问题是,正如标题所述,当我在到达特定函数的断点后尝试读取
rsprsp我认为根据我的研究,
Radare2GDBRadare2既然
GDBGDB» gdb ./test
pwndbg> b *&(fun)
Breakpoint 1 at 0x40117d: file src/test.c, line 10.
pwndbg> r
pwndbg> i r $rsp
rsp 0x7fffffffcd28 0x7fffffffcd28
pwndbg> p &buffer[0]
$1 = 0x7fffffffcca0 ""
现在,这是我尝试使用
Radare2Radare2» r2 -d ./test
[0x7ffff7fd3090]> aaa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze imports (af@@@i)
INFO: Analyze entrypoint (af@ entry0)
INFO: Analyze symbols (af@@@s)
INFO: Recovering variables
INFO: Analyze all functions arguments/locals (afva@@@F)
...
[0x7ffff7fd3090]> afl | grep fun
0x0040117d 1 63 dbg.fun
[0x7ffff7fd3090]> db dbg.fun
[0x7ffff7fd3090]> s 0x40117d
[0x0040117d]> dc
INFO: hit breakpoint at: 0x40117d
[0x0040117d]> afv
var char[128] buffer @ rbp-0x80
[0x0040117d]> dr rsp
0x7fffffffcdc8 <---- this should be 0x7fffffffcd28
[0x0040117d]> x/16x @rbp-0x80
- offset - 6061 6263 6465 6667 6869 6A6B 6C6D 6E6F 0123456789ABCDEF
0x7fffffffcd60 0000 0000 0000 0000 0000 0000 0000 0000
# 0x7fffffffcd60 should be 0x7fffffffcca0
................
总而言之,
0x7fffffffcdc8 (R2) != 0x7fffffffcd28 (GDB)和
0x7fffffffcd60 (R2) != 0x7fffffffcca0 (GDB)有人可以让我知道我在
Radare2Radare2 给了我错误的值。
是什么让您认为一种价值观是正确的而另一种价值观是错误的?
当 Linux 进程启动时,内核会将一堆数据放置在堆栈顶部(这反过来会在调用
RSP_start放置在堆栈上的东西之一是
argv[]/absolute/path/to/./test如果
Radare2