我只有.out文件,我正在尝试用GDB更改整数。
(gdb) disas/r main
Dump of assembler code for function main:
0x080484da <+0>: 8d 4c 24 04 lea 0x4(%esp),%ecx
0x080484de <+4>: 83 e4 f0 and $0xfffffff0,%esp
0x080484e1 <+7>: ff 71 fc pushl -0x4(%ecx)
0x080484e4 <+10>: 55 push %ebp
0x080484e5 <+11>: 89 e5 mov %esp,%ebp
0x080484e7 <+13>: 51 push %ecx
0x080484e8 <+14>: 83 ec 14 sub $0x14,%esp
0x080484eb <+17>: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp)
0x080484f2 <+24>: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp)
0x080484f9 <+31>: 83 ec 0c sub $0xc,%esp
0x080484fc <+34>: 6a 00 push $0x0
0x080484fe <+36>: e8 6d fe ff ff call 0x8048370 <time@plt>
0x08048503 <+41>: 83 c4 10 add $0x10,%esp
0x08048506 <+44>: 83 ec 0c sub $0xc,%esp
0x08048509 <+47>: 50 push %eax
0x0804850a <+48>: e8 81 fe ff ff call 0x8048390 <srand@plt>
0x0804850f <+53>: 83 c4 10 add $0x10,%esp
0x08048512 <+56>: e8 99 fe ff ff call 0x80483b0 <rand@plt>
0x08048517 <+61>: 89 c1 mov %eax,%ecx
0x08048519 <+63>: ba 67 66 66 66 mov $0x66666667,%edx
0x0804851e <+68>: 89 c8 mov %ecx,%eax
0x08048520 <+70>: f7 ea imul %edx
0x08048522 <+72>: c1 fa 02 sar $0x2,%edx
0x08048525 <+75>: 89 c8 mov %ecx,%eax
0x08048527 <+77>: c1 f8 1f sar $0x1f,%eax
0x0804852a <+80>: 29 c2 sub %eax,%edx
0x0804852c <+82>: 89 d0 mov %edx,%eax
0x0804852e <+84>: 89 45 f4 mov %eax,-0xc(%ebp)
0x08048531 <+87>: 8b 55 f4 mov -0xc(%ebp),%edx
0x08048534 <+90>: 89 d0 mov %edx,%eax
0x08048536 <+92>: c1 e0 02 shl $0x2,%eax
0x08048539 <+95>: 01 d0 add %edx,%eax
0x0804853b <+97>: 01 c0 add %eax,%eax
0x0804853d <+99>: 29 c1 sub %eax,%ecx
0x0804853f <+101>: 89 c8 mov %ecx,%eax
0x08048541 <+103>: 89 45 f4 mov %eax,-0xc(%ebp)
0x08048544 <+106>: 83 ec 08 sub $0x8,%esp
0x08048547 <+109>: ff 75 f4 pushl -0xc(%ebp)
0x0804854a <+112>: 68 50 86 04 08 push $0x8048650
0x0804854f <+117>: e8 0c fe ff ff call 0x8048360 <printf@plt>
0x08048554 <+122>: 83 c4 10 add $0x10,%esp
0x08048557 <+125>: 83 7d f4 05 cmpl $0x5,-0xc(%ebp)
0x0804855b <+129>: 7e 2a jle 0x8048587 <main+173>
==> 0x0804855d <+131>: c7 45 f0 00 04 00 00 movl $0x400,-0x10(%ebp)
0x08048564 <+138>: 83 ec 0c sub $0xc,%esp
0x08048567 <+141>: ff 75 f0 pushl -0x10(%ebp)
0x0804856a <+144>: e8 5c ff ff ff call 0x80484cb <dump>
0x0804856f <+149>: 83 c4 10 add $0x10,%esp
0x08048572 <+152>: 83 ec 08 sub $0x8,%esp
0x08048575 <+155>: ff 75 f0 pushl -0x10(%ebp)
0x08048578 <+158>: 68 82 86 04 08 push $0x8048682
0x0804857d <+163>: e8 de fd ff ff call 0x8048360 <printf@plt>
0x08048582 <+168>: 83 c4 10 add $0x10,%esp
0x08048585 <+171>: eb 28 jmp 0x80485af <main+213>
0x08048587 <+173>: c7 45 f0 8f 02 00 00 movl $0x28f,-0x10(%ebp)
0x0804858e <+180>: 83 ec 0c sub $0xc,%esp
0x08048591 <+183>: ff 75 f0 pushl -0x10(%ebp)
0x08048594 <+186>: e8 32 ff ff ff call 0x80484cb <dump>
0x08048599 <+191>: 83 c4 10 add $0x10,%esp
0x0804859c <+194>: 83 ec 08 sub $0x8,%esp
0x0804859f <+197>: ff 75 f0 pushl -0x10(%ebp)
0x080485a2 <+200>: 68 82 86 04 08 push $0x8048682
0x080485a7 <+205>: e8 b4 fd ff ff call 0x8048360 <printf@plt>
0x080485ac <+210>: 83 c4 10 add $0x10,%esp
0x080485af <+213>: 83 ec 0c sub $0xc,%esp
0x080485b2 <+216>: 6a 05 push $0x5
0x080485b4 <+218>: e8 c7 fd ff ff call 0x8048380 <sleep@plt>
0x080485b9 <+223>: 83 c4 10 add $0x10,%esp
0x080485bc <+226>: e9 51 ff ff ff jmp 0x8048512 <main+56>
End of assembler dump.
我必须在行0x0804855d&lt; + 131&gt;行中用500改变400所以我做了
set *(0x0804855d+4) = 0x05
然后
(gdb) disas/r main
.....
0x0804855d <+131>: c7 45 f0 00 05 00 00 movl $0x500,-0x10(%edb)
.....
但是当我尝试运行它时,我将获得SIGILL并且执行将停止。 有什么明显的吗?或者不是。?
答案 0 :(得分:2)
而不是set *(0x0804855d+4) = 0x05,您应该set *(0x0804855d+3) = 0x500或set *(char*)0x8048561 = 0x5