(gdb) disas Dump of assembler code for function getbuf: 0x0000000000400da0 <+0>: push %rbp 0x0000000000400da1 <+1>: mov %rsp,%rbp 0x0000000000400da4 <+4>: sub $0x30,%rsp 0x0000000000400da8 <+8>: lea -0x30(%rbp),%rdi => 0x0000000000400dac <+12>: callq 0x400cb0 <Gets> 0x0000000000400db1 <+17>: movabs $0xcccccccccccccccd,%rdx 0x0000000000400dbb <+27>: mov %rax,%rcx 0x0000000000400dbe <+30>: mul %rdx 0x0000000000400dc1 <+33>: shr $0x5,%rdx 0x0000000000400dc5 <+37>: lea (%rdx,%rdx,4),%rax 0x0000000000400dc9 <+41>: mov %rcx,%rdx 0x0000000000400dcc <+44>: shl $0x3,%rax 0x0000000000400dd0 <+48>: sub %rax,%rdx 0x0000000000400dd3 <+51>: mov $0x24,%eax 0x0000000000400dd8 <+56>: cmp $0x24,%rdx 0x0000000000400ddc <+60>: cmovae %rdx,%rax 0x0000000000400de0 <+64>: xor %ecx,%ecx 0x0000000000400de2 <+66>: add $0x1e,%rax 0x0000000000400de6 <+70>: and $0xfffffffffffffff0,%rax 0x0000000000400dea <+74>: sub %rax,%rsp 0x0000000000400ded <+77>: lea 0xf(%rsp),%r8 0x0000000000400df2 <+82>: and $0xfffffffffffffff0,%r8 0x0000000000400df6 <+86>: nopw %cs:0x0(%rax,%rax,1) 0x0000000000400e00 <+96>: movzbl -0x30(%rbp,%rcx,1),%edi 0x0000000000400e05 <+101>: lea (%r8,%rcx,1),%rsi 0x0000000000400e09 <+105>: add $0x1,%rcx 0x0000000000400e0d <+109>: cmp $0x24,%rcx 0x0000000000400e11 <+113>: mov %dil,(%rsi) 0x0000000000400e14 <+116>: jne 0x400e00 <getbuf+96> 0x0000000000400e16 <+118>: mov %rdx,%rax 0x0000000000400e19 <+121>: leaveq ---Type <return> to continue, or q <return> to quit--- 0x0000000000400e1a <+122>: retq End of assembler dump. (gdb) i f Stack level 0, frame at 0x7fffffffb3e0: rip = 0x400dac in getbuf (bufbomb.c:136); saved rip 0x400ef3 called by frame at 0x7fffffffb410 source language c. Arglist at 0x7fffffffb3d0, args: Locals at 0x7fffffffb3d0, Previous frame‘s sp is 0x7fffffffb3e0 Saved registers: rbp at 0x7fffffffb3d0, rip at 0x7fffffffb3d8 (gdb) i r rax 0x0 0 rbx 0x47982bd9 1201155033 rcx 0xdeadbeef 3735928559 rdx 0x7ffff7dd8e10 140737351880208 rsi 0x401344 4199236 rdi 0x7fffffffb3a0 140737488335776 rbp 0x7fffffffb3d0 0x7fffffffb3d0 rsp 0x7fffffffb3a0 0x7fffffffb3a0 r8 0x7ffff7ff700d 140737354100749 r9 0xc0000 786432 r10 0x0 0 r11 0x7ffff7ad6d32 140737348726066 r12 0x607f80 6324096 r13 0x7fffffffe360 140737488348000 r14 0x0 0 r15 0x0 0 rip 0x400dac 0x400dac <getbuf+12> eflags 0x206 [ PF IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) x /64x 0x7fffffffb3a0 0x7fffffffb3a0: 0xffffe260 0x00007fff 0x00607f80 0x00000000 0x7fffffffb3b0: 0xffffe360 0x00007fff 0xf7df0a55 0x00007fff 0x7fffffffb3c0: 0x00002e10 0x00000000 0xf7afe947 0x00007fff 0x7fffffffb3d0: 0xffffb400 0x00007fff 0x00400ef3 0x00000000 0x7fffffffb3e0: 0xffffb410 0x00007fff 0xdeadbeef 0x00000000 0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000 0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000 0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb430: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb440: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb450: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb460: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb470: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb480: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb490: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 (gdb) x /64x 0x7fffffffb3a0 0x7fffffffb3a0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0x7fffffffb3b0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0x7fffffffb3c0: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0x7fffffffb3d0: 0xaaaaaaaa 0xaaaaaaaa 0xc0010400 0x00000000 0x7fffffffb3e0: 0xffffb410 0x00007fff 0xdeadbeef 0x00000000 0x7fffffffb3f0: 0xf7dd70e0 0x00007fff 0x47982bd9 0x00000000 0x7fffffffb400: 0xffffe260 0x00007fff 0x00400fdd 0x00000000 0x7fffffffb410: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb420: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb430: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb440: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb450: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb460: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb470: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb480: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0x7fffffffb490: 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4 0xf4f4f4f4
原文:http://www.cnblogs.com/been/p/3901614.html