[英]Can not find return address in gdb
I wrote that program in C (just for debugging purposes): 我用C语言编写了该程序(仅用于调试目的):
void return_input(void)
{
char array[10];
gets(array);
printf("%s\n", array);
}
main()
{
return_input();
return 0;
} }
I have been experimenting with stack overflows, and since I am working with a 64 bit machine I compiled it with 我一直在尝试堆栈溢出,并且由于我使用的是64位计算机,因此我使用
gcc -m32 -mpreferred-stack-boundary=2 -ggdb overflow.c -o overflow
I then debugged the program with gdb, and disassembled the return_input function, I got: 然后,我使用gdb调试了程序,并反汇编了return_input函数,得到了:
0x0804841b <+0>: push %ebp
0x0804841c <+1>: mov %esp,%ebp
0x0804841e <+3>: sub $0xc,%esp
0x08048421 <+6>: lea -0xa(%ebp),%eax
0x08048424 <+9>: push %eax
0x08048425 <+10>: call 0x80482e0 <gets@plt>
0x0804842a <+15>: add $0x4,%esp
0x0804842d <+18>: lea -0xa(%ebp),%eax
0x08048430 <+21>: push %eax
0x08048431 <+22>: call 0x80482f0 <puts@plt>
0x08048436 <+27>: add $0x4,%esp
0x08048439 <+30>: nop
0x0804843a <+31>: leave
0x0804843b <+32>: ret
This marks that the return address should be 0x0804843b (or is it not?) However, when examining the esp (remember this is a 32bit compiled program on a 64bit machine) with x/20x $esp
(after setting a breakpoint at the gets function and the ret), I can't find the return address: 这标志着返回地址应该是0x0804843b(或者不是)。但是,在使用
x/20x $esp
(在gets函数中设置断点之后)检查esp(记住这是64位计算机上的32位编译程序)时,和ret),我找不到寄信人地址:
0xffffd400: 0xffffd406 0x080481ec 0x08048459 0x00000000
0xffffd410: 0xffffd418 0x08048444 0x00000000 0xf7e195f7
0xffffd420: 0x00000001 0xffffd4b4 0xffffd4bc 0x00000000
0xffffd430: 0x00000000 0x00000000 0xf7fb0000 0xf7ffdc04
0xffffd440: 0xf7ffd000 0x00000000 0xf7fb0000 0xf7fb0000
Why can't I see the return address? 为什么看不到寄信人地址? Sorry for the long question.
对不起,很长的问题。 Thanks in advance
提前致谢
0x0804843b is 'ret'. 0x0804843b是'ret'。 It seems you confused that with 'return address'.
您似乎将其与“寄信人地址”混淆了。 The return address is the address of the next instruction to execute in the calling function.
返回地址是在调用函数中要执行的下一条指令的地址。 In particular for this code:
特别是对于此代码:
0x08048425 <+10>: call 0x80482e0 <gets@plt>
0x0804842a <+15>: add $0x4,%esp
The return address is 0x0804842a. 返回地址为0x0804842a。
Now, it is unclear what exactly did you do. 现在,您到底做了什么还不清楚。 Compiling as you specified, doing 'break gets' + 'run' works just fine for me.
按照您的指定进行编译,对我来说,执行'break gets'+'run'效果很好。 Are you sure you are dumping regs from "within" gets?
您确定要从“内”获取转储注册表吗?
(gdb) disassemble return_input
Dump of assembler code for function return_input:
0x0804843b <+0>: push %ebp
0x0804843c <+1>: mov %esp,%ebp
0x0804843e <+3>: sub $0xc,%esp
0x08048441 <+6>: lea -0xa(%ebp),%eax
0x08048444 <+9>: push %eax
0x08048445 <+10>: call 0x8048300 <gets@plt>
0x0804844a <+15>: add $0x4,%esp
That's the instruction gets should return to. 那就是应该返回的指令。
0x0804844d <+18>: lea -0xa(%ebp),%eax
0x08048450 <+21>: push %eax
0x08048451 <+22>: call 0x8048310 <puts@plt>
0x08048456 <+27>: add $0x4,%esp
0x08048459 <+30>: nop
0x0804845a <+31>: leave
0x0804845b <+32>: ret
End of assembler dump.
(gdb) break gets
Breakpoint 1 at 0x8048300
(gdb) run
[..]
Breakpoint 1, 0xf7e3a005 in gets () from /lib/libc.so.6
(gdb) x/20x $esp
0xffffd160: 0x00000001 0xf7fa3000 0xffffd180 0x0804844a
And here it is on the 4th spot. 这里是第四名。
0xffffd170: 0xffffd176 0x0804820c 0x08048479 0x00000000
0xffffd180: 0xffffd188 0x08048464 0x00000000 0xf7df15a6
0xffffd190: 0x00000001 0xffffd224 0xffffd22c 0x00000000
0xffffd1a0: 0x00000000 0x00000000 0xf7fa3000 0xf7ffdbe4
(gdb)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.