[英]GDB calling a function that is not in main
My professor gave us an assignment to step through x86 instructions produced by a c program using GDB to find passwords.我的教授给了我们一个任务,让我们逐步通过 c 程序使用 GDB 生成的 x86 指令来查找密码。 Our job is to go through 6 phases and find the passwords hidden somewhere in the x86 instructions.
我们的工作是通过 6 个阶段对 go 并找到隐藏在 x86 指令中某处的密码。 I was able to go through all of them but at the end I noticed that in the x86 file, there was a function called secret_phase.
我能够通过所有这些 go 但最后我注意到在 x86 文件中,有一个名为 secret_phase 的 function。 It is my understanding that if we finish the secret_phase we get extra credit.
我的理解是,如果我们完成了 secret_phase,我们将获得额外的功劳。 The problem is, secret_phase is never called from the main function so I don't know how to even access it.
问题是,从未从主 function 调用 secret_phase,所以我什至不知道如何访问它。 Is there any way to call the secret_phase function from GDB?
有什么方法可以从 GDB 调用 secret_phase function?
If you're an optimist and hope that secret_phrase, say, just prints secret phrase on the screen, then do: 如果您是一个乐观主义者,并且希望secret_phrase例如在屏幕上打印秘密短语,那么请执行以下操作:
break main
run
call ((void(*)()) secret_phrase)()
Here you specify function prototype to call, the guess being it takes no arguments and returns nothing. 在这里,您指定要调用的函数原型,猜测是它不带参数也不返回任何值。 If you expect it, eg to return secret phrase as
char*
you may try: 如果您期望如此,例如将秘密短语返回为
char*
,则可以尝试:
print ((char*(*)()) secret_phrase)()
or any other return type, but that's guesswork. 或其他任何返回类型,但这只是猜测。
A more rigorous approach is to jump to that function, can be done at any point of execution: 一种更严格的方法是跳转到该函数,可以在任何执行点执行:
break main
run
break secret_phrase
jump secret_phrase
(Note the second break, without it execution will proceed immediately and most likely program will crash since you jumped to function, not called it). (请注意第二个中断,如果不执行该中断,它将立即执行,并且很可能由于您跳转到函数而不是调用它而导致程序崩溃)。 After confirmation debugger will stop at the start of secret_phrase.
确认后,调试器将在secret_phrase的开头停止。 Proceed with
stepi
with care, as soon as you execute retn
instruction the program will likely crash. 小心执行
stepi
,一旦执行retn
指令,程序可能会崩溃。 But you'll have a chance to examine the function closely. 但是您将有机会仔细检查该功能。
All that aside you probably should start with disassemble secret_phrase
just to look for clues. 除了所有这些,您可能应该从
disassemble secret_phrase
开始,以寻找线索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.