|
|
程序源码:- #include <stdio.h>
- int main(int argc, char *argv[])
- {
- printf("Hello, world\n");
- printf("test for another time\n");
- return 0;
- }
相关的节:
- .got 节的内容:
- 80495e8 0c950408 00000000 00000000 a6820408 ................
- 80495f8 b6820408 00000000 ........
- .plt 节的内容:
- 8048290 ff35ec95 0408ff25 f0950408 00000000 .5.....%........
- 80482a0 ff25f495 04086800 000000e9 e0ffffff .%....h.........
- 80482b0 ff25f895 04086808 000000e9 d0ffffff .%....h.........00000000
以上来自objdump -s elf_test输出
.got节存放global offset table---全局偏移表
.plt节存放动态过程联接表
- linuxbuddy@l1u6uddy:~$ gdb -q elf_test
- Using host libthread_db library "/lib/libthread_db.so.1".
- (gdb) disass main
- Dump of assembler code for function main:
- 0x08048384 <main+0>: push %ebp
- 0x08048385 <main+1>: mov %esp,%ebp
- 0x08048387 <main+3>: sub $0x8,%esp
- 0x0804838a <main+6>: and $0xfffffff0,%esp
- 0x0804838d <main+9>: mov $0x0,%eax
- 0x08048392 <main+14>: sub %eax,%esp
- 0x08048394 <main+16>: movl $0x80484d4,(%esp)
- 0x0804839b <main+23>: call 0x80482b0 <_init+56>//call printf
- 0x080483a0 <main+28>: movl $0x80484e2,(%esp)
- 0x080483a7 <main+35>: call 0x80482b0 <_init+56>//call printf
- 0x080483ac <main+40>: mov $0x0,%eax
- 0x080483b1 <main+45>: leave
- 0x080483b2 <main+46>: ret
- End of assembler dump.
- (gdb) b *0x0804839b //在call printf前设置断点
- Breakpoint 1 at 0x804839b: file elf_test.c, line 4.
- (gdb) r
- Starting program: /home/linuxbuddy/libpcap/mysniffer/elf_test
- Breakpoint 1, 0x0804839b in main (argc=1, argv=0xbffff994) at elf_test.c:4
- 4 printf("Hello, world\n");
- (gdb) info address printf //查看prinf的地址
- Symbol "printf" is at 0x4006f960 in a file compiled without debugging.
- (gdb) disass 0x80482b0 0x80482bc
- Dump of assembler code from 0x80482b0 to 0x80482bc:
- 0x080482b0 <_init+56>: jmp *0x80495f8
- 0x080482b6 <_init+62>: push $0x8
- 0x080482bb <_init+67>: jmp 0x8048290 <_init+24>
- End of assembler dump.
- (gdb) watch *0x80495f8 //设置观察点
- Hardware watchpoint 2: *134518264
- (gdb) p/a 0x80495f8
- $3 = 0x80495f8 <_GLOBAL_OFFSET_TABLE_+16>// 0x80495f8为全局偏移表的一个表项
- (gdb) p/a *0x80495f8//其内容为
- $4 = 0x80482b6 <_init+62> //正好是"0x080482b0 <_init+56>: jmp *0x80495f8"的下一条指令
- (gdb) l
- 1 #include <stdio.h>
- 2 int main(int argc, char *argv[])
- 3 {
- 4 printf("Hello, world\n");
- 5 printf("test for another time\n");
- 6
- 7 return 0;
- 8 }
- (gdb) b 5 //在第二次printf处设置断点
- Breakpoint 3 at 0x80483a0: file elf_test.c, line 5.
- (gdb) c
- Continuing.
- Hardware watchpoint 2: *134518264
- Old value = 134513334
- New value = 1074198880 //ld-linux.so.2修改全局偏移表
- 0x4000bacb in _dl_map_object_deps () from /lib/ld-linux.so.2
- (gdb) p/a *0x80495f8 //修改后的内容为
- $5 = 0x4006f960 <printf> //ld-linux.so.2修改全局偏移表中关于printf的相应项为printf函数的绝对地址
- (gdb) info symbol 0x4006f960 //确认一下下
- printf in section .text
- (gdb) c
- Continuing.
- Hello, world
- Breakpoint 3, main (argc=1, argv=0xbffff994) at elf_test.c:5
- 5 printf("test for another time\n");
- (gdb) disass 0x80482b0 0x80482bc
- Dump of assembler code from 0x80482b0 to 0x80482bc:
- 0x080482b0 <_init+56>: jmp *0x80495f8
- 0x080482b6 <_init+62>: push $0x8
- 0x080482bb <_init+67>: jmp 0x8048290 <_init+24>
- End of assembler dump.
- (gdb) p/a *0x80495f8
- $6 = 0x4006f960 <printf>
- (gdb) c
- Continuing.
- test for another time
- Program exited normally.
- (gdb) q
具体参见http://elfhack.whitecell.org/myd ... resolve_process.txt |
|
IP卡
狗仔卡
发表于 2005-6-15 12:53:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡