pamh points here: (gdb) x/256wx 0x29278 struct pam_item ps_item[PAM_MAX_ITEMS = 64]; (64 * 8 bytes = 0x200 bytes) 0x29278: 0x00000000 0x00000000 0x00028db0 0x00000005 0x29288: 0x00000000 0x00000000 0x0002b2a8 0x0000000a 0x29298: 0x00028e40 0x00000000 0x00028dd0 0x00000008 0x292a8: 0x00000000 0x00000000 0x00000000 0x00000000 0x292b8: 0x00000000 0x00000000 0x00028e50 0x00000007 0x292c8: 0x00000000 0x00000000 0x00000000 0x00000000 0x292d8: 0x00000000 0x00000000 0x00000000 0x00000000 0x292e8: 0x00000000 0x00000000 0x00000000 0x00000000 0x292f8: 0x00000000 0x00000000 0x00000000 0x00000000 0x29308: 0x00000000 0x00000000 0x00000000 0x00000000 0x29318: 0x00000000 0x00000000 0x00000000 0x00000000 0x29328: 0x00000000 0x00000000 0x00000000 0x00000000 0x29338: 0x00000000 0x00000000 0x00000000 0x00000000 0x29348: 0x00000000 0x00000000 0x00000000 0x00000000 0x29358: 0x00000000 0x00000000 0x00000000 0x00000000 0x29368: 0x00000000 0x00000000 0x00000000 0x00000000 0x29378: 0x00000000 0x00000000 0x00000000 0x00000000 0x29388: 0x00000000 0x00000000 0x00000000 0x00000000 0x29398: 0x00000000 0x00000000 0x00000000 0x00000000 0x293a8: 0x00000000 0x00000000 0x00000000 0x00000000 0x293b8: 0x00000000 0x00000000 0x00000000 0x00000000 0x293c8: 0x00000000 0x00000000 0x00000000 0x00000000 0x293d8: 0x00000000 0x00000000 0x00000000 0x00000000 0x293e8: 0x00000000 0x00000000 0x00000000 0x00000000 0x293f8: 0x00000000 0x00000000 0x00000000 0x00000000 0x29408: 0x00000000 0x00000000 0x00000000 0x00000000 0x29418: 0x00000000 0x00000000 0x00000000 0x00000000 0x29428: 0x00000000 0x00000000 0x00000000 0x00000000 0x29438: 0x00000000 0x00000000 0x00000000 0x00000000 0x29448: 0x00000000 0x00000000 0x00000000 0x00000000 0x29458: 0x00000000 0x00000000 0x00000000 0x00000000 0x29468: 0x00000000 0x00000000 0x00000000 0x00000000 pamtab * pam_conf_info[PAM_NUM_MODULE_TYPES = 4]; (4 * 4 bytes = 0x10 bytes) 0x29478: 0x000295c0 0x00029638 0x00029700 0x000296b0 0x29488: 0x0002b2d8 ; struct pam_module_data *ssd; 0x2948c: 0x00028e70 ; fd_list * fd; 0x29490: 0x00000000 ; env_list * pam_env; 0x29494: 0x00000000 ; char * pam_client_message_version_number; pamtab, pam_conf_info[0]: "login" AUTH REQUIRED "/usr/lib/security/pam_unix.so.1" 0x295c0: 0x00028de0 0x00000000 0x00000001 0x000295e8 0x295d0: 0x00000000 0x00000000 0x00028e60 0x00029610 pamtab, pam_conf_info[1]: "login" ACCOUNT REQUISITE "/usr/lib/security/pam_roles.so.1" 0x29638: 0x00028e10 0x00000001 0x00000008 0x0002a038 0x29648: 0x00000000 0x00000000 0x00000000 0x00029660 pamtab, pam_conf_info[2]: "other" PASSWORD REQUIRED "/usr/lib/security/pam_unix.so.1" 0x29700: 0x00028e30 0x00000002 0x00000001 0x00029728 0x29710: 0x00000000 0x00000000 0x00000000 0x00000000 pamtab, pam_conf_info[3]: "other" SESSION REQUIRED "/usr/lib/security/pam_unix.so.1" 0x296b0: 0x00028e20 0x00000003 0x00000001 0x000296d8 0x296c0: 0x00000000 0x00000000 0x00000000 0x00000000 pam_conf_info[0]->function_ptr: 0x28e60: 0xef4d4a70 0x00000000 0x00000009 0x00000000 0x28e70: 0xef6f060c 0x00028e90 0x00000009 0x00000000 0x28e80: 0xef4b091c 0x00000000 0x00000009 0x00000000 0x28e90: 0xef6f0c50 0x00000000 0x00000009 0x00000000 0x28ea0: 0x00028eb0 0xefffb1f0 0x00000009 0x00000000 0x28eb0: 0x00000000 0x00000000 0x00000009 0x00000000 pamh -> [512 * NULL] ps_item, ps_item[2] = { "foo", 3 } [pameptr] pam_conf_info[0] (AUTH) [3 * NULL] pam_conf_info[1-3] [NULL] ssd [NULL] fd [NULL] pam_env [NULL] pam_client_message_version_number pameptr -> [NULL] pam_service [NULL] pam_type [NULL] pam_flag [NULL] module_path [NULL] module_argc [NULL] module_argv [pamfptr] function_ptr pamfprt -> [entry] pm_sm_authenticate() entry -> shellcode