|
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Reversing&no=129 [º¹»ç]
angr¿¡¼ ½ºÅÃÀ¸·Î ¸®ÅÏÇÏ´Â ½ºÅ©¸³Æ®¸¦ ¸¸µé·Á°íÇÕ´Ï´Ù.
(aslrÀº ²¨Á®ÀÖ½À´Ï´Ù.)
±×·±µ¥ ±âº»ÀûÀ¸·Î angr¿¡¼ sp¶û gdb·Î È®ÀÎÇßÀ» ¶§ sp¶û Â÷ÀÌ°¡ ³³´Ï´Ù.
[ === angr ÄÚµå === ]
# base.py
import angr, claripy
import code
import sys
from angr import sim_options as so
def main():
proj = angr.Project("./t2",load_options={"auto_load_libs":False})
extras = {so.REVERSE_MEMORY_NAME_MAP, so.UNICORN_TRACK_STACK_POINTERS}
main_addr = proj.loader.find_symbol("main").rebased_addr
st = proj.factory.call_state(main_addr, add_options=extras)
print(st.regs.pc)
print(st.regs.sp)
#sm = proj.factory.simulation_manager(st)
# code.interact(local=locals())
if __name__ == "__main__":
main()
[ === angr°á°ú === ]
$python base.py
<BV32 0x8049162>
<BV32 0x7ffefffc>
[ == gdb == ]
gdb-peda$ b *main
Breakpoint 1 at 0x8049162
gdb-peda$ r
gdb-peda$ p/x $eip
$2 = 0x8049162
gdb-peda$ p/x $esp
$3 = 0xffffd51c
gdb-peda$
angr¿¡¼´Â 0x7f·Î ½ÃÀÛÇÏÁö¸¸, gdb¿¡¼ È®ÀÎÇغ¸¸é 0xff·Î ½ÃÀÛÇÕ´Ï´Ù.
angr¿¡¼´Â ¹ÙÀ̳ʸ®¸¦ cle°¡ µû·Î ·ÎµåÇϱ⠶§¹®¿¡ ½ÇÁ¦ ½ºÅà ÁÖ¼Ò¶û ´Ù¸¦ °ÍÀ̶ó°í ¿¹»óÀº ÇÏÁö¸¸, ¹®Á¦´Â ÀÌ°Ì´Ï´Ù.
angr¿¡¼ Ãë¾àÇÑ »óŸ¦ ã°í ½ºÅÃÀ¸·Î ¸®ÅÏÇÏ´Â ÀͽºÇ÷ÎÀÕÀ» »ý¼ºÇÏ·Á¸é ÁÖ¼Ò¸¦ ¾Ë¾Æ¾ßÇϴµ¥, angr¸¸À¸·Î´Â ºÒ°¡´ÉÇÑ°Ç°¡¿ä? |
Hit : 1433 Date : 2021/05/24 12:35
|
97, 
1/5 
