GDB 可以更改正在运行的程序的汇编代码吗? [英] Can GDB change the assembly code of a running program?

问题描述

我想为/bin/ls 添加一些额外的功能.
所以我在gdb上启动它，并在开头添加了一个断点.

I want to add some extra funcionality to /bin/ls.
So I started it on gdb and added a breakpoint at the beginning.

现在的问题是:如何更改内存中正在运行的程序的代码?我可以看到汇编代码，但我无法修改.我该怎么做?

Now question is: how can I change the code of a running program in memory? I can see the assembly code, but I'm not able to modify. How can I do it?

例如，在 Windows 上，我可以使用 oldbg 轻松做到这一点.在 Linux 上怎么样?

On Windows I can easily do this with olldbg for example. How about on Linux?

(我知道这样做只会更改内存中进程的代码.所以我可以将内存转储到文件中，然后我会将更改保存在二进制文件中).

(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file).

谢谢.

推荐答案

您可以直接将二进制写入内存，但 GDB 默认没有内置汇编程序，但是您可以执行类似 set *(unsigned char*)0x80FFDDEE = 0x90 例如将该地址处的助记符更改为 NOP.但是，您可以使用 NASM 编写 shellcode 并使用 perl 或 python 将其注入程序:)

You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)

您可能还喜欢这个 .gdbinit 小文件，以简化调试分配:https://gist.github.com/985474

You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474

这篇关于GDB 可以更改正在运行的程序的汇编代码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！