Bad Memories -v0.9- -recreation- Online

struct note void (*print_func)(char *); char data[56]; ; Found a pointer at 0x602010 pointing to a function 0x400c80 (normal print) and another at 0x6020a0 pointing to 0x401456 (secret function).

(gdb) info files Shows the executable was bad_memories_v0.9 . We can try to recover the binary from memory: Bad Memories -v0.9- -recreation-

In GDB, call the overwritten function:

gdb -c core.dump (gdb) dump memory recovered.bin 0x400000 0x401000 # typical .text section But better: use volatility (if full memory dump) or memdump from /proc/pid/maps style. struct note void (*print_func)(char *); char data[56]; ;