stackoom
  简体   繁体   中英

Get the environment variable address

 原文  2015-08-02 13:04:45       c/ gdb

Question

I have ASLR disabled. Well, I want obtain the address of the environment variable "SHELL", so I use the C function getenv(). 

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
    char* ptr = getenv("SHELL");
    printf("%p\n", ptr);
}

The address obtained with getenv() 

$ ./getenv
0xbffff752

The address obtained with gdb: 

gdb> x/4000s $esp
...
(gdb) x/s 0xbffff710
0xbffff710:     "SHELL=/bin/bash"
(gdb) x/s 0xbffff716
0xbffff716:     "/bin/bash"

Why are the addresses different? As noted, I must say the correct address in the obtained with GDB.

3 answers

solution1
 5  2015-08-02 14:47:30

Why the addresses are different?

Because one is run under gdb and one isn't. Running under a different environment results in a different environment. Literally.

What's the output of the printf() statement when running under gdb ?

As note, I must say the correct address in the obtained with gdb.

What information is that statement based on?

solution2
 1  2015-08-02 13:47:01

The trouble is that your list of environment variables can differ when running under gdb and without it. And that is enough to cause the shift in address.

Somewhat shortened listing... (your program) 

$ gdb ./a.out
(gdb) r
Starting program: /home/mfranc/a.out 
0x7fffffffdd37
(gdb) r
Starting program: /home/mfranc/a.out 
0x7fffffffdd37
(gdb) set environment a="hello world"
(gdb) r
Starting program: /home/mfranc/a.out 
0x7fffffffdd27
(gdb) r
Starting program: /home/mfranc/a.out 
0x7fffffffdd27
(gdb) unset environment a
(gdb) r
Starting program: /home/mfranc/a.out 
0x7fffffffdd37
(gdb)

Generally you should debug in the original environment and attach to the process via gdb -p $PID. If you spawn process in a slightly different way and the environment will differ slightly you might see different addresses.

solution3
 0  2015-08-02 13:23:54

[For Linux]

From man 3 getenv() ( italics by me):

The implementation of getenv() is not required to be reentrant. The string pointed to by the return value of getenv() may be statically allocated, and can be modified by a subsequent call to getenv().

This implies that the value queried may be copied and a reference to the copy is returned, so the address returned might differ from the address where the original env-var-tuple is stored.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get environment variable address with Python Why this piece of code can get environment variable address? Get address of __regvar variable in C Curious thing when finding environment variable address in gdb How do I get the address of the address of a variable (&& is a compiler-error)? How to get asm to jump to a variable address in c? How to get flash address of global variable in Arduino How to get the address of a variable stated in C Macro? Get the value of a variable using the hexadecimal memory address Get the hexadecimal address of a variable as uintptr_t
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM