On Sat, 28 Dec 2002, Selcuk Goren wrote:
> Dennis and Brian, thanks a lot.
> I wonder if you can tell me where I can get more information on
> interpreting these output.
>
> > Cannot access memory at address 0x40013730
> > #0 0x2073746e in ?? ()
> > (gdb) bt
> > #0 0x2073746e in ?? ()
> > Cannot access memory at address 0x69616c70
>
> I wonder why we don't interpret 0x2073746e instead of 0x69616c70 (which
> is the memory address) as a string of chars.
In this instance you can. 0x69616c70 ("plai") is at the bottom of the
stack. The 0x2073746e ("nts ") is the next word on the stack. This
would indicate that the string that overflowed its buffer contained the
string "plaints ".
Almost any time you see a core dump like this, it's from an overflowed
buffer. And virtually all buffer overflows are strings. So anytime
you get a core dump like this that doesn't seem to be too useful, you
should check and see if any of the addresses it lists could be interpreted
as characters. You can look them up on an ASCII chart, or you can
have gdb convert them for you. In gdb try: "print (char[])0x69616c70"
for example.
> We know 0x69616c70 is the address but what is 0x2073746e ?
> Sorry for prolonging this subject too much. If you can tell me some source
> to read about for details it will be very appreciated.
> Tnanks a lot in advance.
Have you looked at the link Brian put at the bottom of his reply?
It does a good job of explaining what's going on with the stack.
Dennis
