阅读或lseek在notesearch.c程序中奇怪地工作，程序不打印笔记 [英] Read or lseek working weirdly in notesearch.c program, program doesn't print notes

问题描述

嘿大家，我正在阅读Jon Erickson的剥削的艺术，并且有一个程序无法正常工作，即使在调试和测试了几件事之后，我似乎无法找到解决方案......



该程序应该在/ var / notes的文件中搜索与另一个程序notetaker一起使用的笔记。问题是，它没有打印注释，只是[DEBUG]行说它发现了一个注释......这是源代码，它是文档化的，很容易理解：

< a href => https://github.com/florian-pjde/Art_of_exploitation/blob/master/notesearch_debug.c



这是本书的预期结果：

Hey everyone, I'm reading Jon Erickson's The Art of Exploitation, and there's a program not working, and even after debugging and testing several things, I can't seem to find a solution...

That program is supposed to search for notes taken with another program, notetaker, in a file at /var/notes. The thing is, it does not print the note, just the [DEBUG] line saying that it found a note... Here is the souce code, it is documented and pretty easy to understand:
https://github.com/florian-pjde/Art_of_exploitation/blob/master/notesearch_debug.c

Here is the expected result from the book:

reader@hacking:~/booksrc $ ./notesearch
[DEBUG] found a 34 byte note for user id 999
this is a test of multiuser notes
-------[ end of note data ]-------

和我得到的：

and what I get:

florian@parrot:~/Documents/Art_of_Exploitation/book_code $ ./notesearch
[DEBUG] found a 34 byte note for user id 1000
-------[ end of note data ]-------

问题是，note_buffer是空的，显然没有什么可以打印，似乎来自这两行中的任何一行：

The problem, being that note_buffer is empty, so obviously there's nothing to print, seems to come from either of these two lines:

read(fd, note_buffer, note_length);

（第45行）



fd是/ var / notes的文件标识符，note_buffer是100长度的char数组，note_length是注释的实际长度，正确地完成了通过另一个功能。所以可能是read不会将任何文件写入note_buffer。或者，

(line 45)

fd being the file identifier for /var/notes, note_buffer a char array of 100 length, and note_length the real length of the note, which is correctly being done by another function. So it could be that read doesn't write anything from the file to note_buffer. Or,

lseek(fd, length * -1, SEEK_CUR); // rewind file reading by length bytes

（第77行）



fd再次成为文件标识符，长度是注释的长度（我们在另一个函数中），SEEK_CUR从我理解的当前位置回退。可能是它没有正确倒带，所以读取不起作用。



我尝试过：



我在程序中放了几个[DEBUG]行并再次编译，似乎长度是正确的，但note_buffer为null，所以要么它不读取文件对它来说，或者lseek没有正确倒带以便它读取正确的位置，我没有看到任何其他方式...这是程序的输出与附加[DEBUG]行：

(line 77)

fd being again the file identifier, length the length of the note (we are in another function), and SEEK_CUR rewinds from current position from what I've understood. It could be that it doesn't rewind correctly, so the read doesn't work.

What I have tried:

I've put several [DEBUG] lines in the program and compiled again, it seems the length is correct, but the note_buffer is null, so either it does not read the file to it, or lseek does not rewind correctly for it to read the right place, I don't see any other way... Here is the output of the program with the additional [DEBUG] lines:

[DEBUG] length is 34
[DEBUG] found a 34 byte note for user id 1000
[DEBUG] note_length is 34
[DEBUG] read(fd, note_buffer, note_length) results 0
[DEBUG] note_buffer is
[DEBUG] note_buffer[0] is
[DEBUG] note_buffer[note_length] is
-------[ end of note data ]-------

我在Stackoverflow上搜索过在这里关于这一点，但似乎没有其他读者认为有必要了解它为什么不起作用：/



是否有人有另一种方法可以尝试找出正在发生的事情或解决方案的开始？我很高兴自己做事，但我有时受到经验的限制，这就是我来找你的原因：）

I've searched on Stackoverflow and in here about this but it seems that no other reader deemed it necessary to see why it wasn't working :/

Would someone have another way to try and find out what's happening, or a beginning of a solution? I'm happy doing things myself, but I'm sometimes limited by experience, which is why I come to you :)

推荐答案

./ notesearch
[DEBUG]发现用户ID为999
的34字节注释这是对多用户注释的测试
------- [注释数据结束] -------

./notesearch [DEBUG] found a 34 byte note for user id 999 this is a test of multiuser notes -------[ end of note data ]-------

和我得到的：

and what I get:

florian@parrot:~/Documents/Art_of_Exploitation/book_code

./ notesearch
[DEBUG]找到一个34字节的注释，用户ID为1000
------- [注释数据结束] --- ----

./notesearch [DEBUG] found a 34 byte note for user id 1000 -------[ end of note data ]-------

问题是，note_buffer是空的，显然没有什么可以打印的，似乎来自这两行中的任何一行：

The problem, being that note_buffer is empty, so obviously there's nothing to print, seems to come from either of these two lines:

read(fd, note_buffer, note_length);

（第45行）



fd是/ var / notes的文件标识符，note_buffer是100长度的char数组，note_length是注释的实际长度，正是由另一个函数完成。所以可能是read不会将任何文件写入note_buffer。或者，

(line 45)

fd being the file identifier for /var/notes, note_buffer a char array of 100 length, and note_length the real length of the note, which is correctly being done by another function. So it could be that read doesn't write anything from the file to note_buffer. Or,

lseek(fd, length * -1, SEEK_CUR); // rewind file reading by length bytes

（第77行）



fd再次成为文件标识符，长度是注释的长度（我们在另一个函数中），SEEK_CUR从我理解的当前位置回退。可能是它没有正确倒带，所以读取不起作用。



我尝试过：



我在程序中放了几个[DEBUG]行并再次编译，似乎长度是正确的，但note_buffer为null，所以要么它不读取文件对它来说，或者lseek没有正确倒带以便它读取正确的位置，我没有看到任何其他方式...这是程序的输出与附加[DEBUG]行：

(line 77)

fd being again the file identifier, length the length of the note (we are in another function), and SEEK_CUR rewinds from current position from what I've understood. It could be that it doesn't rewind correctly, so the read doesn't work.

What I have tried:

I've put several [DEBUG] lines in the program and compiled again, it seems the length is correct, but the note_buffer is null, so either it does not read the file to it, or lseek does not rewind correctly for it to read the right place, I don't see any other way... Here is the output of the program with the additional [DEBUG] lines:

[DEBUG] length is 34
[DEBUG] found a 34 byte note for user id 1000
[DEBUG] note_length is 34
[DEBUG] read(fd, note_buffer, note_length) results 0
[DEBUG] note_buffer is
[DEBUG] note_buffer[0] is
[DEBUG] note_buffer[note_length] is
-------[ end of note data ]-------

我在Stackoverflow上搜索过在这里关于这一点，但似乎没有其他读者认为有必要了解它为什么不起作用：/



是否有人有另一种方法可以尝试找出正在发生的事情或解决方案的开始？我很乐意自己做事，但我有时受到经验的限制，这就是我来找你的原因:)。

I've searched on Stackoverflow and in here about this but it seems that no other reader deemed it necessary to see why it wasn't working :/

Would someone have another way to try and find out what's happening, or a beginning of a solution? I'm happy doing things myself, but I'm sometimes limited by experience, which is why I come to you :)

我不会去随机网站并下载随机源码！所以，这取决于你。

幸运的是，你有一个工具可以帮助你找到正在发生的事情：调试器。你如何使用它取决于你的编译器系统，但是一个快速的谷歌用于你的IDE名称和调试器应该给你你需要的信息。



放一个两条线上的断点，并看看它首先击中它。

如果它击中了读数，那么 - 单步执行它并查看note_buffer和长度并确切地看到它读取的内容。如果它看起来不错，那么应用程序会继续，直到它击中另一个。怎么了？笔记缓冲区是否仍然有效？



然后查看您的代码，并查看您的数据并找出手动应该发生的事情。然后单步执行每一行检查您预期发生的情况正是如此。如果不是，那就是当你遇到问题时，你可以回溯（或者再次运行并仔细观察）以找出原因。


对不起，但我们不能为你做到这一点 - 时间让你学习一门新的（非常非常有用的）技能：调试！

I'm not going to a random site and downloading random source code! So, it's going to be up to you.
Fortunately, you have a tool available to you which will help you find out what is going on: the debugger. How you use it depends on your compiler system, but a quick Google for the name of your IDE and "debugger" should give you the info you need.

Put a breakpoint on both of the lines, and see which it hits first.
If it hits the read, good - single step it and look at the note_buffer and length and see exactly what it read. If it looks good, then the the app continue until it hits the other. What happens? Is the note buffer still valid?

Then look at your code, and at your data and work out what should happen manually. Then single step each line checking that what you expected to happen is exactly what did. When it isn't, that's when you have a problem, and you can back-track (or run it again and look more closely) to find out why.

Sorry, but we can't do that for you - time for you to learn a new (and very, very useful) skill: debugging!

这篇关于阅读或lseek在notesearch.c程序中奇怪地工作，程序不打印笔记的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！