GDB RET＆QUOT;不能在地址]按钮访问内存; [英] GDB ret "cannot access memory at address"

问题描述

简而言之：

1. 堆栈的顶部（$ ESP）= 0xbffff49c 。


2. GDB执行时 RET 指令，这与响应地址0x90909094不能访问内存。

1. top of stack ($esp) = 0xbffff49c.
2. gdb executes ret instruction, which responds with Cannot access memory at address 0x90909094.

会用gdb是什么原因试图访问 0x90909094 当在堆栈顶部的值 0xbffff49c ？

What reason would gdb be trying to access 0x90909094 when the value at the top of the stack is 0xbffff49c?

随机信息（如果它需要）：

Random info (in case it's needed):

[----------------------------------registers-----------------------------------]
EAX: 0x5a ('Z')
EBX: 0xb7fbeff4 --> 0x15ed7c 
ECX: 0xbffff428 --> 0xb7fbf4e0 --> 0xfbad2a84 
EDX: 0xb7fc0360 --> 0x0 
ESI: 0x0
EDI: 0x0 
EBP: 0x90909090 
ESP: 0xbffff49c --> 0xbffff450 --> 0xdb31c031 
EIP: 0x80485dd (<greeting+113>: ret)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x80485d0 <greeting+100>:    mov    DWORD PTR [esp],0x80487f4
   0x80485d7 <greeting+107>:    call   0x80483f0 <printf@plt>
   0x80485dc <greeting+112>:    leave  
=> 0x80485dd <greeting+113>:    ret    
   0x80485de <checkPassword>:   push   ebp
   0x80485df <checkPassword+1>: mov    ebp,esp
   0x80485e1 <checkPassword+3>: push   ebx
   0x80485e2 <checkPassword+4>: sub    esp,0x64
[------------------------------------stack-------------------------------------]
0000| 0xbffff49c --> 0xbffff450 --> 0xdb31c031 
0004| 0xbffff4a0 --> 0x0 
0008| 0xbffff4a4 --> 0xbffff564 --> 0xbffff6b2 ("/root/Desktop/CSCE_526/task1")
0012| 0xbffff4a8 --> 0x804876b (<__libc_csu_init+11>:   add    ebx,0x1351)
0016| 0xbffff4ac --> 0xb7fbeff4 --> 0x15ed7c 
0020| 0xbffff4b0 --> 0x8048760 (<__libc_csu_init>:  push   ebp)
0024| 0xbffff4b4 --> 0x0 
0028| 0xbffff4b8 --> 0xbffff538 --> 0x0 
[------------------------------------------------------------------------------]
gdb-peda$ n
Cannot access memory at address 0x90909094

我溢出的缓冲区，并试图得到它来执行一些shell code，但我不知道如果这些细节都考虑到相关问题的简单：为什么RET试图访问数据不该堆顶部？

I'm overflowing a buffer and trying to get it to execute some shellcode, but I'm not sure if those details are relevant considering the simplicity of the question: why is ret trying to access data not on the top of the stack?

推荐答案

在我看来，如果你的调试器不显示离开指令后的寄存器状态，但在此之前它。

It looks to me as if your debugger isn't showing the register state after the leave instruction, but before it.

我相信离开确实 ESP = EBP 键，这将使意义，因为它可以将该地址不能上网就是一个字之后存储在EBP的地址

I believe leave does esp = ebp and that would make sense because the address it cannot access is one word after the address stored in ebp.

所以我觉得这个问题是不是 RET 的目的地，但是当 RET 去访问情况堆栈检索其返回地址。

So I think that the problem isn't the destination of ret but happens when ret goes to access the stack to retrieve its return address.

编辑：其实我现在相信访问冲突内发生的离开指令和 RET 从来没有执行在所有。 离开还试图弹出EBP ，我想访问冲突是存在的。

Actually I now believe the access violation is happening inside the leave instruction and ret never executes at all. leave also tries to pop ebp and I think the access violation is there.

查看的一些信息离开此处的关于留在x86汇编

这篇关于GDB RET＆QUOT;不能在地址]按钮访问内存;的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！