问题
I bought this book recently titled: Hacking: The Art of Exploitation (2nd Edition) and it's been bugging me so much lately. Anyway, with one of the examples, firstprog.c :
#include <stdio.h>
int main() {
int i;
for(i=0; i < 10; i++) {
// Loop 10 times.
printf("Hello, world!\n"); // put the string to the output. }
return 0; // Tell OS the program exited without errors. }
It has you compile it with gcc (obviously :3 ), then use objdump (for this I just used gobjdump, couldn't find objdump for OS X) pipe the output to grep with main.: as the regex and show the first 20 lines. Then debug with gdb and break at main. Here's my main issue: all of the memory addresses are different!! For example, eip in the book is: 0x804837a. But with my computer with rip it's: 0x100000ee8 I was thinking it was just because I'm using a 64 bit OS, yet when I booted with the 32 bit version of Darwin, I got the same result. If anyone knows what this issue is, I'd greatly appreciate it. If it's something really stupid give me a break, I just turned 14 :)
回答1:
As I'm sure you're studying reverse engineering, you should also look up what ASLR is. That is the main reason why your program's offset is different from the one from the book. It basically randomizes where your program will be located in the memory so that you can't create an exploit that hardcodes the address to shell code. This makes creating exploit a lot harder.
回答2:
The addresses you get will almost always be different than the addresses they show in the book. Heck, the addresses will likely change between different runs on your same system.
来源:https://stackoverflow.com/questions/8109710/address-woes-from-hacking-the-art-of-exploitation