问题描述
我试图通过重定向输入(得到)使用run< inputfile里面的gdb
我可以溢出程序成功,但有麻烦附加十六进制值的字符串..我试过引号,将mem addr的值转换为ascii和各种逃跑尝试(\,\,\),没有运气。
输入文件示例:
AAAA\x42
在上面的例子中,反斜杠看起来像是ascii char(5c),值42仍然在堆栈中(奇怪?)。
如何指定gdb输入文件中的十六进制值?
谢谢
使用perl! :)
reader @ hacking:〜/ booksrc $ ./overflow_example $(perl -e'printAx30')
用'e'选项perl会评估下面的命令,并且周围的所有东西都会处理输出perl作为一个字符串。因此,上面的命令与以下内容相同:
reader @ hacking:〜/ booksrc $ ./overflow_example AAAAAAAAAAAAAAAAAAAAAAAAA
code>
(在字符串重复30次后添加x30)。
当然perl接受符号 \x ??
的其他十六进制值。还有一句话,连接字符串使用了一个点:
reader @ hacking:〜/ booksrc $ perl -e'printA x20。 BCD。 \x61\x66\x67\x69;'
AAAAAAAAAAAAAAAAAAAABCDafgi
因此,您可以在输入文件中重定向perl的输出,或者在运行程序时直接调用gdb中的perl。
I'm trying to bof a particular exploitme on DVL by redirecting input (to gets) using run < inputfile inside gdb
I can overflow the program successfully but am having trouble appending hex values to the string.. I have tried quotations, converting the value of the mem addr to ascii and various escape attempts (\,\,\) with no luck
Input file example:AAAA\x42
In the above example it would appear that the backslash is being read as an ascii char (5c) and the value 42 remains in the stack (oddly?).
How would one go about specifying a hex value inside a gdb input file?
Thanks
Use perl! :)
reader@hacking:~/booksrc $ ./overflow_example $(perl -e 'print "A"x30')
with the 'e' option perl will evaluate the following command, and surrounding everything will treat the output of perl as a string. So the command above is identical to:
reader@hacking:~/booksrc $ ./overflow_example AAAAAAAAAAAAAAAAAAAAAAAAA
(adding x30 after a string will repeat it 30 times).Of course perl accepts other hex values with the notation \x??
. One more word, to concatenate strings use a dot:
reader@hacking:~/booksrc $ perl -e 'print "A"x20 . "BCD" . "\x61\x66\x67\x69" ;'
AAAAAAAAAAAAAAAAAAAABCDafgi
So you can redirect the output of perl in your input file or directly call perl in gdb when you run the program.
这篇关于gdb输入文件中的十六进制值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!