我正在进行 Protostar 漏洞利用练习挑战,并考虑使用 gdbserver 远程调试代码。但是,当我连接到 gdbserver 时,总是出现段错误。老实说,我只是想了解发生了什么事以及为什么这行不通。
这是我的机器的结果(Debian 12 运行 gdb 版本:13.1-3):
tesing@ThinkPad-Debian:~/protostar/bin$ gdb ./stack0
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./stack0...
>>> target remote 192.168.0.33:4444
Remote debugging using 192.168.0.33:4444
Reading /lib/ld-linux.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead.
Reading /lib/ld-linux.so.2 from remote target...
Reading symbols from target:/lib/ld-linux.so.2...
Reading /usr/lib/debug/.build-id/67/bb012671226504deafb026203c92ebafc231dc.debug from remote target...
Reading /lib/ld-2.11.2.so from remote target...
Reading /lib/.debug/ld-2.11.2.so from remote target...
Reading /usr/lib/debug//lib/ld-2.11.2.so from remote target...
Reading /usr/lib/debug//lib/ld-2.11.2.so from remote target...
Error while reading shared library symbols for target:/lib/ld-linux.so.2:
Remote communication error. Target disconnected.: Connection reset by peer.
Fatal signal: Segmentation fault
----- Backtrace -----
0x557a013e440e ???
0x557a014ed601 ???
0x557a014ed776 ???
0x7f0b6b85afcf ???
./signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c:0
0x557a016a5ba4 ???
0x557a016ae344 ???
0x557a016a8b30 ???
0x557a015570a7 ???
0x557a01575aa7 ???
0x557a01685340 ???
0x557a016857a8 ???
0x557a01685a4b ???
0x557a01717420 ???
0x557a01416c94 ???
0x557a01724287 ???
0x557a014ede1c ???
0x557a014ef3cf ???
0x557a014ee6d1 ???
0x7f0b6c9dc46c ???
0x557a014ee7fd ???
0x557a014ee98f ???
0x557a014edd0c ???
0x557a018d51d5 ???
0x557a018d5cb2 ???
0x557a015b72f9 ???
0x557a015b8f74 ???
0x557a01347ca9 ???
0x7f0b6b8461c9 __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
0x7f0b6b846284 __libc_start_main_impl
../csu/libc-start.c:360
0x557a0134ee30 ???
0xffffffffffffffff ???
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible. GDB will now terminate.
This is a bug, please report it. For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.
Segmentation fault
这是虚拟机 Protostar(Gdb 版本 7.0.1)上的结果:
user@protostar:/opt/protostar/bin$ gdbserver multi:4444 ./stack0
Process ./stack0 created; pid = 2287
Listening on port 4444
Remote debugging from host 192.168.0.15
*** glibc detected *** gdbserver: double free or corruption (!prev): 0x0806e370 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6b0ca)[0xb7efa0ca]
/lib/libc.so.6(+0x6c918)[0xb7efb918]
/lib/libc.so.6(cfree+0x6d)[0xb7efea5d]
gdbserver[0x804e953]
gdbserver(handle_serial_event+0xc5)[0x80531b5]
gdbserver[0x8056058]
gdbserver(start_event_loop+0x3c)[0x8055e4c]
gdbserver(main+0x4cd)[0x8050aed]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7ea5c76]
gdbserver[0x804c711]
======= Memory map: ========
08048000-08062000 r-xp 00000000 00:10 5310 /usr/bin/gdbserver
08062000-08063000 rw-p 00019000 00:10 5310 /usr/bin/gdbserver
08063000-08087000 rw-p 00000000 00:00 0 [heap]
b7d00000-b7d21000 rw-p 00000000 00:00 0
b7d21000-b7e00000 ---p 00000000 00:00 0
b7e6f000-b7e8c000 r-xp 00000000 00:10 3290 /lib/libgcc_s.so.1
b7e8c000-b7e8d000 rw-p 0001c000 00:10 3290 /lib/libgcc_s.so.1
b7e8d000-b7e8f000 rw-p 00000000 00:00 0
b7e8f000-b7fcd000 r-xp 00000000 00:10 759 /lib/libc-2.11.2.so
b7fcd000-b7fce000 ---p 0013e000 00:10 759 /lib/libc-2.11.2.so
b7fce000-b7fd0000 r--p 0013e000 00:10 759 /lib/libc-2.11.2.so
b7fd0000-b7fd1000 rw-p 00140000 00:10 759 /lib/libc-2.11.2.so
b7fd1000-b7fd4000 rw-p 00000000 00:00 0
b7fd4000-b7fda000 r-xp 00000000 00:10 6624 /lib/libthread_db-1.0.so
b7fda000-b7fdb000 r--p 00005000 00:10 6624 /lib/libthread_db-1.0.so
b7fdb000-b7fdc000 rw-p 00006000 00:10 6624 /lib/libthread_db-1.0.so
b7fe0000-b7fe2000 rw-p 00000000 00:00 0
b7fe2000-b7fe3000 r-xp 00000000 00:00 0 [vdso]
b7fe3000-b7ffe000 r-xp 00000000 00:10 741 /lib/ld-2.11.2.so
b7ffe000-b7fff000 r--p 0001a000 00:10 741 /lib/ld-2.11.2.so
b7fff000-b8000000 rw-p 0001b000 00:10 741 /lib/ld-2.11.2.so
bffeb000-c0000000 rw-p 00000000 00:00 0 [stack]
Segmentation fault
Try again?
user@protostar:/opt/protostar/bin$ gdb --version
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
我不太明白发生了什么,有趣的是那些:
在我的机器上:
Error while reading shared library symbols for target:/lib/ld-linux.so.2:
在虚拟机(gdbserver)上:
*** glibc detected *** gdbserver: double free or corruption (!prev): 0x0806e370 ***
有人可以告诉我这里可能存在的问题吗?非常感谢
你没有做错任何事,相反,你设法触发了 gdbserver 本身的错误。如果您想帮助解决此问题,那么您可以考虑在 GDB 的错误跟踪器中创建错误报告。
为了帮助报告错误,在 GDB 方面,如果您在set debug remote on
之前执行
target remote ...,那么 GDB 将发出大量调试输出,这些输出应包含在错误报告中。在 gdbserver 端,如果您在启动 gdbserver 时添加额外的命令行标志
--debug --remote-debug
,您将再次看到大量可以包含在错误报告中的调试输出。