GDB可以更改正在运行的程序的汇编代码吗? [英] Can GDB change the assembly code of a running program?
问题描述
所以我在gdb上启动它,并在开头添加了一个断点。
现在的问题是:如何在内存中更改正在运行的程序的代码?我可以看到汇编代码,但是我无法修改。我该怎么做?
在Windows上,我可以轻松地用olldbg这样做。在Linux上怎么样?
(我知道这样做,我只会改变内存中的进程代码,所以我可以将内存转储到一个文件,然后我将把更改保存在二进制文件中)
谢谢。
您可以直接将二进制写入内存,但GDB默认情况下没有汇编程序生成,但可以执行类似于 set *(unsigned char *)0x80FFDDEE = 0x90 将该地址处的助记符更改为例如NOP。然而,您可以使用NASM编写一个shellcode,并使用perl或python将其注入到程序中:)
您可能还希望这个小的.gdbinit文件进行调试分配更容易: https://gist.github.com/985474
I want to add some extra funcionality to /bin/ls.
So I started it on gdb and added a breakpoint at the beginning.
Now question is: how can I change the code of a running program in memory? I can see the assembly code, but I'm not able to modify. How can I do it?
On Windows I can easily do this with olldbg for example. How about on Linux?
(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file).
Thank you.
You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)
You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474
这篇关于GDB可以更改正在运行的程序的汇编代码吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
