问题
I'm trying to bof a particular exploitme on DVL by redirecting input (to gets) using run < inputfile inside gdb
I can overflow the program successfully but am having trouble appending hex values to the string.. I have tried quotations, converting the value of the mem addr to ascii and various escape attempts (\,\,\) with no luck
Input file example: AAAA\x42
In the above example it would appear that the backslash is being read as an ascii char (5c) and the value 42 remains in the stack (oddly?).
How would one go about specifying a hex value inside a gdb input file?
Thanks
回答1:
Use perl! :)
reader@hacking:~/booksrc $ ./overflow_example $(perl -e 'print "A"x30')
with the 'e' option perl will evaluate the following command, and surrounding everything will treat the output of perl as a string. So the command above is identical to:
reader@hacking:~/booksrc $ ./overflow_example AAAAAAAAAAAAAAAAAAAAAAAAA
(adding x30 after a string will repeat it 30 times).
Of course perl accepts other hex values with the notation \x??. One more word, to concatenate strings use a dot:
reader@hacking:~/booksrc $ perl -e 'print "A"x20 . "BCD" . "\x61\x66\x67\x69" ;'
AAAAAAAAAAAAAAAAAAAABCDafgi
So you can redirect the output of perl in your input file or directly call perl in gdb when you run the program.
来源:https://stackoverflow.com/questions/5018769/hex-values-in-gdb-input-files