GDB可以更改正在运行的程序的汇编代码吗?
[英]Can GDB change the assembly code of a running program?
问题描述
I want to add some extra funcionality to /bin/ls. 
我想为/ bin / ls添加一些额外的功能。
So I started it on gdb and added a breakpoint at the beginning. 所以我在gdb上启动它并在开头添加了一个断点。
Now question is: how can I change the code of a running program in memory? 现在的问题是:如何在内存中更改正在运行的程序的代码? I can see the assembly code, but I'm not able to modify. 我可以看到汇编代码,但我无法修改。 How can I do it? 我该怎么做?
On Windows I can easily do this with olldbg for example. 在Windows上,我可以使用olldbg轻松完成此操作。 How about on Linux? 在Linux上怎么样?
(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file). (我知道这样做我只会更改内存中进程的代码。所以我可以将内存转储到文件中,然后我将更改保存在二进制文件中)。
Thank you. 谢谢。
5 个解决方案
解决方案1
15 已采纳 2011-06-24 21:34:51
You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. 您可以直接将二进制文件写入内存,但GDB没有内置汇编程序,但是您可以执行类似set *(unsigned char*)0x80FFDDEE = 0x90 ,以将该地址的助记符更改为NOP。 You could however use NASM to write a shellcode and use perl or python to inject it into the program :) 然而,您可以使用NASM编写shellcode并使用perl或python将其注入程序:)
You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474 您可能也喜欢这个小.gdbinit文件,以便更轻松地调试: https ://gist.github.com/985474
解决方案2
7 2011-06-24 21:34:41
解决方案3
3 2012-01-06 09:51:45
这是一篇博客文章 ,解释了如何在运行时为gdb和Visual Studio更改代码。
解决方案4
2 2015-07-29 21:27:43
compile code command compile code命令
Introduced around 7.9, it allows code compilation and injection. 介绍大约7.9,它允许代码编译和注入。 Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html 文档: https : //sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
I have given a minimal example in this answer . 我在这个答案中给出了一个很小的例子。
While it is not actual code modification, it does allow you to compile some code on the fly and run it once immediately, which might be enough. 虽然它不是实际的代码修改,但它确实允许您动态编译一些代码并立即运行它,这可能就足够了。
And the GNU cauldron presentation suggests that actual code modification may be added later on as an extension to this feature, see slide 30 "Fix and continue". GNU大锅演示文稿建议稍后可以添加实际代码修改作为此功能的扩展,请参阅幻灯片30“修复并继续”。
There are a few constructs that did not work as I expected like return , so I've asked why at: In the GDB compile code command, what language constructs behave exactly as if they were present in the original source? 有一些构造没有像我预期的那样工作return ,所以我问为什么在: 在GDB编译代码命令中,什么语言构造的行为就像它们在原始源中存在一样?
解决方案5
0 2019-05-06 17:03:23
You can use gcc-plugin to write an extension to modify your coed and add any additional functionality in easy way during compilation process. 您可以使用gcc-plugin编写扩展来修改您的coed,并在编译过程中以简单的方式添加任何其他功能。 if you work on machine level code, you should use binary instrumentation tools like Pin and Dyninst to instrument your binary file on the disk. 如果您使用机器级代码,则应使用Pin和Dyninst等二进制检测工具来检测磁盘上的二进制文件。 however, if the overhead is important issue, you should work carefully with such tools. 但是,如果开销很重要,那么您应该仔细使用这些工具。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.