[클라우드 바우처] 80% 할인된 금액으로 드림핵 엔터프라이즈를 도입해 보세요. 자세히 알아보기
Master Canary 질문

Master Canary 질문

$ gdb master2
gdb-peda$ x/30i thread_routine
   ...
   0x4009c5 <thread_routine+100>:	lea    rax,[rbp-0x110]
   0x4009cc <thread_routine+107>:	mov    rsi,rax
   0x4009cf <thread_routine+110>:	mov    edi,0x0
   0x4009d4 <thread_routine+115>:	call   0x4007c0 <read@plt>
   0x4009d9 <thread_routine+120>:	mov    eax,0x0
gdb-peda$ b *0x4009d9
Breakpoint 1 at 0x4009d9
gdb-peda$ r
Starting program: master2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff77ef700 (LWP 30325)]
Size: 10000
Data: AAAA
[Switching to Thread 0x7ffff77ef700 (LWP 30325)]
gdb-peda$ x/10gx $rsi
0x7ffff77eee40:	0x0000000a41414141	0x0000000000000000
0x7ffff77eee50:	0x0000000000000000	0x0000000000000000
0x7ffff77eee60:	0x0000000000000000	0x0000000000000000
0x7ffff77eee70:	0x0000000000000000	0x0000000000000000
0x7ffff77eee80:	0x0000000000000000	0x0000000000000000
gdb-peda$ vmmap 0x7ffff77eee40
Start              End                Perm	Name
0x00007ffff6ff0000 0x00007ffff77f0000 rw-p	mapped
gdb-peda$ x/10gx $rsi+0x8e8
0x7ffff77ef728:	0x43f5baf876978b00	0xd978ebf12c7ea3a7
  • 0x8e8 오프셋 기준은 어떤 방식으로 구할 수 있나요?
#master_canary_-_3 #advanced_linux_exploitation
작성자 정보
답변 1
HLe4s
강의 수강: 10

https://hacking-master-yi.tistory.com/2
참고해주세요 구독과 좋아요~ 알람설정까지~~

2020.11.29. 14:04
질문에 대한 답을 알고 계신가요?
지식을 나누고 포인트를 획득해보세요.
답변하고 포인트 받기