解决黑客的困境:剥削的艺术 [英] Address woes from Hacking: The Art of Exploitation
问题描述
#include< stdio.h>
int main(){
int i; (i = 0; i< 10; i ++)
{
//循环10次。
printf(Hello,world!\\\
); //将字符串放到输出。 }
return 0; //告诉操作系统程序退出没有错误。你可以用gcc(显然是:3)编译它,然后使用objdump(对于这个我来说是这样的):
<刚刚使用gobjdump,找不到OS X的objdump)将输出管道输出到grep与main:正则表达式并显示前20行。然后用gdb进行调试,并在主程序中断开。 这是我的主要问题:所有的内存地址都不一样!
例如,书中的eip是: 0x804837a 。但是,我的电脑与rip的是: 0x100000ee8 我以为这只是因为我使用64位操作系统,但是当我用32位版本的达尔文启动时,我得到了相同的结果。如果有人知道这个问题是什么,我会非常感激。如果这是真的很愚蠢的给我休息一下,我刚刚转14:)
我相信你正在学习反向工程,您还应该查看 ASLR 是什么。那就是您的程序的偏移量与本书不同的主要原因。它基本上随机将程序位于内存中,以便您无法创建将代码硬编码到shell代码的漏洞。这使得创建更加困难。
I bought this book recently titled: Hacking: The Art of Exploitation (2nd Edition) and it's been bugging me so much lately. Anyway, with one of the examples, firstprog.c :
#include <stdio.h>
int main() {
int i;
for(i=0; i < 10; i++) {
// Loop 10 times.
printf("Hello, world!\n"); // put the string to the output. }
return 0; // Tell OS the program exited without errors. }
It has you compile it with gcc (obviously :3 ), then use objdump (for this I just used gobjdump, couldn't find objdump for OS X) pipe the output to grep with main.: as the regex and show the first 20 lines. Then debug with gdb and break at main. Here's my main issue: all of the memory addresses are different!! For example, eip in the book is: 0x804837a. But with my computer with rip it's: 0x100000ee8 I was thinking it was just because I'm using a 64 bit OS, yet when I booted with the 32 bit version of Darwin, I got the same result. If anyone knows what this issue is, I'd greatly appreciate it. If it's something really stupid give me a break, I just turned 14 :)
As I'm sure you're studying reverse engineering, you should also look up what ASLR is. That is the main reason why your program's offset is different from the one from the book. It basically randomizes where your program will be located in the memory so that you can't create an exploit that hardcodes the address to shell code. This makes creating exploit a lot harder.
这篇关于解决黑客的困境:剥削的艺术的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
