GDB RET"不能在地址]按钮访问内存; [英] GDB ret "cannot access memory at address"
问题描述
简而言之:
- 堆栈的顶部
($ ESP)= 0xbffff49c
。 - GDB执行时
RET
指令,这与响应地址0x90909094不能访问内存
。
- top of stack
($esp) = 0xbffff49c
. - gdb executes
ret
instruction, which responds withCannot access memory at address 0x90909094
.
会用gdb是什么原因试图访问 0x90909094
当在堆栈顶部的值 0xbffff49c
?
What reason would gdb be trying to access 0x90909094
when the value at the top of the stack is 0xbffff49c
?
随机信息(如果它需要):
Random info (in case it's needed):
[----------------------------------registers-----------------------------------]
EAX: 0x5a ('Z')
EBX: 0xb7fbeff4 --> 0x15ed7c
ECX: 0xbffff428 --> 0xb7fbf4e0 --> 0xfbad2a84
EDX: 0xb7fc0360 --> 0x0
ESI: 0x0
EDI: 0x0
EBP: 0x90909090
ESP: 0xbffff49c --> 0xbffff450 --> 0xdb31c031
EIP: 0x80485dd (<greeting+113>: ret)
EFLAGS: 0x292 (carry parity ADJUST zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x80485d0 <greeting+100>: mov DWORD PTR [esp],0x80487f4
0x80485d7 <greeting+107>: call 0x80483f0 <printf@plt>
0x80485dc <greeting+112>: leave
=> 0x80485dd <greeting+113>: ret
0x80485de <checkPassword>: push ebp
0x80485df <checkPassword+1>: mov ebp,esp
0x80485e1 <checkPassword+3>: push ebx
0x80485e2 <checkPassword+4>: sub esp,0x64
[------------------------------------stack-------------------------------------]
0000| 0xbffff49c --> 0xbffff450 --> 0xdb31c031
0004| 0xbffff4a0 --> 0x0
0008| 0xbffff4a4 --> 0xbffff564 --> 0xbffff6b2 ("/root/Desktop/CSCE_526/task1")
0012| 0xbffff4a8 --> 0x804876b (<__libc_csu_init+11>: add ebx,0x1351)
0016| 0xbffff4ac --> 0xb7fbeff4 --> 0x15ed7c
0020| 0xbffff4b0 --> 0x8048760 (<__libc_csu_init>: push ebp)
0024| 0xbffff4b4 --> 0x0
0028| 0xbffff4b8 --> 0xbffff538 --> 0x0
[------------------------------------------------------------------------------]
gdb-peda$ n
Cannot access memory at address 0x90909094
我溢出的缓冲区,并试图得到它来执行一些shell code,但我不知道如果这些细节都考虑到相关问题的简单:为什么RET试图访问数据不该堆顶部?
I'm overflowing a buffer and trying to get it to execute some shellcode, but I'm not sure if those details are relevant considering the simplicity of the question: why is ret trying to access data not on the top of the stack?
推荐答案
在我看来,如果你的调试器不显示离开
指令后的寄存器状态,但在此之前它。
It looks to me as if your debugger isn't showing the register state after the leave
instruction, but before it.
我相信离开
确实 ESP = EBP
键,这将使意义,因为它可以将该地址不能上网就是一个字之后存储在EBP的地址
I believe leave
does esp = ebp
and that would make sense because the address it cannot access is one word after the address stored in ebp.
所以我觉得这个问题是不是 RET
的目的地,但是当 RET
去访问情况堆栈检索其返回地址。
So I think that the problem isn't the destination of ret
but happens when ret
goes to access the stack to retrieve its return address.
编辑:其实我现在相信访问冲突内发生的离开
指令和 RET
从来没有执行在所有。 离开
还试图弹出EBP
,我想访问冲突是存在的。
Actually I now believe the access violation is happening inside the leave
instruction and ret
never executes at all. leave
also tries to pop ebp
and I think the access violation is there.
查看的一些信息离开
此处的关于留在x86汇编
这篇关于GDB RET&QUOT;不能在地址]按钮访问内存;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!