CAP6135: Malware and Software Vulnerability Analysis ��Buffer Overflow : Example of Using GDB to Check Stack Memory�Cliff Zou�Spring 2011
A Stack Frame
Parameters
Return Address
Calling Stack Pointer
Local Variables
Addresses
SP
SP+offset
SP: stack pointer BP: base/frame pointer
Calling stack pointer: previous function’s SP
BP
2
Using GDB to Check Stack
GDB tutorial:
When compile the c code, use “gcc –g …..” so that Gdb can match source code line number with code
Some knowledge:
Register eip: instruction pointer, the current position of next executable instruction
Register ebp: stack pointer, the top of the current stack, used for addressing local variable
3
Related Gdb Commands:
List: list the source code and each execution’s corresponding line number
Break linenumber: set breakpoint at the linenumber
Run argv: run the execution code with the parameter argv
Next: execute the next line of code
Backtrace: show trace of all function calls in stack
Info frame: List address, language, address of arguments/local variables and which registers were saved in frame.
This will show where the return address is saved
Return address is in Register EIP
Calling stack pointer is in Register EBP
x &variable: show the address and value of a local variable (in hex format)
x address: print binary representation of 4 bytes of memory pointed to by address.
4
Example of Using GDB
#include <>
void foo(char * input){
int a1=11;
int a2=22;
char buf[7];
strcpy(buf, input);
}
void main(int argc, char **argv){
foo(argv[1]);
}
Question: What does the stack look like before strcpy()?
5
******@eustis:~/buffer-code$ setarch i686 –R gdb ./gdb-example
(gdb) list
1 #include <>
2 void foo(char * input){
3 int a1=11;
4 int a2=22;
5 char buf[7];
6 strcpy(buf, input);
7 }
8 void main(int argc, char **argv){
9 foo(argv[1]);
10
堆栈溢出调试gdb例子 来自淘豆网m.daumloan.com转载请标明出处.
