Hi, Leonard. It works here on my OpenBSD johannes 3.1 GENERIC#59 i386. Though I don't have a RH or Debian handy, I'll try to give you a hint as what to look for. Compile your code with the -g option (just to give you some help when moving through symbols on gdb) and then run gdb <your.executable>. On gdb run the following session: (gdb) disassemble main Dump of assembler code for function main: 0x17bc <main>: push %ebp 0x17bd <main+1>: mov %esp,%ebp 0x17bf <main+3>: sub $0x18,%esp 0x17c2 <main+6>: call 0x1878 <__main> 0x17c7 <main+11>: movl $0x0,0xfffffffc(%ebp) 0x17ce <main+18>: add $0xfffffffc,%esp 0x17d1 <main+21>: push $0x3 0x17d3 <main+23>: push $0x2 0x17d5 <main+25>: push $0x1 0x17d7 <main+27>: call 0x1798 <function> 0x17dc <main+32>: add $0x10,%esp 0x17df <main+35>: movl $0x1,0xfffffffc(%ebp) 0x17e6 <main+42>: add $0xfffffff8,%esp 0x17e9 <main+45>: mov 0xfffffffc(%ebp),%eax 0x17ec <main+48>: push %eax 0x17ed <main+49>: push $0x17b6 0x17f2 <main+54>: call 0x2084 <_DYNAMIC+132> 0x17f7 <main+59>: add $0x10,%esp 0x17fa <main+62>: leave 0x17fb <main+63>: ret End of assembler dump. (gdb) Look at the line "movl $0x1,0xfffffffc(%ebp)", that's where 1 is assigned to x. So you want your saved IP (ret, on P49) to point exactly at this line, since the next instruction that is going to be executed is the next from the current (saved) IP when the function returns. Take a look to where the function is called (<main+27>) and where the assignment is done (<main+35>). Doing the math: 35-27=8 :-), in this case. Take a look at your assembler dump and see how far "x=1;" is from "function(1,2,3);" and that's what you want to add to your "(*ret)". Hope this help. []'s, Rafael Coninck Teigao SafeCore Network Solutions http://SafeCore.NET +55 41 224 1785 +49 175 650 2754 ------------------------------------------------------------------------ "The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles." -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 08:17:13 PDT