使用 gdb 修改二进制文件 [英] Use gdb to Modify Binary
问题描述
我试图修改gdb下的可执行文件.虽然内存变了,但是对应的可执行文件没有变,所以下次运行程序修改就没有了.
I tried to modify executable file under gdb. Even though memory has been changed, but corresponding executable does not change, so next time run the program the modification is gone.
我使用 -write 选项启动 gdb.我也尝试过设置写入然后重新加载执行文件我用 set {unsigned char}addr = 0xf;
I started gdb with -write option. I also tried set write on and then reload exec-file I changed the memory with set {unsigned char}addr = 0xf;
但对应的文件没有改变.
but the corresponding file is not changed.
推荐答案
但对应的文件没有改变.
but the corresponding file is not changed.
很难说您实际修改的是哪个地址,以及您的更改是否应该实际修改二进制文件.
It's hard to say what address you are actually modifying, and so whether your change should actually modify the binary or not.
以前发现修改完二进制后需要立即quit.如果我执行 quit 以外的任何操作(例如 run),那么 GDB 会丢弃我的更改,但如果我 quit,那么更改将拿".
In the past, I've found that after modifying the binary, I need to immediately quit. If I do anything other than quit (e.g. run), then GDB would discard my change, but if I quit, then the change would "take".
例子:
$ cat t.c
int main()
{
return 42;
}
$ gcc t.c && ./a.out; echo $?
42
$ gdb --write -q ./a.out
(gdb) disas/r main
Dump of assembler code for function main:
0x00000000004004b4 <+0>: 55 push %rbp
0x00000000004004b5 <+1>: 48 89 e5 mov %rsp,%rbp
0x00000000004004b8 <+4>: b8 2a 00 00 00 mov $0x2a,%eax
0x00000000004004bd <+9>: 5d pop %rbp
0x00000000004004be <+10>: c3 retq
End of assembler dump.
(gdb) set {unsigned char}0x00000000004004b9 = 22
(gdb) disas/r main
Dump of assembler code for function main:
0x00000000004004b4 <+0>: 55 push %rbp
0x00000000004004b5 <+1>: 48 89 e5 mov %rsp,%rbp
0x00000000004004b8 <+4>: b8 16 00 00 00 mov $0x16,%eax <<< ---changed
0x00000000004004bd <+9>: 5d pop %rbp
0x00000000004004be <+10>: c3 retq
End of assembler dump.
(gdb) q
$ ./a.out; echo $?
22 <<<--- Just as desired
这篇关于使用 gdb 修改二进制文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
