|
http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=162 [º¹»ç]
±×³É Áú¹®ÀÌ ¿Ô±æ·¡ ½áºÃ½À´Ï´Ù.
Ʋ¸°ºÎºÐÀÖÀ»Áö ¸ð¸£³ª °øÀ¯Â÷¿ø¿¡¼...^^
Produced by ganseo
e-mail : postmaster@ganseo.com
homepage : http://www.ganseo.com
[Æ÷¸ä½ºÆ®¸µÀ» À§ÇÑ ¸®ÅϾîµå·¹½º ã±â]
1.mainÇÔ¼öÀÇ ¸®ÅϾîµå·¹½º ÁÖ¼Òã±â.
2.printfÀÇ .got ÁÖ¼Òã±â.
3. .dtorsÀÇ ÁÖ¼Òã±â.
ÀÏ´Ü ÀÌ ÀÌ °Á¿¡´Â ¸¹Àº ¼³¸í¾øÀÌ ½ÇÁ¦ ã´Â ¹æ¹ý¸¸ ¼³¸íÇØ µå¸®µµ·ÏÇÏ°Ú½À´Ï´Ù.
1.mainÇÔ¼öÀÇ ¸®ÅϾîµå·¹½º ÁÖ¼Òã±â.
óÀ½ ¸ÞÀÎ ÇÔ¼ö¿¡ µé¾î°¡°Ô µÇ¸é ¸Þ¸ð¸® ±¸Á¶´Â ÀÌ·¸°Ô µË´Ï´Ù.
------------------------------------- low
º¯¼ö
------------------------------------- ebp
Saved frame pointer
-------------------------------------
retern address
------------------------------------- high
óÀ½ ¸ÞÀÎÇÔ¼ö°¡ µé¾î°¡´Â ºÎºÐ¿¡ ºê·¹ÀÌÅ© Æ÷ÀÎÆ®¸¦ °Ì´Ï´Ù.
±×·± ´ÙÀ½ ebpÀÇ ÁÖ¼Ò¸¦ ¾Ë¾Æº¾´Ï´Ù.
(gdb) x/16 $ebp <-- ebp¸¦ 16°³ º¸¿©Áִµ¥..
0xbffff278: 0xbffff298 0x40038917 0x00000001 0xbffff2c4
0xbffff288: 0xbffff2cc 0x4001582c 0x00000001 0x080483b0
0xbffff298: 0x00000000 0x080483d1 0x08048458 0x00000001
0xbffff2a8: 0xbffff2c4 0x08048308 0x080484cc 0x4000c660
(gdb)
ÀÌ·±½ÄÀ¸·Î ³ªÅ¸³µ´Ù°í »ý°¢ÇØ º¾´Ï´Ù.
ebp´Â 0xbffff278ÀÔ´Ï´Ù.
¿äÁò ÄÄÆÄÀÏ·¯¿¡ µû¶ó ´Ù¸£°ÚÁö¸¸ º¸ÅëÀº ÀÌ·²°æ¿ì¿¡ 0xbffff27c¿¡¼ 16¹ÙÀÌÆ® ´ÜÀ§·Î +,-ÇØÁÝ´Ï´Ù.
0xbffff24c , 0xbffff25c , 0xbffff26c , 0xbffff27c , 0xbffff28c , 0xbffff29c , 0xbffff2ac , 0xbffff2bc
ÀÌÁß¿¡ Çϳª°¡ mainÇÔ¼öÀÇ ¸®ÅϾîµå·¹½º°¡ µË´Ï´Ù.
2.printfÇÔ¼öÀÇ .got ÁÖ¼Òã±â.
objdump¸¦ ÀÌ¿ëÇؼ ±¸ÇÒ¼ö ÀÖ½À´Ï´Ù.
objdump -R ./recluse5 | grep printf
080495cc R_386_JUMP_SLOT printf
ÀÌ°ÍÀ¸·Î printfÀÇ .got ÁÖ¼Ò´Â 080495ccÀÔ´Ï´Ù.
gdb¸¦ ÀÌ¿ëÇؼµµ ±¸ÇÒ¼ö ÀÖ½À´Ï´Ù.
disass printfÇϼż ±¸Çغ¸½Ç¼ö ÀÖ½À´Ï´Ù.
3. .dtorsÀÇ ÁÖ¼Òã±â.
ÀÌ°Í ¿ª½Ã objdump¸¦ ÀÌ¿ëÇؼ ±¸ÇÒ¼ö ÀÖ½À´Ï´Ù.
objdump -h ./recluse5 | grep .dtors
17 .dtors 00000008 080495a8 080495a8 000005a8 2**2
ÀÌ°ÍÀ¸·Î .dtorsÀÇ ÁÖ¼Ò´Â 080495a8ÀÔ´Ï´Ù.
.dtorsÀÇ ¼³¸íÀº ganseo.comÀÇ ÇØÅ· ±âÃÊÇй®¿¡ ÀÚ·á ÀÖ½À´Ï´Ù.
mainÇÔ¼öÀÇ ¸®ÅϾîµå·¹½º¸¦ ±¸Çغ¸´Â°Ô ÁÁÀ¸½Ç°Í °°½À´Ï´Ù. |
Hit : 10850 Date : 2004/02/08 08:22
|
1586, 
20/80 
sjh21a
