可以用gdb读取变量的内容吗?
是否可以不使用任何 file.out 和源代码,而只使用二进制文件? 是否有可能知道 var 的名称,在运行时找到并读取该值?
Is it possible without any file.out and source code, but just the binary?
Is it possible, knowing the name of a var, found and read at runtime the value?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这取决于。
如果变量是全局变量,并且二进制文件未被剥离,那么您应该能够使用简单的方法检查其值。
后者可能会打印该变量,就好像它是
int类型一样(如果二进制文件没有调试信息),这可能不是您正在寻找的。如果变量是本地变量(自动),那么您只能在声明它的例程内打印它(显然)。
如果二进制文件具有调试信息,那么在正确的上下文中简单的
print var应该可以工作。如果二进制文件没有,您必须找出变量的内存地址(通常位于距帧指针寄存器的堆栈指针的固定偏移处),并检查该地址。通过反汇编给定的例程,您通常可以了解很多信息。
更新:
当然:你向攻击者提供的信息越少,他的工作就越困难。
但你也会让你的工作变得更加困难:当你的二进制文件无法工作时,你的最终用户通常会比你更了解他的系统。通常他会将你的二进制文件加载到 GDB 中,并准确地告诉你错误在哪里。对于剥离的可执行文件,他可能无法做到这一点,因此您将来回猜测,经过一周的尝试后将失去该客户。
您无法采取任何措施来阻止具有足够决心和足够熟练技术的黑客对其系统和硬件进行逆向工程。
最后,根据我的经验,反规避技术通常带来的麻烦远大于其价值。
It depends.
If the variable is a global, and the binary is not stripped, then you should be able to examine its value with a simple
The latter may print the variable as if it were of type
int(if the binary has no debug info), which may not be what you are looking for.If the variable is local (automatic), then you can print it only while inside the routine in which it is declared (obviously).
If the binary has debug info, then simple
print varin correct context should work.If the binary doesn't, you'll have to figure out the in-memory address of the variable (usually at fixed offset from stack pointer of frame pointer register), and examine that address. You can often figure out a lot about the given routine by disassembling it.
Update:
Sure: the less info you provide to the attacker, the harder you make his job.
But you also make your job harder: when your binary doesn't work, often your end-user will know more about his system than you do. Often he will load your binary into GDB, and tell you exactly where your bug is. With a stripped executable, he likely wouldn't be able to do that, so you'll guess back and forth, and after a week of trying will lose that customer.
And there is nothing you can do to prevent a sufficiently determined and sufficiently skilled hacker with root access to his system and hardware from reverse engineering your program.
In the end, in my experience, anti-circumvention techniques are usually much more trouble than they are worth.