堆栈溢出调试gdb-例子.pptVIP

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack MemoryCliff ZouSpring 2011 * A Stack Frame Parameters Return Address Calling Stack Pointer Local VariablesAddresses SP SP+offset SP: stack pointer BP: base/frame pointer Calling stack pointer: previous function’s SP BP Using GDB to Check Stack GDB tutorial: /library/mac/#documentation/developertools/gdb/gdb/gdb_toc.html /TUTORIALS/GDB-Commands.html#GDB_COMMAND_LINE_ARGS When compile the c code, use “gcc –g …..” so that Gdb can match source code line number with code Some knowledge: /wiki/X86_assembly_language Register eip: instruction pointer, the current position of next executable instruction Register ebp: stack pointer, the top of the current stack, used for addressing local variable * Related Gdb Commands: List: list the source code and each execution’s corresponding line number Break linenumber: set breakpoint at the linenumber Run argv: run the execution code with the parameter argv Next: execute the next line of code Backtrace: show trace of all function calls in stack Info frame: List address, language, address of arguments/local variables and which registers were saved in frame. This will show where the return address is saved Return address is in Register EIP Calling stack pointer is in Register EBP x variable: show the address and value of a local variable (in hex format) x address: print binary representation of 4 bytes of memory pointed to by address. * Example of Using GDB #include stdio.h void foo(char * input){ int a1=11; int a2=22; char buf[7]; strcpy(buf, input); } void main(int argc, char **argv){ foo(argv[1]); } Question: What does the stack look like before strcpy()? * czou@eustis:~/buffer-code$ setarch i686 –R gdb ./gdb-example (gdb) list 1 #include stdio.h 2 void foo(char * input){ 3 int a1=11; 4 int a2=22; 5 char buf[7]; 6