root@kali:~/ohm/bypass# gdb bypass 
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bypass...done.
(gdb) break bypass.c :9
Breakpoint 1 at 0x790: file bypass.c, line 9.
(gdb) run AAAAAAAAAA
Starting program: /root/ohm/bypass/bypass AAAAAAAAAA

Breakpoint 1, check_serial (serial=0x7fffffffe4b7 "AAAAAAAAAA") at bypass.c:9
9	  if (strcmp(serial_buff, "SN123456") == 0) flag = 1;
(gdb) disass main
Dump of assembler code for function main:
   0x00005555555547b3 <+0>:	push   %rbp
   0x00005555555547b4 <+1>:	mov    %rsp,%rbp
   0x00005555555547b7 <+4>:	sub    $0x10,%rsp
   0x00005555555547bb <+8>:	mov    %edi,-0x4(%rbp)
   0x00005555555547be <+11>:	mov    %rsi,-0x10(%rbp)
   0x00005555555547c2 <+15>:	cmpl   $0x1,-0x4(%rbp)
   0x00005555555547c6 <+19>:	jg     0x5555555547ed <main+58>
   0x00005555555547c8 <+21>:	mov    -0x10(%rbp),%rax
   0x00005555555547cc <+25>:	mov    (%rax),%rax
   0x00005555555547cf <+28>:	mov    %rax,%rsi
   0x00005555555547d2 <+31>:	lea    0xe4(%rip),%rdi        # 0x5555555548bd
   0x00005555555547d9 <+38>:	mov    $0x0,%eax
   0x00005555555547de <+43>:	callq  0x555555554620 <printf@plt>
   0x00005555555547e3 <+48>:	mov    $0x0,%edi
   0x00005555555547e8 <+53>:	callq  0x555555554640 <exit@plt>
   0x00005555555547ed <+58>:	mov    -0x10(%rbp),%rax
   0x00005555555547f1 <+62>:	add    $0x8,%rax
   0x00005555555547f5 <+66>:	mov    (%rax),%rax
   0x00005555555547f8 <+69>:	mov    %rax,%rdi
   0x00005555555547fb <+72>:	callq  0x55555555476a <check_serial>
   0x0000555555554800 <+77>:	test   %eax,%eax
   0x0000555555554802 <+79>:	je     0x555555554812 <main+95>
   0x0000555555554804 <+81>:	lea    0xc8(%rip),%rdi        # 0x5555555548d3
   0x000055555555480b <+88>:	callq  0x555555554610 <puts@plt>
   0x0000555555554810 <+93>:	jmp    0x55555555481e <main+107>
   0x0000555555554812 <+95>:	lea    0xd4(%rip),%rdi        # 0x5555555548ed
   0x0000555555554819 <+102>:	callq  0x555555554610 <puts@plt>
   0x000055555555481e <+107>:	mov    $0x0,%eax
   0x0000555555554823 <+112>:	leaveq 
   0x0000555555554824 <+113>:	retq   
End of assembler dump.
(gdb) x/32xw $rsp
0x7fffffffe060:	0x00000001	0x00000000	0xffffe4b7	0x00007fff
0x7fffffffe070:	0x41414141	0x41414141	0x55004141	0x00005555
0x7fffffffe080:	0xf7de70e0	0x00007fff	0x00000000	0x00000000
0x7fffffffe090:	0xffffe0b0	0x00007fff	0x55554800	0x00005555
0x7fffffffe0a0:	0xffffe198	0x00007fff	0x00000000	0x00000002
0x7fffffffe0b0:	0x55554830	0x00005555	0xf7a3fa87	0x00007fff
0x7fffffffe0c0:	0x00000000	0x00000000	0xffffe198	0x00007fff
0x7fffffffe0d0:	0x00040000	0x00000002	0x555547b3	0x00005555
(gdb) print 0x7fffffffe098 - 0x7fffffffe070
$1 = 40
(gdb) 

