简体   繁体   English

使用GDB在Linux上调试根应用程序

[英]debugging root application on linux with GDB

I'm studying on a book called "the art of hacking" and after the theory, I'm trying to do some exercises on real old vulnerabilities just to do some exercises. 我正在研究一本名为“黑客的艺术”的书,并且根据理论,我试图针对真正的旧漏洞进行一些练习,而只是进行一些练习。

So, I "configure", "make" and "make install" an ftp vulnerable service and then I launch it as root. 因此,我“配置”,“ make”和“ make install”一个易受攻击的ftp服务,然后以root用户身份启动它。

At this point, I need to debug the ftp service while it is running as root. 此时,我需要在以根用户身份运行时调试ftp服务。 What I have understood from the book is that, to create a working exploit for a case like that, I need to study the stack while the service is running as root in order to have a real "stack situation" of the program on which I want to work... and to do it I need to attach my gdb to the running process! 从这本书中我了解到,要为这种情况创建可行的漏洞利用程序,我需要在服务作为root运行时研究堆栈,以了解我所使用的程序的真实“堆栈情况”想要工作...并做到这一点,我需要将我的gdb附加到正在运行的进程中!

My problem is that when I launch the command 我的问题是当我启动命令时

gdb gdb

my gdb is attaching to the process, BUT of course I have any symbol loaded and any possibility to study the stack of the program. 我的gdb正在附加到进程中,但是当然我有任何符号加载,也有可能研究程序堆栈。

Since I have all the sources of the application, how can I compile them in order to create the symbols needed to debug the running process? 由于我拥有应用程序的所有源代码,因此如何编译它们以创建调试正在运行的进程所需的符号?

You need to add a -g to the compile flags. 您需要在编译标志中添加-g Most packages will do this with configure --enable-debug , but you may need to do something like set the CFLAGS environment variable using export CFLAGS=-g before running configure if that doesn't work. 大多数软件包将使用configure --enable-debug来执行此操作,但如果不起作用,则可能需要先执行诸如使用export CFLAGS=-g设置CFLAGS环境变量之类的操作,然后再运行configure。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM