调用指令中的随机地址

逆向工程 外壳代码
2021-07-08 05:58:33

我正在尝试在程序集中使用 write system call shellcode,但是当我运行它时,我遇到了分段错误。我确实调试了它,因为调用指令在指令中具有随机地址。

jamesbond008@jamesbond008-VirtualBox:~/Desktop/buffer-overflow-exploit-detect-prevent$ gdb -q ./test_write
Reading symbols from ./test_write...(no debugging symbols found)...done.
(gdb) run
Starting program: /home/jamesbond008/Desktop/buffer-overflow-exploit-detect-prevent/test_write 

Program received signal SIGSEGV, Segmentation fault.
0x6d4ca060 in ?? ()
(gdb) disass main
Dump of assembler code for function main:
   0x080483db <+0>: lea    ecx,[esp+0x4]
   0x080483df <+4>: and    esp,0xfffffff0
   0x080483e2 <+7>: push   DWORD PTR [ecx-0x4]
   0x080483e5 <+10>:    push   ebp
   0x080483e6 <+11>:    mov    ebp,esp
   0x080483e8 <+13>:    push   ecx
   0x080483e9 <+14>:    sub    esp,0x14
   0x080483ec <+17>:    mov    DWORD PTR [ebp-0xc],0x804a040
   0x080483f3 <+24>:    mov    eax,DWORD PTR [ebp-0xc]
   0x080483f6 <+27>:    call   eax
   0x080483f8 <+29>:    mov    eax,0x0
   0x080483fd <+34>:    add    esp,0x14
   0x08048400 <+37>:    pop    ecx
   0x08048401 <+38>:    pop    ebp
   0x08048402 <+39>:    lea    esp,[ecx-0x4]
   0x08048405 <+42>:    ret    
End of assembler dump.
(gdb) x/25i $eax
   0x8040000:   Cannot access memory at address 0x8040000
(gdb) x/25i 0x804a040
   0x804a040 <shellcode>:   xor    ax,ax
   0x804a043 <shellcode+3>: xor    bx,bx
   0x804a046 <shellcode+6>: xor    cx,cx
   0x804a049 <shellcode+9>: xor    dx,dx
   0x804a04c <shellcode+12>:    jmp    0x804a04e <shellcode+14>
   0x804a04e <shellcode+14>:    call   0x6d4ca060     #random address  should be 0x804a060
   0x804a053 <shellcode+19>:    ins    BYTE PTR es:[edi],dx
   0x804a054 <shellcode+20>:    ins    BYTE PTR es:[edi],dx
   0x804a055 <shellcode+21>:    outs   dx,DWORD PTR ds:[esi]
   0x804a056 <shellcode+22>:    sub    al,0x20
   0x804a058 <shellcode+24>:    ja     0x804a0c9
   0x804a05a <shellcode+26>:    jb     0x804a0c8
   0x804a05c <shellcode+28>:    and    DWORD PTR fs:[esi+0x59],esp
   0x804a060 <shellcode+32>:    mov    bl,0x1
   0x804a062 <shellcode+34>:    mov    dl,0xd
   0x804a064 <shellcode+36>:    mov    al,0x4
   0x804a066 <shellcode+38>:    int    0x80
   0x804a068 <shellcode+40>:    dec    bl
   0x804a06a <shellcode+42>:    mov    al,0x1
   0x804a06c <shellcode+44>:    int    0x80
   0x804a06e <shellcode+46>:    add    BYTE PTR [eax],al

我怎样才能得到正确的地址call

0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇出于学习目的需要建议 下一篇有没有办法从已安装的 apk 访问 assembly-csharp?(统一游戏,游戏数据)