Mail Archives: djgpp/1997/06/01/11:48:42
> > edx=3a633d52
> You don't need to reproduce the problem under GDB to know where does
> it crash. Just load the program and disassemble near the address
> where it crashes, like so:
>
> gdb hello
> (gdb) disassemble 0x3424
>
> GDB will list the function, if any, that includes the given address.
> You can then look at the source of the function that bombs and debug
> further.
I came up with something similar after I posted. I loaded things
into gdb and then put a breakpoint right before Offending instruction.
It is located in malloc (one that I haven't touched), on a line like
follows
movl (%edx),%eax
The crash shows it with a rediculously high edx, inside gdb
it is much more reasonable (about 0x4000)
I still don't understand why bash works but command.com doesn't.
I assume (probably incorrectly) that they exec programs in the same way.
I think I will have to start replacing packages one by one and then
going back and overwriting.
Thanks
Andrew
- Raw text -