GDB断点不会停在指定的地址

时间:2017-11-25 00:25:42

标签: assembly x86 gdb reverse-engineering ptrace

我使用此命令在特定地址设置了断点:break *0x080488CA但它没有停止。我之前设置了一个断点,它可以正常工作,但是当使用run group3在gdb中运行时,并在第一个断点之后继续,它会跳过第二个断点。知道为什么会这样吗?下面是图片,突出显示了我试图突破的行:

enter image description here

可以在此处下载整个源文件:https://drive.google.com/open?id=1iLS8vhbPIHCmOqTjidFFUIkYq4_7WuEZ

以下是调用ptrace的代码:

.text:0804889D
.text:0804889D loc_804889D:                            ; CODE XREF: check+158↑j
.text:0804889D                 call    _getppid
.text:080488A2                 mov     [ebp+var_C], eax
.text:080488A5                 mov     dword ptr [esp+0Ch], 0
.text:080488AD                 mov     dword ptr [esp+8], 0
.text:080488B5                 mov     eax, [ebp+var_C]
.text:080488B8                 mov     [esp+4], eax
.text:080488BC                 mov     dword ptr [esp], 10h ; request
.text:080488C3                 call    _ptrace
.text:080488C8                 test    eax, eax
.text:080488CA                 jns     short loc_80488E4
.text:080488CC                 mov     dword ptr [esp], offset aYouFoolNobodyD ; "[-] You fool, nobody debug me!!!"
.text:080488D3                 call    _puts
.text:080488D8                 mov     dword ptr [esp], 0FFFFFFFFh ; status
.text:080488DF                 call    _exit
.text:080488E4
.text:080488E4 loc_80488E4:                            ; CODE XREF: check+195↑j
.text:080488E4                 mov     dword ptr [esp], 1 ; seconds
.text:080488EB                 call    _sleep
.text:080488F0                 mov     dword ptr [esp+0Ch], 0
.text:080488F8                 mov     dword ptr [esp+8], 0
.text:08048900                 mov     eax, [ebp+var_C]
.text:08048903                 mov     [esp+4], eax
.text:08048907                 mov     dword ptr [esp], 11h ; request
.text:0804890E                 call    _ptrace
.text:08048913                 mov     dword ptr [esp], 0 ; status
.text:0804891A                 call    _exit
.text:0804891A check           endp ; sp-analysis failed
.text:0804891A
.text:0804891F
.text:0804891F ; =============== S U B R O U T I N E =======================================

成功断点08048859:

.text:0804882A loc_804882A:                            ; CODE XREF: check+DD↑j
.text:0804882A                 mov     eax, [ebp+var_14]
.text:0804882D                 cmp     eax, 32h
.text:08048830                 jbe     short loc_8048814
.text:08048832                 mov     dword ptr [esp+4], offset modes ; "r"
.text:0804883A                 lea     eax, [ebp+command]
.text:0804883D                 mov     [esp], eax      ; command
.text:08048840                 call    _popen
.text:08048845                 mov     [ebp+stream], eax
.text:08048848                 cmp     [ebp+stream], 0
.text:0804884C                 jz      short loc_8048876
.text:0804884E                 mov     eax, [ebp+stream]
.text:08048851                 mov     [esp], eax      ; stream
.text:08048854                 call    _fgetc
.text:08048859                 cmp     eax, 0FFFFFFFFh
.text:0804885C                 jz      short loc_8048876
.text:0804885E                 mov     dword ptr [esp], offset aNoVmPlease ; "[-] No vm please ;)"
.text:08048865                 call    _puts
.text:0804886A                 mov     dword ptr [esp], 0FFFFFFFFh ; status
.text:08048871                 call    _exit

0 个答案:

没有答案
相关问题
最新问题