Graphics Programs Reference
In-Depth Information
0x08048f5f <main+460>: call 0x8048ac4 <fatal>
0x08048f64 <main+465>: nop
0x08048f65 <main+466>: mov DWORD PTR [ebp-60],0x10
0x08048f6c <main+473>: lea eax,[ebp-60]
0x08048f6f <main+476>: mov DWORD PTR [esp+8],eax
0x08048f73 <main+480>: lea eax,[ebp-56]
0x08048f76 <main+483>: mov DWORD PTR [esp+4],eax
0x08048f7a <main+487>: mov eax,ds:0x804a970
0x08048f7f <main+492>: mov DWORD PTR [esp],eax
0x08048f82 <main+495>: call 0x80488d0 <accept@plt>
0x08048f87 <main+500>: mov DWORD PTR [ebp-12],eax
0x08048f8a <main+503>: cmp DWORD PTR [ebp-12],0xffffffff
0x08048f8e <main+507>: jne 0x8048f9c <main+521>
0x08048f90 <main+509>: mov DWORD PTR [esp],0x804962e
0x08048f97 <main+516>: call 0x8048ac4 <fatal>
0x08048f9c <main+521>: mov eax,ds:0x804a96c
0x08048fa1 <main+526>: mov DWORD PTR [esp+8],eax
0x08048fa5 <main+530>: lea eax,[ebp-56]
0x08048fa8 <main+533>: mov DWORD PTR [esp+4],eax
0x08048fac <main+537>: mov eax,DWORD PTR [ebp-12]
0x08048faf <main+540>: mov DWORD PTR [esp],eax
0x08048fb2 <main+543>: call 0x8048fb9 <handle_connection>
0x08048fb7 <main+548>: jmp 0x8048f65 <main+466>
End of assembler dump.
(
gdb)
All three of these addresses basically go to the same place. Let's
use
0x08048fb7
since this is the original return address used for the call to
handle_connection()
. However, there are other things we need to fix first.
Look at the function prologue and epilogue for
handle_connection()
. These
are the instructions that set up and remove the stack frame structures on
the stack.
(gdb) disass handle_connection
Dump of assembler code for function handle_connection:
0x08048fb9 <handle_connection+0>: push ebp
0x08048fba <handle_connection+1>: mov ebp,esp
0x08048fbc <handle_connection+3>: push ebx
0x08048fbd <handle_connection+4>: sub esp,0x644
0x08048fc3 <handle_connection+10>: lea eax,[ebp-0x218]
0x08048fc9 <handle_connection+16>: mov DWORD PTR [esp+4],eax
0x08048fcd <handle_connection+20>: mov eax,DWORD PTR [ebp+8]
0x08048fd0 <handle_connection+23>: mov DWORD PTR [esp],eax
0x08048fd3 <handle_connection+26>: call 0x8048cb0 <recv_line>
0x08048fd8 <handle_connection+31>: mov DWORD PTR [ebp-0x620],eax
0x08048fde <handle_connection+37>: mov eax,DWORD PTR [ebp+12]
0x08048fe1 <handle_connection+40>: movzx eax,WORD PTR [eax+2]
0x08048fe5 <handle_connection+44>: mov DWORD PTR [esp],eax
0x08048fe8 <handle_connection+47>: call 0x80488f0 <ntohs@plt>
.:[ output trimmed ]:.
0x08049302 <handle_connection+841>: call 0x8048850 <write@plt>
