使用gdb计算返回地址(Using gdb to calculate return address)

系统教程行业动态更新时间:2024-06-14 16:53:07

我现在正在做一个学校项目，我迷失了在ubuntu上使用gdb来查找缓冲区溢出漏洞。

我之前从未使用过gdb，但是在互联网上进行了一些研究，当我使用“disas main”命令时，我对我所看到的内容感到非常不知所措。

我想知道是否有人可以告诉我如何调试此程序或任何其他程序，并告诉我如何找到返回地址。

我在这里有这个代码：

/* This program has a buffer overflow vulnerability. */ /* Our task is to exploit this vulnerability */ #include <stdlib.h> #include <stdio.h> #include <string.h> int bof(char *str) { char buffer[12]; /* The following statement has a buffer overflow problem */ strcpy(buffer, str); return 1; } int main(int argc, char **argv) { char str[512]; FILE *badfile; badfile = fopen("badfile", "r"); fread(str, sizeof(char), 5122, badfile); bof(str); printf("Returned Properly\n"); return 1; }

I'm currently doing a school project right now, and I'm lost on using gdb on ubuntu to find a buffer overflow vulnerability.

I've never used gdb before, but did a little bit of research on the internet and when I used the "disas main" command I was quite overwhelmed at what I was looking at.

I was wondering if someone can walk me through on how to debug this program or any other programs and show me how the return address is found.

I have this code here:

最满意答案

在调试器中，您可以看到反汇编的代码，只需在函数的ret操作数上添加一个断点即可。当它停止时，请参阅esp寄存器的值，该值指向堆栈地址。然后探索此地址的内存，前4个（取决于您的平台）字节将为您提供将用于返回的地址。

In the debugger you can see the disassembled code, just put a break point to the ret operand of your function. When it stops, see the value of the esp register which points you to the stack address. Then explore the memory at this address and the first 4 (depending on your platform) bytes will give you the address which will be used to return to.

更多推荐

本文发布于:2023-04-05 21:07:00，感谢您对本站的认可！

本文链接:https://www.elefans.com/category/dzcp/248f52217a6605824d8d3a7b9d2e712c.html