使用 IDA PRO 修补简单的 C 程序出现分段错误
这是我的程序:
#include <stdio.h>
int main(){
int var=5;
if(var==5) printf("Accesso effettuato!");
else printf("Access denied");
}
我更改了操作码...在十六进制编辑中,如下图所示,但是当我运行程序时,出现分段错误。
This is my program:
#include <stdio.h>
int main(){
int var=5;
if(var==5) printf("Accesso effettuato!");
else printf("Access denied");
}
I change the op code... in the hex edit like in this image but when I run my program I get a segmentation fault.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您会遇到分段错误,因为操作码
83 05表示指令ADD DWORD PTR [address],constant,其中address和constant由接下来的五个字节05 89 45 F4 75确定。因此,在本例中,指令为ADD DWORD PTR [F4458905],75。所以你引用了一个无效的内存地址。You get a segmentation fault because the opcode
83 05means the instructionADD DWORD PTR [address],constantwhere theaddressandconstantare determined by the next five bytes05 89 45 F4 75. So in this case, the instruction isADD DWORD PTR [F4458905],75. So you are referencing an invalid memory address.最初的指令是:
看起来你正试图将其更改为持续的比较,例如:
我怀疑这样的野兽是否存在,因为它的实用性充其量是值得怀疑的。比较两个常数似乎是对硅的浪费。
您实际上将其更改为一条几乎肯定会取消引用无效地址的指令)。
作为选项一,您可以用设置零位的字节序列替换该三字节序列(因为检查下面的几条指令是
jnz指令),并用足够的nop< 填充它/code> 操作使其大小相同。或者,查找
cmp ecx, ecx语句(再次使用适当的nop填充),以便您可以确定所有 标志均已正确设置。根据 GNU 汇编器as的说法,这是:The original instruction is:
It looks like you're trying to change that into a constant comaparison, something like:
I doubt that such a beast even exists, since its usefulness would be questionable at best. Comparing two constants would seem to be a waste of silicon.
What you're actually changing it to is an instruction that almost certainly dereferences an invalid address).
As option one, you can replace that three byte sequence with one that sets the zero bit (since the check a few instructions down is a
jnzinstruction), and pad it out with enoughnopoperations to make it the same size.Alternatively, look for a
cmp ecx, ecxstatement (again with appropriatenoppadding) so that you can be certain all flags are set correctly. This is, according to the GNU assembleras: