返回libc在gdb中工作，但不在单独运行时工作 [英] return to libc works in gdb but not when running alone

问题描述

I am trying return to libc trick with the following simple code:

#define SYSTEM_CALL_ADDR 0xb7ec5e50  /*my system call addr*/
#define EXIT_CALL_ADDR  0xb7ebbb80   /*my exit call addr*/
char shell[] = "/bin/sh";

int main(){
 int* p; 
 p = (int*)&p + 2;
 *p = SYSTEM_CALL_ADDR;

 p = (int*)&p + 3;
 *p = EXIT_CALL_ADDR;

 p = (int*)&p + 4;
 *p = shell;

 return 1;
}

有趣的是，当我运行这个程序时，它以Segmentation error如果我使用gdb进行调试并一步一步地运行它，那就完全正常了，产生一个shell然后退出程序。有人遇到这种情况？或者有人请指导我如何纠正？首先感谢。我在ArchLinux内核上：2.6.33，gcc 4.5.0。

Interestingly when I run this program, it ends with "Segmentation error", but if I debug it using gdb and run it step by step, it's totally fine, spawning a shell and then exiting program. Anybody meet this situation? or could somebody please guide me how to correct this? Thanks first. I am on ArchLinux kernel:2.6.33, gcc 4.5.0.

推荐答案

gdb禁用一些缓冲区溢出攻击缓解技术如ProPolice和地址空间布局随机化（ASLR）。

gdb disables some of the buffer overflow exploit mitigation techniques such as ProPolice and address space layout randomization (ASLR).

这篇关于返回libc在gdb中工作，但不在单独运行时工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！