ln is a very useful command. It stands for list nearest. You provide an address as argument, and it gives you the closest symbol that matches the address. Of course, you have to be using the right symbols!

 

Here is the syntax:

 

ln [address]

 

Example:

 

 

 

Tip: You can see if you have a stack corruption very easily. If the stack is corrupted the eip register points to an invalid address and not to the next instruction. Thus, to validate if this is the case, use:

 

ln @eip

 

Normal stack (eip matches a valid symbol):

 

 

 

Corrupted stack (eip has no symbol that matches):

 

 

 

 

Here you can see scripts that use ln.