f0 segfault recovery
When working outside the walled garden of byte code VMs and interpreted languages there is always the chance you might shoot yourself in the foot. This usually results in a segfault. As a courtesy, f0 can recover from segfaults.
$ ./f0
f0# 1 2 3 4
We push some stuff on the stack and there it is.
f0# $
0: 0x4 4
1: 0x3 3
2: 0x2 2
We invoke dict_get with ‘?’. It expects a pointer to a string (the key to find) but there are only a bunch of numbers on the stack.
f0# ?
Segorimus Faultimium and subsequent recovery.
wh000ps! we've triggered SIGSEGV. let's try and recover. hold on tight ...
stack dump:
b78e0a1c: 7b 00 00 00 7b 00 00 00 00 00 00 00 00 00 00 00
b78e0a2c: 90 0f 8e b7 60 0f 8e b7 f4 5f 26 00 aa 02 00 00
b78e0a3c: 04 00 00 00 04 00 00 00 0e 00 00 00 04 00 00 00
b78e0a4c: 85 37 18 00 73 00 00 00 46 02 21 00 60 0f 8e b7
b78e0a5c: 7b 00 00 00 f0 0c 8e b7 00 00 00 00 00 00 00 00
b78e0a6c: 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00
b78e0a7c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
b78e0a8c: 00 00 00 00 d0 0e 8e b7 00 00 00 00 76 fb ff ff
b78e0a9c: 00 00 00 00 0a 00 00 00 cf 0e 8e b7 cf 0e 8e b7
b78e0aac: 01 00 00 00 00 00 00 00 02 00 00 00 82 ef 14 00
b78e0abc: 00 00 00 00 9b 98 04 08 e0 59 26 00 9c 98 04 08
b78e0acc: 74 65 26 00 00 00 00 00 90 98 04 08 00 00 00 00
b78e0adc: b8 0f 8e b7 90 98 04 08 09 00 00 00 00 00 00 00
b78e0aec: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
b78e0afc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
b78e0b0c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
eip: 183785 esp: b78e0f60 ebp: b78e0f60
searching stack for recovery point [80492d3, 80493eb]found it * b78e0ff4: 804936b
restoring eip to 0x804936b
Almost like we never left the resort.
f0# $
0: 0x8048a70 134515312
1: 0x3 3
2: 0x2 2
f0#
*** This is a Security Bloggers Network syndicated blog from Armchair Stratosphere authored by Jason. Read the original post at: http://maliciousattacker.blogspot.com/2012/08/f0-segfault-recovery.html