Closed
Description
[0x100003a84]> o
3 - r-x 0x00025af0 /bin/ls
4 * r-- 0x00002510 null://9488
[0x100003a84]> om 3 0 0x25af0
[0x100003a84]> om
- 6 fd: 3 +0x00000000 0x00000000 - 0x00025aef r-x
* 5 fd: 3 +0x00010000 0x100000000 - 0x100007fff r-x fmap.__TEXT
- 4 fd: 3 +0x00018000 0x100008000 - 0x10000bfff r-- fmap.__DATA_CONST
- 3 fd: 3 +0x0001c000 0x10000c000 - 0x10000ffff r-- fmap.__DATA
- 2 fd: 3 +0x00020000 0x100010000 - 0x100015aef r-- fmap.__LINKEDIT
- 1 fd: 4 +0x00000000 0x100015af0 - 0x100017fff r-- mmap.__LINKEDIT
[0x100003a84]>
then we run aeim to get the stack... buuuut
[0x100003a84]> aeim
[0x100003a84]> om
- 7 fd: 5 +0x00000000 0x00100000 - 0x001effff rw- mem.0x100000_0xf0000
- 6 fd: 3 +0x00000000 0x00000000 - 0x00025aef rwx
* 5 fd: 3 +0x00010000 0x100000000 - 0x100007fff rwx fmap.__TEXT
- 4 fd: 3 +0x00018000 0x100008000 - 0x10000bfff rwx fmap.__DATA_CONST
- 3 fd: 3 +0x0001c000 0x10000c000 - 0x10000ffff rwx fmap.__DATA
- 2 fd: 3 +0x00020000 0x100010000 - 0x100015aef rwx fmap.__LINKEDIT
- 1 fd: 4 +0x00000000 0x100015af0 - 0x100017fff rwx mmap.__LINKEDIT
[0x100003a84]> s 0
[0x00000000]> om.
6 fd: 3 +0x00000000 0x00000000 - 0x00025aef rwx
[0x00000000]>
the stack is created in the same range as the map 6 which was already in the address 0 so ... this means this code doesnt work:
libr/core/cmd_anal.inc.c line 7290
7243 static void cmd_esil_mem(RCore *core, const char *input) {
...
7285 size = r_config_get_i (core->config, "esil.stack.size");
7286 addr = r_config_get_i (core->config, "esil.stack.addr");
7287
7288 if (r_io_map_is_mapped (core->io, addr)) {
7289 addr = core->offset;
7290 r_io_map_locate (core->io, &addr, size, 0x10000000);
7291 }
7292 patt = r_config_get (core->config, "esil.stack.pattern");
7293 r_str_ncpy (nomalloc, input, 255);
7294 char *p = nomalloc;
Metadata
Assignees
Labels
No labels
Activity