pwndbg> Continuing. c = 85 zrule_name = @���� zkey = H�E���UH��ATSH��@H�}�dH�%( insert(@����0, "H�E���UH��ATSH��@H�}�dH�%(", 1, rule_4); Hardware watchpoint 1: trie_trie->rear->rule_name Old value = 0x555555555a76 "rule_" New value = 0x7fffffffdbd0 "@\334\377\377\377\177" Hardware watchpoint 2: trie_trie->rear->key Old value = 0x555555758830 "5" New value = 0x555555758890 "H\213E\370\311\303UH\211\345ATSH\203"... trie_store_asm3 (q=0x555555758690, rule_name=0x7fffffffdbd0 "@\334\377\377\377\177", rule_name_index=0, key=0x555555758890 "H\213E\370\311\303UH\211\345ATSH\203"..., index=1, rule_next=0x555555555a76 "rule_", rule_next_index=4) at trie.c:110 110 } LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ────────────────────────────[ REGISTERS ]───────────────────────────── RAX 0x555555758690 —▸ 0x5555557586b0 —▸ 0x555555555a6d ◂— jae 0x555555555ae4 /* 'sub_root' */ RBX 0x555555555a76 ◂— jb 0x555555555aed /* 'rule_' */ RCX 0x5555557588c0 —▸ 0x7fffffffdbd0 —▸ 0x7fffffffdc40 —▸ 0x5555555559e0 (__libc_csu_init) ◂— push r15 RDX 0x5555557588c0 —▸ 0x7fffffffdbd0 —▸ 0x7fffffffdc40 —▸ 0x5555555559e0 (__libc_csu_init) ◂— push r15 RDI 0x5555557588f0 ◂— 0x0 RSI 0x0 R8 0x555555555a76 ◂— jb 0x555555555aed /* 'rule_' */ R9 0x0 R10 0x555555758010 ◂— 0x0 R11 0x0 R12 0x4 R13 0x555555555a76 ◂— jb 0x555555555aed /* 'rule_' */ R14 0x0 R15 0x0 RBP 0x7fffffffdb10 —▸ 0x7fffffffdb60 —▸ 0x7fffffffdbd0 —▸ 0x7fffffffdc40 —▸ 0x5555555559e0 (__libc_csu_init) ◂— ... RSP 0x7fffffffdad0 ◂— 0x0 RIP 0x555555554b53 (trie_store_asm3+138) ◂— leave ──────────────────────────────[ DISASM ]────────────────────────────── ► 0x555555554b53 leave 0x555555554b54 ret ↓ 0x555555554d2f add rsp, 0x10 0x555555554d33 mov eax, 0 0x555555554d38 leave 0x555555554d39 ret ↓ 0x555555554fbb add rsp, 0x10 0x555555554fbf mov dword ptr [rbp - 0x34], 0 0x555555554fc6 jmp parse_branch+987 <0x5555555551f2> ↓ 0x5555555551f2 mov eax, dword ptr [rbp - 0x34] 0x5555555551f5 movsxd rdx, eax ──────────────────────────[ SOURCE (CODE) ]─────────────────────────── 105 } 106 107 // Add the new node at the end of queue and change rear 108 q->rear->next = temp; 109 q->rear = temp; ► 110 } 111 112 struct trie_QNode * trie_load_asm(struct trie_Queue **q) 113 { 114 // If queue is empty, return NULL. 115 if ((q) == NULL) return NULL; ──────────────────────────────[ STACK ]─────────────────────────────── 00:0000│ rsp 0x7fffffffdad0 ◂— 0x0 01:0008│ 0x7fffffffdad8 —▸ 0x555555555a76 ◂— jb 0x555555555aed /* 'rule_' */ 02:0010│ 0x7fffffffdae0 —▸ 0x555555758890 ◂— 0x4855c3c9f8458b48 03:0018│ 0x7fffffffdae8 ◂— 0x1 04:0020│ 0x7fffffffdaf0 —▸ 0x7fffffffdbd0 —▸ 0x7fffffffdc40 —▸ 0x5555555559e0 (__libc_csu_init) ◂— push r15 05:0028│ 0x7fffffffdaf8 —▸ 0x555555758690 —▸ 0x5555557586b0 —▸ 0x555555555a6d ◂— jae 0x555555555ae4 /* 'sub_root' */ 06:0030│ 0x7fffffffdb00 ◂— 0xffffffffffffffb0 07:0038│ 0x7fffffffdb08 —▸ 0x5555557588c0 —▸ 0x7fffffffdbd0 —▸ 0x7fffffffdc40 —▸ 0x5555555559e0 (__libc_csu_init) ◂— ... ────────────────────────────[ BACKTRACE ]───────────────────────────── ► f 0 555555554b53 trie_store_asm3+138 f 1 555555554d2f trie_queue_add3+105 f 2 555555554fbb parse_branch+420 f 3 5555555552ca main+162 f 4 7ffff77feb97 __libc_start_main+231 Breakpoint None Breakpoint None pwndbg> bt #0 trie_store_asm3 (q=0x555555758690, rule_name=0x7fffffffdbd0 "@\334\377\377\377\177", rule_name_index=0, key=0x555555758890 "H\213E\370\311\303UH\211\345ATSH\203"..., index=1, rule_next=0x555555555a76 "rule_", rule_next_index=4) at trie.c:110 #1 0x0000555555554d2f in trie_queue_add3 (q=0x555555757038 , rule_name=0x7fffffffdbd0 "@\334\377\377\377\177", rule_name_index=0, key=0x555555758890 "H\213E\370\311\303UH\211\345ATSH\203"..., index=1, rule_next=0x555555555a76 "rule_", rule_next_index=4) at trie.c:145 #2 0x0000555555554fbb in parse_branch (co=0x555555758750 "85") at trie.c:210 #3 0x00005555555552ca in main (argc=1, argv=0x7fffffffdd28) at trie.c:266 #4 0x00007ffff77feb97 in __libc_start_main (main=0x555555555228
, argc=1, argv=0x7fffffffdd28, init=, fini=, rtld_fini=, stack_end=0x7fffffffdd18) at ../csu/libc-start.c:310 #5 0x000055555555477a in _start () pwndbg> l trie.c:210 205 else if (itterations == 2) rule_index_tmp++; 206 actual_index_tmp = actual_index+1; 207 printf("zrule_name = %s\n", zrule_name); 208 printf("zkey = %s\n", zkey); 209 printf("insert(%s%d, \"%s\", %d, %s%d);\n", zrule_name, zrule_name_index, zkey, zindex, trie_rule_prefix, rule_index_tmp-(itterations==1?0:1)); 210 trie_queue_add3(&trie_trie, zrule_name, zrule_name_index, strdup(zkey), zindex, trie_rule_prefix, rule_index_tmp-(itterations==1?0:1)); 211 for (int level = 0; co[level]; level++) { 212 char tmp[2]; 213 tmp[0] = co[level]; 214 tmp[1] = '\0'; pwndbg> l -- Function "--" not defined. pwndbg> l - 195 char * zkey; 196 int zindex; 197 if (itterations == 1) { 198 zrule_name = trie_trie->rear->rule_name; 199 zrule_name_index = trie_trie->rear->rule_name_index; 200 zkey = trie_trie->rear->key; 201 zindex = trie_trie->rear->index; 202 rule_index_tmp = rule_index+1; 203 final_rule = rule_index_tmp; 204 }