使用gdb计算返回地址
[英]Using gdb to calculate return address
问题描述
I'm currently doing a school project right now, and I'm lost on using gdb on ubuntu to find a buffer overflow vulnerability. 
我目前正在做一个学校项目,而在ubuntu上使用gdb查找缓冲区溢出漏洞时我迷路了。
I've never used gdb before, but did a little bit of research on the internet and when I used the "disas main" command I was quite overwhelmed at what I was looking at. 我以前从未使用过gdb,但是在Internet上做了一些研究,当我使用“ disas main”命令时,我对正在查看的内容不知所措。
I was wondering if someone can walk me through on how to debug this program or any other programs and show me how the return address is found. 我想知道是否有人可以指导我调试该程序或任何其他程序,并告诉我如何找到返回地址。
I have this code here: 我在这里有此代码:
/* This program has a buffer overflow vulnerability. */
/* Our task is to exploit this vulnerability */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[12];
/* The following statement has a buffer overflow problem */
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
char str[512];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 5122, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}
1 个解决方案
解决方案1
1 已采纳 2016-01-27 07:42:41
In the debugger you can see the disassembled code, just put a break point to the ret operand of your function. 在调试器中,您可以看到反汇编的代码,只需在函数的ret操作数上放置一个断点即可。 When it stops, see the value of the esp register which points you to the stack address. 当它停止时,请参见esp寄存器的值,该值将您指向堆栈地址。 Then explore the memory at this address and the first 4 (depending on your platform) bytes will give you the address which will be used to return to. 然后浏览该地址处的内存,前4个(取决于您的平台)字节将为您提供将用于返回的地址。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.