了解mpreferred-stack-boundary = number [英] Understanding mpreferred-stack-boundary=number

问题描述

我试图想象并理解如何利用mpreferred-stack-boundary（更像构建代码来为学校利用它）。从阅读gcc手册，它表明它根据mpreferred-stack-boundary = number对齐堆栈，其中number是指向base 2的指数。默认情况下，number = 4，因此堆栈的对齐方式为2 ^ 4 = 16字节。我不知道是否咖啡因会影响我的大脑，但是我在课堂上看到的所有的shell代码注入都要求我们在编译时使用mpreferred-stack-boundary = 2，这会将堆栈对齐4个字节。那么这是否意味着我已经在堆栈上放置的变量默认一次填充16个字节？另外，为什么我在缓冲区中放置的shellcode在边界设置为2时工作，但在默认模式下运行时无法运行？

I'm trying to visualize and understand how to utilize mpreferred-stack-boundary(more like build code to exploit it for school). From reading the gcc manual, it states that it aligns the stack according to mpreferred-stack-boundary=number, where number is the exponent to base 2. By default, number=4 so the alignment of the stack is 2^4= 16 bytes. I don't know if it's the caffeine messing with my brain, but all the shell code injections I've seen in class demand that we use mpreferred-stack-boundary=2 when compiling, which would align the stack by 4 bytes. So does that mean I have that the variables placed on the stack try to fill the stack 16 bytes at a time by default? Also, why does shellcode that I place in the buffer work when the boundary when it is set to 2 yet does not work when run it in default mode?

推荐答案

整个堆栈帧的大小将四舍五入为16个字节，而不是每个局部变量。 Shellcode可以以任何方式工作，但代码是针对一种特定的布局编写的，因此您需要针对不同的布局使用不同的shellcode。 - 小丑

The size of the whole stack frame will be rounded up to 16 bytes, not each individual local variable. Shellcode would work either way, but code is written for one particular layout so you need to use different shellcode for different layout. – Jester

这篇关于了解mpreferred-stack-boundary = number的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！