stackoom
  简体   繁体   中英

How to change the value of variable with gdb

 原文  2021-04-14 11:11:40       c/ debugging/ assembly/ gcc/ gdb

Question

I have a file named exploit.c inside which:

#include <stdbool.h>
#include <stdio.h>

const char y1 = 'a';
const char y2 = 'b';
const char y3 = 'x';
const char y4 = 'y';
const char y5 = 'i';
const char y6 = 'j';

char x1 = 'f' ^ 'a';
char x2 = 'l' ^ 'b';
char x3 = 'a' ^ 'x';
char x4 = 'g' ^ 'y';
char x5 = 'y' ^ 'i';
char x6 = '-' ^ 'j';

int main() {
  bool c = false;
  if(c) { printf("The flag is: %c%c%c%c%c%c%c%c%c%c%c\n", x1 ^ y1, x2 ^ y2, x3 ^ y3, x4 ^
  y4, x4 ^ y4, x5 ^ y5, x6 ^ y6, x1 ^ y1, x2 ^ y2, x3 ^ y3, x4 ^ y4); }
  return 0;
}

I know I can print out the flag by changing the value of c. But I want to do it by assembling/executing. How can I print out the flag without changing the value of boolean but with gcc and gdb?

2 answers

solution1
 3  2021-04-14 13:53:26

You can do it via gdb . The first thing you have to know is that c is a local variable, that means that it will be placed on the stack in an un-optimized build that doesn't optimize it away entirely and remove dead code.

At this point you have two options: you can either modify the memory location where the variable is (so somewhere on the stack) or you can use gdb assignment .

To set the memory you can use something like set *((char *) address_of_c) = 1 . ( bool and char have the same size on most architectures, and bool uses 0 or non-0 as false/true.) You could probably just use bool* .

With gdb assignment the same memory zone will be modified, but that depends on GDB being able to use debug symbols (created by gcc -g ) to find the name and location of a local variable within this function's stack frame. That's nice if it's available: you don't have to find the address of your variable manually.

solution2
 1  2021-04-14 13:04:32

It was pretty easy one so I could do myself:) We have exploit.c file where I need to debug it in order to get the flag with 'gcc'. I run the program with:

gcc -g exploit.c -o exploit and got 'exploit' which is executable exploit.c file.

Then: gdb exploit

We have bool c = false; on line 21, so put the break line on it:

break 21

Then: I changed the value of c by this command: set variable c = “true” However, when I went to the next line by “next” it become false again. So I reset the value again: set variable c = “true” and then next button: Yay, it printed out the flag:

(gdb) next

The flag is: flaggy-flag
23    return 0;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set a double variable with integer value using GDB? GDB: break if variable equal value trace variable change using valgrind and gdb gdb script to isolate a thread based on variable value How to print #define value in gdb? How to check [sp,#4] value in gdb In gdb my variable shows as <optimised out>, how can I find its value? using gdb python api, how to fetch the value of a c variable during debug session How to print a variable on a particular condition in gdb? How to declare a variable in the scope of a given function with GDB?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM