从编译的C ++代码中提取int数组

Question

Is it possible for an attacker to get integer arrays from your compiled code?

Like how the attacker can get strings from your code using the strings command.

Answer 1

Yes. A quick example with main.c :

int main(void) {
        int vars[8] = {0,1,2,3,4,5,6,7};
}

Then gcc -O0 main.c -o main to disable optimization so our unused array isn't removed. Then if you simply disassemble it:

0000000000400474 <main>:
  400474:       55                      push   %rbp
  400475:       48 89 e5                mov    %rsp,%rbp
  400478:       c7 45 e0 00 00 00 00    movl   $0x0,-0x20(%rbp)
  40047f:       c7 45 e4 01 00 00 00    movl   $0x1,-0x1c(%rbp)
  400486:       c7 45 e8 02 00 00 00    movl   $0x2,-0x18(%rbp)
  40048d:       c7 45 ec 03 00 00 00    movl   $0x3,-0x14(%rbp)
  400494:       c7 45 f0 04 00 00 00    movl   $0x4,-0x10(%rbp)
  40049b:       c7 45 f4 05 00 00 00    movl   $0x5,-0xc(%rbp)
  4004a2:       c7 45 f8 06 00 00 00    movl   $0x6,-0x8(%rbp)
  4004a9:       c7 45 fc 07 00 00 00    movl   $0x7,-0x4(%rbp)

It makes logical sense, if you have data in your code and your program uses it, then the data must exist somewhere.

Answer 2

It is possible, I recommend you to open a executable file after compiled with notepad++ or notepad, and maybe you see something as:

But why this is so simple with strings and not with vectors? Because strings are usually just made by alfphanumeric letters and so on, just seen them inside of binary files we found tham, an array of int will be inside of your code as raw data but eye seen them is hard since they are not (obligatorily) printed characters, but if you use a disassembling program it is as easy to find strings as other arrays.