问题描述
我对返回式编程非常陌生。
在 64 位 linux 上运行。试图覆盖函数“not_call”的返回地址。正确的论据应该是什么?
ridzuan@ubuntu:~/Desktop/mypintool/codes$ gdb -q rop
Reading symbols from rop...(no debugging symbols found)...done.
(gdb) disas vulnerable_function
Dump of assembler code for function vulnerable_function:
0x0000000000000744 <+0>: push %rbp
0x0000000000000745 <+1>: mov %rsp,%rbp
0x0000000000000748 <+4>: add $0xffffffffffffff80,%rsp
0x000000000000074c <+8>: mov %rdi,-0x78(%rbp)
0x0000000000000750 <+12>: mov -0x78(%rbp),%rdx
0x0000000000000754 <+16>: lea -0x70(%rbp),%rax
0x0000000000000758 <+20>: mov %rdx,%rsi
0x000000000000075b <+23>: mov %rax,%rdi
0x000000000000075e <+26>: callq 0x5d0
0x0000000000000763 <+31>: nop
0x0000000000000764 <+32>: leaveq
0x0000000000000765 <+33>: retq
End of assembler dump.
(gdb) print not_called
$1 = {<text variable,no debug info>} 0x720 <not_called>
(gdb) quit
ridzuan@ubuntu:~/Desktop/mypintool/codes$ ./rop "$(python -c 'print
"A"*0x80 + "BBBBBBBB" + "\x07\x44"')"
Segmentation fault (core dumped)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)