调试由pwntools打开的程序 [英] Debugging a program that is opened by pwntools
问题描述
我正在尝试在大学课程中进行stackoverflow.我要利用的二进制文件有一个canary,但是,有一种方法可以将canary泄漏到stdout.金丝雀当然是由一些随机字节组成的,所以我不能只从程序输出到stdout的字符串中读取它们.
I am trying to do a stackoverflow for a course at university. The binary I am to exploit has a canary, however, there is a way to leak that canary to stdout. The canary of course consists of some random bytes so I can't just read them from the string that the program outputs to stdout.
由于这个原因,我正在使用像p.recv(timeout = 0.01).encode("hex")这样的python和pwntools.
(我之所以使用pwntools,是因为我不知道另一种以十六进制格式读取输出的方法,如果有更简便的方法,我当然可以使用其他方法)
For this reason I am using the python and pwntools like p.recv(timeout = 0.01).encode("hex").
(I'm using pwntools only because I don't know another way to read the output in hex format, if there is an easier way I can of course use something else)
这或多或少地像预期的那样工作,我设法写出了经过金丝雀的内存区域.但是,我遇到了段错误,因此我引起的stackoverflow显然有一些问题.我需要一种调试方法,例如在提供导致stackoverflow的输入后查看堆栈.
This works more or less works as expected, I manage to write the memory area that is past the canary. However, I get a segfault, so I obviously have some problem with the stackoverflow I am causing. I need a way of debugging this, like seeing the stack after I provide the input that causes the stackoverflow.
现在没有任何进一步的讨论:我可以在GDB或其他可以向我展示堆栈内容的程序中调试以pwntools(例如process("./myprog"))开头的进程吗?
And now without any further ado the actual question: Can I debug a process that I started with pwntools (like process("./myprog")) in GDB or some other program that can show me the content of the stack?
我已经尝试在python中获取pid并使用gdb attach附加到该pid,但这没用.
I already tried getting the pid in python and using gdb attach to attach to that pid, but that didn't work.
注意:我尝试利用的二进制文件具有guid集.不知道这是否很重要.
推荐答案
您可以使用 pwnlib.gdb 与gdb交互.
You can use the pwnlib.gdb to interface with gdb.
您可以使用gdb.attach()函数: 从文档中:
You can use the gdb.attach() function: From the docs:
bash = process('bash')
# Attach the debugger
gdb.attach(bash, '''
set follow-fork-mode child
break execve
continue
''')
# Interact with the process
bash.sendline('whoami')
或者您可以使用gdb.debug():
or you can use gdb.debug():
# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue
# Now set breakpoint on shared library routines
break malloc
break free
continue
''')
# Send a command to Bash
io.sendline("echo hello")
# Interact with the process
io.interactive()
pwntools模板包含使您开始使用gdb调试的代码.您可以通过运行pwn template ./binary_name > template.py创建pwntools模板.然后,必须在运行template.py进行调试时添加GDB arg:./template.py GDB.
The pwntools template contains code to get you started with debugging with gdb. You can create the pwntools template by running pwn template ./binary_name > template.py. Then you have to add the GDB arg when you run template.py to debug: ./template.py GDB.
如果得到[ERROR] Could not find a terminal binary to use.,则在使用gdb之前可能需要设置context.terminal.
If you get [ERROR] Could not find a terminal binary to use., you might need to set context.terminal before you use gdb.
如果您使用的是tmux,则以下内容将在新的水平拆分窗口中自动打开gdb调试会话:
context.terminal = ["tmux", "splitw", "-h"]
If you're using tmux, the following will automatically open up a gdb debugging session in a new horizontally split window:
context.terminal = ["tmux", "splitw", "-h"]
并使用新的gdb会话窗口垂直拆分屏幕:
context.terminal = ["tmux", "splitw", "-v"]
And to split the screen with the new gdb session window vertically:
context.terminal = ["tmux", "splitw", "-v"]
(注意:我从来没有使这部分正常工作,所以idk是否可以正常工作.告诉我是否让gdb正常工作).
(要使用tmux,请在计算机上安装tmux,然后只需键入tmux即可启动.然后键入python template.py GDB.
(Note: I never got this part working, so idk if it'll work. Tell me if you get the gdb thing working).
(To use tmux, install tmux on your machine, and then just type tmux to start it. Then type python template.py GDB.
如果以上方法均无效,则始终可以启动脚本,使用ps aux,找到PID,然后使用gdb -p PID附加到正在运行的进程.
If none of the above works, then you can always just start your script, use ps aux, find the PID, and then use gdb -p PID to attach to the running process.
这篇关于调试由pwntools打开的程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
