash?

Looks like you are executing the output of 'pd'. But the crash is produced by passing invalid input to the '(' command, but from this log i cant see which argument is passing.

In gdb, type up, up, up until you reach the cmd0 line and print input variable.

--pancake

On 05 Jan 2014, at 18:37, zonkzonk [email protected] wrote:

morrn,

the never ending /bin/ls debug session :)

$ r2 /bin/ls
[0x0040488f]> af
[0x0040488f]> pd ~
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dc1\E[0m': command not found
sh: 0x00404dc5: No such file or directory
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[34m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dcd\E[0m': command not found
sh: -c: line 0: unexpected EOF while looking for matching ``'
sh: -c: line 1: syntax error: unexpected end of file
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[34m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[32m0x00404dd5\E[0m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
Slurping file '0x00404ddc 75e9 jnz 0x404dc7 | || 0x00404dde 6690 nop | .----> 0x00404de0 f3c3 repe ret | | | 0x00404de2 660f1f440000 o16 nop [rax+rax] | | --> 0x00404de8 803e30 cmp byte [rsi], 0x30 |`=====< 0x00404deb 74f3 jz 0x404de0 | '
cannot open file
parse: Missing backtick in expression.
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0:` fcn.00410b40(unk, unk, unk, unk)'
sh: $'\E[0m\E[32m0x00404e27\E[0m': command not found
r_core_cmd: That was too deep...
sh: $'\E[0m\E[32m0x00404e2a\E[0m': command not found
sh: $'\E[0m\E[36m': command not found
sh: $'\E[0m\E[36m': command not found

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3ef5088 in _int_free () from /usr/lib/libc.so.6

(gdb) bt
#0 0x00007ffff3ef5088 in _int_free () from /usr/lib/libc.so.6
#1 0x00007ffff5f576be in r_cmd_macro_add (mac=0x68e878,
[..]

(gdb) x/i $pc
=> 0x7ffff3ef5088 <_int_free+1160>: cmp 0x18(%rax),%r13

"
[23673.497863] traps: r2[10686] general protection ip:7f554235a088 sp:7fff779249d0 error:0 in libc-2.18.so[7f55422e1000+1a0000]
"

Greetings
z.


Reply to this email directly or view it on GitHub.

@radare
Copy link
Collaborator

radare commented Jan 8, 2014

Because the disasm you are executing is different. See previous comment

On 08 Jan 2014, at 00:42, zonkzonk [email protected] wrote:

hm, this does not dump core with /bin/rm, but also with /bin/cp


Reply to this email directly or view it on GitHub.

@zonkzonk
Copy link
Contributor Author

zonkzonk commented Jan 8, 2014

gdb: http://sprunge.us/NAQE

@radare
Copy link
Collaborator

radare commented Jan 9, 2014

That should be fixed now :)

@radare radare closed this as completed Jan 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@radare @zonkzonk