[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: exec leaking
From: |
Samuel Thibault |
Subject: |
Re: exec leaking |
Date: |
Thu, 9 Aug 2007 02:50:32 +0200 |
User-agent: |
Mutt/1.5.12-2006-07-14 |
Samuel Thibault, le Thu 09 Aug 2007 02:29:17 +0200, a écrit :
> 0e881000 0000 0000 0000 0000 0000 0000 0000 0000
> *
> 0e8815a0 7240 001c a460 001c 0000 0000 0000 0000
> 0e8815b0 0000 0000 0000 0000 0000 0000 0000 0000
> 0e8815c0 0000 0000 15c4 0e88 15e0 0e88 0041 0000
> 0e8815d0 0000 0000 0091 0000 000f 0000 0000 0000
> 0e8815e0 0001 0000 0000 0000 15a0 0e88 0001 0000
> 0e8815f0 0000 0000 0000 0000 0000 0000 0000 0000
> *
> 0e881660 0000 0000 06b9 0000 0000 0000 0000 0000
> 0e881670 0000 0000 0000 0000 0000 0000 0000 0000
> *
>
> and repeats every 0x748, one per exec() call. Yes, there is a sort of
>
> start: 40 72 1C 00 60 4A 1C 00 00....
> here: &here
> &there
> 41 00 00... 91 00.. 0F 00..
> there: 01, 0s
> &start
> 01 00..
> B9 96 00..
It can be noted too that 0x6b9 up to the next 0x91 is 0x6b9 bytes, and
that 0x1c and 0x0f are exactly the number of following 0s.
Samuel