反转ELF 64位LSB饼状可执行文件

时间:2019-05-09 08:24:52

标签: gdb elf lsb

我有一个文件crackme,它是可执行文件。

hamuto@hamuto-pc:~/Security/NOOB/FruitSalad$ file crackme 
crackme: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=5418569f8ce35c5b188b0a4f13e79f4a611ee54e, stripped

我试图按照波纹管问题的解决方法进行操作。
https://reverseengineering.stackexchange.com/questions/3815/reversing-elf-64-bit-lsb-executable-x86-64-gdb

可悲的是,我遇到问题,找不到解决办法。
我做了什么:

hamuto@hamuto-pc:~/Security/NOOB/FruitSalad$ gdb crackme -q
Reading symbols from crackme...
(No debugging symbols found in crackme)
gdb$ info files
Symbols from "/home/hamuto/Security/NOOB/FruitSalad/crackme".
Local exec file:
    `/home/hamuto/Security/NOOB/FruitSalad/crackme', file type elf64-x86-64.
    Entry point: 0x22b0
    0x00000000000002a8 - 0x00000000000002c4 is .interp
    0x00000000000002c4 - 0x00000000000002e4 is .note.ABI-tag
    0x00000000000002e4 - 0x0000000000000308 is .note.gnu.build-id
    0x0000000000000308 - 0x0000000000000340 is .gnu.hash
    0x0000000000000340 - 0x0000000000000850 is .dynsym
    0x0000000000000850 - 0x00000000000010d4 is .dynstr
    0x00000000000010d4 - 0x0000000000001140 is .gnu.version
    0x0000000000001140 - 0x00000000000011f0 is .gnu.version_r
    0x00000000000011f0 - 0x0000000000001508 is .rela.dyn
    0x0000000000001508 - 0x00000000000018b0 is .rela.plt
    0x0000000000002000 - 0x0000000000002017 is .init
    0x0000000000002020 - 0x00000000000022a0 is .plt
    0x00000000000022a0 - 0x00000000000022a8 is .plt.got
    0x00000000000022b0 - 0x0000000000009b81 is .text
    0x0000000000009b84 - 0x0000000000009b8d is .fini
    0x000000000000a000 - 0x000000000000a2da is .rodata
    0x000000000000a2dc - 0x000000000000ae90 is .eh_frame_hdr
    0x000000000000ae90 - 0x000000000000df70 is .eh_frame
    0x000000000000df70 - 0x000000000000e25c is .gcc_except_table
    0x000000000000fd10 - 0x000000000000fd28 is .init_array
    0x000000000000fd28 - 0x000000000000fd30 is .fini_array
    0x000000000000fd30 - 0x000000000000fdb8 is .data.rel.ro
    0x000000000000fdb8 - 0x000000000000ffc8 is .dynamic
    0x000000000000ffc8 - 0x0000000000010000 is .got
    0x0000000000010000 - 0x0000000000010150 is .got.plt
    0x0000000000010150 - 0x000000000001016c is .data
    0x0000000000010180 - 0x00000000000103f0 is .bss
gdb$

如您所见,入口点位于0x22b0。如果我尝试创建一个断点并运行:

gdb$ break *0x22b0
Breakpoint 1 at 0x22b0
gdb$ r
Starting program: /home/hamuto/Security/NOOB/FruitSalad/crackme 

[1]+  Arrêté                gdb crackme -q
hamuto@hamuto-pc:~/Security/NOOB/FruitSalad$

该程序实际上已进入后台,我可以使用命令fg将其取回:

hamuto@hamuto-pc:~/Security/NOOB/FruitSalad$ fg
gdb crackme -q
Warning:
Cannot insert breakpoint 1.
Cannot access memory at address 0x22b0

仍然很奇怪,gdb进入了后台,但是如果我尝试反汇编大小为50的入口点,那还不是全部:

gdb$ disas 0x22b0,+50
Dump of assembler code from 0x22b0 to 0x2300:
   0x00000000000022b0:  Cannot access memory at address 0x22b0

它不起作用,我必须缺少一些东西。谢谢您的帮助。

0 个答案:

没有答案
相关问题
最新问题