|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
  3923,  11/197 |
  |
 |
 |
 |
 |
attainer | ||||||
 |
|||||||
 |
xinetd·Î ÀÛµ¿ÇÏ´Â ÇÁ·Î±×·¥ printf°¡ ³ªÁß¿¡ Ãâ·ÂµÇ´Â ÀÌÀ¯°¡ ¹«¾ùÀΰ¡¿ä? | ||||||
|
|||||||
|
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4218 [º¹»ç]
Hit : 4215 Date : 2012/10/12 03:22
|
|||||||
 |
|||||||
|  |
| |
| phpmyadmin | Á¤È®ÇÑ printfÀÇ Ãâ·Â ½ÃÁ¡À» ÆľÇÇϱâ À§ÇØ ·ÎÄà µð¹ö±ë¿¡ ³ª¼¹½À´Ï´Ù. 0x080484b1 <+29>: call 0x80483ac <printf@plt> ¿©±â¼ nextiÇغÁµµ Ãâ·ÂÀ» ¾ÈÇÏ°í 0x80484c6 <main+50>: call 0x80483cc <__isoc99_scanf@plt> ¿©±â¼ nextiÇØ¾ß Ãâ·ÂÇϱ淡 (gdb) si ¸¦ ÅëÇس»ºÎ·Î µé¾î°¡º¸¾Ò½À´Ï´Ù. 0x17cc04 <__isoc99_scanf+132>: call 0x1753d0 <_IO_vfscanf> ¾È¿¡¼ ¿ä·± ÇÔ¼ö¸¦ È£ÃâÇÏ°í 0x179b85 <_IO_vfscanf+18357>: call 0x197c60 <__uflow> ±× ¾È¿¡¼± ¶Ç ¿ä·±ÇÔ¼ö¸¦ È£ÃâÇÏ°í (gdb) si 0x00197cc5 in __uflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x197cc5 <__uflow+101>: call *0x14(%eax) ¿©±â¼ ¶Ç ¾îµð¸¦ È£ÃâÇϴµ¥.. (gdb) New Start ³»ºÎ¿¡ Ãâ·Â·çƾÀÌ Æ÷ÇԵǾîÀֳ׿ä. ´Ù½Ã ÀÌ°÷¿¡ bp°É°í ½ÇÇàÇϸé Breakpoint 5, 0x00197cc5 in __uflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x197cc5 <__uflow+101>: call *0x14(%eax) (gdb) si 0x00196880 in _IO_default_uflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x196880 <_IO_default_uflow>: push %ebp _IO_default_uflow ÇÔ¼ö¿¡¼ _IO_file_underflowÇÔ¼ö·Î µé¾î°¡°í 0x00196898 in _IO_default_uflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x196898 <_IO_default_uflow+24>: call *0x10(%eax) (gdb) si 0x00194ed0 in _IO_file_underflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194ed0 <_IO_file_underflow>: push %ebp Àú±â¼ ÄÝÇÏ¸é ´Ù½Ã Ãâ·ÂµÇ´Â°Å È®Àμº°ø 0x00194f86 in _IO_file_underflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194f86 <_IO_file_underflow+182>: call *0xc(%eax) (gdb) New Start ´Ù½Ã Àç½ÇÇàÈÄ µé¾î°¡ºÃ´õ´Ï ¿À¹öÇ÷οì ÇÔ¼öµµ °è½Ê´Ï´Ù Breakpoint 9, 0x00194f86 in _IO_file_underflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194f86 <_IO_file_underflow+182>: call *0xc(%eax) (gdb) si 0x00195730 in _IO_file_overflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x195730 <_IO_file_overflow>: push %ebp ´Ù½Ã ¿©±â¼ Ãâ·ÂÇϴ°Ͱ°³×¿ä 0x00195818 in _IO_file_overflow () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x195818 <_IO_file_overflow+232>: call 0x194d10 <_IO_do_write> (gdb) New Start ÀÌÁ¦ Àß»ý±ä _IO_do_write ÇÔ¼ö¸¦ ÂùÂùÈ÷ »ìÆ캾½Ã´Ù Breakpoint 10, 0x00194d10 in _IO_do_write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194d10 <_IO_do_write>: push %ebp (gdb) ni ÇÏ´Ù°¡ Ãâ·Âµµ ¾ÈÇÏ°í _IO_file_overflow·Î ³ª°¡±æ·¡ nextiÇÏ´Ù°¡ _IO_file_xsputn+107¿¡¼ ÄÁƼ´º Çß´õ´Ï ´Ù½Ã µé¾î¿À³×¿ä => 0x194b6b <_IO_file_xsputn+107>: je 0x194cc8 <_IO_file_xsputn+456> (gdb) c Continuing. Breakpoint 10, 0x00194d10 in _IO_do_write () from /lib/tls/i686/cmov/libc.so.6 0x00194d31 in _IO_do_write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194d31 <_IO_do_write+33>: call 0x1949d0 (gdb) New Start µÇ°Ô ±é´Ï´Ù ÀÏ´Ü ¿©±â¼ Ãâ·ÂÇϴ°Š´Ù½ÃÈ®ÀÎÇß°í¿© ´Ù½Ã bp °É°í Àç½ÇÇàÇÏ°í µé¾î°¡º¸´Ï ½Éº¼¸íÀÌ ¾ø´Â ÇÔ¼ö(?)°¡ ³ªÅ¸³µ½À´Ï´Ù. Breakpoint 11, 0x00194d31 in _IO_do_write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194d31 <_IO_do_write+33>: call 0x1949d0 (gdb) si 0x001949d0 in ?? () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1949d0: push %ebp ¿©±â¼ ¶ÇÃâ·ÂÈ®ÀÎÇß½À´Ï´Ù. 0x00194a1c in ?? () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194a1c: call *0x3c(%eax) (gdb) New Start À̸§¾ø´Â ÇÔ¼ö¸¦ Áö³ª Àç½ÇÇàÈÄ ¸¸³ ÇÔ¼ö´Â ³î¶ø°Ôµµ ¶óÀ̺귯¸® ÇÔ¼ö _IO_file_write Breakpoint 12, 0x00194a1c in ?? () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194a1c: call *0x3c(%eax) (gdb) si 0x00194d50 in _IO_file_write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194d50 <_IO_file_write>: push %ebp µû¶ó°¡´Ùº¸´Ï Àü¼³ÀÇwriteÇÔ¼ö¸¦ ¸¸³µ½À´Ï´Ù. 0x00194d8f in _IO_file_write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x194d8f <_IO_file_write+63>: call 0x1ebda0 <write> (gdb) New Start ÀÌÁ¦ ¿äÇÔ¼ö´Â ÀüºÎ º¸¿©µå¸®°Ú½À´Ï´Ù. Breakpoint 14, 0x001ebda0 in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebda0 <write>: cmpl $0x0,%gs:0xc (gdb) si 0x001ebda8 in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebda8 <write+8>: jne 0x1ebdcc <write+44> (gdb) 0x001ebdaa in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdaa <write+10>: push %ebx (gdb) 0x001ebdab in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdab <write+11>: mov 0x10(%esp),%edx (gdb) 0x001ebdaf in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdaf <write+15>: mov 0xc(%esp),%ecx (gdb) 0x001ebdb3 in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdb3 <write+19>: mov 0x8(%esp),%ebx (gdb) 0x001ebdb7 in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdb7 <write+23>: mov $0x4,%eax (gdb) 0x001ebdbc in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdbc <write+28>: call *%gs:0x10 (gdb) 0x0012d420 in __kernel_vsyscall () 1: x/i $pc => 0x12d420 <__kernel_vsyscall>: int $0x80 (gdb) New Start0x0012d422 in __kernel_vsyscall () 1: x/i $pc => 0x12d422 <__kernel_vsyscall+2>: ret Ä¿³Î vsyscall °á°ú New Start°¡ Ãâ·ÂµË´Ï´Ù. µû¶ó¼ Ãâ·Â°á°úº¸±â Á÷ÀüºÎÅÍ µð¹ö±ëÇÏ·Á¸é ÀÌ°÷(0x1ebdbc <write+28>: call *%gs:0x10)¿¡ break¸¦ °Å´Â°Ô Ÿ´çÇÑ°Í°°½À´Ï´Ù. ´Ù½Ã ±×·³ Àú°÷¿¡ ºê·¹ÀÌÅ©¸¦ °É°í ¿ø°Ý¿¡¼ ½ÇÇàÇÑ°ÍÀ» µð¹ö±ëÇغ¸°Ú½À´Ï´Ù. root@hex-ubuntu:/# gdb -p 17877 GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Attaching to process 17877 Reading symbols from /usr/sbin/xinetd...(no debugging symbols found)...done. Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0x00d70422 in __kernel_vsyscall () (gdb) b *main Breakpoint 1 at 0x237180 (gdb) set follow-g Display all 199 possibilities? (y or n) (gdb) set follow- follow-exec-mode follow-fork-mode ±âº»¼¼ÆÃÀÌ ÀÚ½ÄÀ» ²÷´Â°Å¶ó ÀڽijðÀ» Àâ¾ÆÁÖ°Ô ¹Ù²ãÁÖ°í (gdb) set follow-fork-mode child (gdb) c Continuing. ´Ù¸¥Ã¢¿¡¼ # telnet localhost 6666 ÇØÁÖ°í [New process 18466] process 18466 is executing new program: /a [Switching to process 18466] ¾Æ±î ±×ÁÖ¼Ò·Î bp¸¦ °É¾ú´Âµ¥¿ä Breakpoint 1, 0x08048494 in main () (gdb) b *0x1ebdbc Breakpoint 2 at 0x1ebdbc (gdb) disp/i $pc 1: x/i $pc => 0x8048494 <main>: push %ebp (gdb) c Continuing. Warning: Cannot insert breakpoint 2. Error accessing memory address 0x1ebdbc: Input/output error. ¾Ë¼ö¾ø´Â ÁÖ¼Ò¶ø´Ï´Ù. ÀÌÀ¯¸¦ º¸¾ÆÇÏ´Ï 0x08048495 in main () 1: x/i $pc => 0x8048495 <main+1>: mov %esp,%ebp (gdb) x/i 0x1ebdbc 0x1ebdbc: Cannot access memory at address 0x1ebdbc (gdb) delete breakpoints 2 Á¢±ÙÇÒ¼ö¾ø´Â ÁÖ¼Ò¶óÄ«³×¿ä. ¶óÀ̺귯¸®¿µ¿ªµµ ASLR styleÀÌ °É¸°È¯°æ¿¡¼ ÇÏ´Ùº¸´Ï ±×·±°¡º¾´Ï´Ù. »ó´ëÁÖ¼Ò·Î Á຾½Ã´Ù. (gdb) b *write+28 Breakpoint 3 at 0xc1adbc (gdb) c Continuing. ¾Æ·¡¿Í °°ÀÌ ÄÁƼ´ºÈÄ Å¬¶óÀ̾ðÆ®Ãø¿¡¼ ÀÔ·ÂÀ»ÇØÁÖ´Ï±î ±×Á¦¼¾ß ºê·¹ÀÌÅ©Æ÷ÀÎÅÍ¿¡ °É¸³´Ï´Ù. ¿äÇö»óÀº ÀÏ´Ü ·ÎÄðú ´Ù¸¥ ¼ø¼·Î ÇÔ¼ö°¡ È£ÃâµÈ°Í°°´Ù´Â °ÍÀÌ À¯·ÂÇÕ´Ï´Ù. È®½ÅÇÏ´Â°Ç telnetÀ» ¾²´ø nc¸¦ ¾²´ø °°ÀºÇö»óÀÌ ÀϾ´Ï Ŭ¶óÀ̾ðÆ®ÂÊÀÇ ¹®Á¦´Â ¾Æ´Õ´Ï´Ù. ÀÏ´Ü scanf°¡ ¼öÇàµÈ°ÍÀÌ È®½ÇÇÑÁö µ¥¸óÀÌ ÀÚüÀûÀ¸·Î Â÷Àϵå ÇÁ·Î¼¼½º ½ÇÇà½Ã ¶óÀ̺귯¸®ÇÔ¼ö È£Ãâ¼ø¼¸¦ ¼öÁ¤ÇÑÁö È®ÀÎÇغ¾½Ã´Ù. Breakpoint 3, 0x00c1adbc in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0xc1adbc <write+28>: call *%gs:0x10 (gdb) ni 0x00171420 in ?? () 1: x/i $pc => 0x171420: int $0x80 write¿¡¼ ni¸¦ ÇØÁÖ¸é ³ª¿À´Â ÇÔ¼ö°¡ Àִµ¥¿ä ¸®¸ðÆ® ȯ°æ¿¡¼± __kernel_vsyscallÀÌ ¾Æ´Ñ ??·Î ³ª¿À´Â Â÷ÀÌ°¡º¸ÀÔ´Ï´Ù. ¿ì¼± À¯·ÂÇÑÁ¡À» Áõ¸íÇϱâ À§ÇØ À§ ÀÎÅÍ·´Æ® ·çƾ¿¡ ºê·¹ÀÌÅ©¸¦ °É°æ¿ì¸¦ ·ÎÄðú ºñ±³Çغ¸°Ù½À´Ï´Ù. ¸ÕÀú ·ÎÄÿ¡¼ Àú°÷ ÀÎÅÍ·´Æ® ·çƾ¿¡ ºê·¹ÀÌÅ©¸¦ °É°æ¿ìÀÔ´Ï´Ù. ¿ì¼± printf³ª scanf ÇÔ¼ö ½ÇÇàÀü¿¡ ºê·¹ÀÌÅ©°É°í ½ÇÇàÀ» ÇØ¾ß __kernel_vsyscallÀÌ Á¸ÀçÇϱ⶧¹®¿¡ (run ÀÌÀü¿¡´Â Àú ÁÖ¼Ò¿¡ Á¢±ÙÇÒ¼ö¾ø½À´Ï´Ù.) ½ÇÇàÈÄ Breakpoint 1, 0x08048494 in main () (gdb) x/i *write+28 0x1ebdbc <write+28>: call *%gs:0x10 (gdb) b *write+28 Breakpoint 2 at 0x1ebdbc (gdb) c Continuing. ÁÖ¼ÒÈ®ÀÎÈÄ ºê·¹ÀÌÅ© ±×¸®°í ½ÇÇàÇÏ¿´½À´Ï´Ù. Breakpoint 2, 0x001ebdbc in write () from /lib/tls/i686/cmov/libc.so.6 (gdb) si 0x0012d420 in __kernel_vsyscall () (gdb) disp/i $pc 1: x/i $pc => 0x12d420 <__kernel_vsyscall>: int $0x80 single instruction(ÇѸí·É¾î)À» ¼öÇàÇϸé __kernel_vsyscal·çƾÀÇ ÁÖ¼Ò¸¦ ¾Ë¼öÀÖ½À´Ï´Ù. (¸®¸ðÆ®¿¡¼± ÀÚ½ÄÇÁ·Î¼¼½º·Î forkµÇ¼ÀÎÁö ´Ü¼øÈ÷ xinetdµ¥¸óÀÌ Àú·¸°Ô ¸¸µç°ÇÁö ¸ô¶óµµ Àú ÇÔ¼ö Á¤º¸°¡ ¾ø±â¶§¹®¿¡ ÁÖ¼Ò¸¦ ¹Ì¸® ¾Ë¼ö¾ø±â¶§¹®¿¡ °°Àº °¡Á¤À» µÎ°í Çϴ°̴ϴÙ.) ±×°÷¿¡ ºê·¹ÀÌÅ© °É°í °è¼Ó ÄÁƼ´ºÇغ¸°Ú½À´Ï´Ù. (gdb) b *0x12d420 Breakpoint 3 at 0x12d420 (gdb) c Continuing. ¿ª½Ã ·ÎÄÿ¡¼± ù¹ø°·Î printf¹®ÀÇ Ãâ·ÂÀÌ ³¡³µ½À´Ï´Ù. New Start Breakpoint 3, 0x0012d420 in __kernel_vsyscall () 1: x/i $pc => 0x12d420 <__kernel_vsyscall>: int $0x80 (gdb) c Continuing. ee (ee¸¦ ÀÔ·ÂÇØÁØ °Ì´Ï´Ù.) µÎ¹ø°´Â scanf ÀԷ¹޴µ¥ ¾²¿´³×¿ä. ¼Ò½ºÄÚµå´ë·Î ¿Ã¹Ù¸¥ ¼ø¼ÀÔ´Ï´Ù. Breakpoint 2, 0x001ebdbc in write () from /lib/tls/i686/cmov/libc.so.6 1: x/i $pc => 0x1ebdbc <write+28>: call *%gs:0x10 (gdb) c Continuing. write break °Ç°Ô ³²¾ÆÀÖ½À´Ï´Ù. °è¼Ó ³Ñ±â¸é Breakpoint 3, 0x0012d420 in __kernel_vsyscall () 1: x/i $pc => 0x12d420 <__kernel_vsyscall>: int $0x80 (gdb) c Continuing. ee (ÀÔ·ÂÇØÁØ ee°¡ Ãâ·ÂµÇ¾ú½À´Ï´Ù. 3¹ø° printfÀÇ Ãâ·ÂÀÌ ³¡³µ½À´Ï´Ù.) Breakpoint 3, 0x0012d420 in __kernel_vsyscall () 1: x/i $pc => 0x12d420 <__kernel_vsyscall>: int $0x80 (gdb) ni ´ÙÀ½½Ã½ºÅÛÄÝÀº ¹º°¡Çß´õ´Ï Program exited with code 02. exitÇÔ¼ö¿¡¼ ³¡³»´Â ÀÎÅÍ·´Æ® º¸³»´Â°Ç°¡º¾´Ï´Ù. ÀÌ°ÍÀ¸·Î printf(³»ºÎÇÔ¼ö : write), scanf(³»ºÎÇÔ¼ö : ??), printf(³»ºÎÇÔ¼ö write), exit(ÃßÁ¤) ÃÑ 4¹ø __kernel_vsyscallÀÌ È£ÃâµÇ¾ú½À´Ï´Ù. ÀÌÁ¦ ¸®¸ðÆ®¸¦ º¼Â÷·ÊÀä scanf ¾øÀÌ printf¸¸ ÀÖ´Â¾ê µ¥¸ó Çϳª ´õ ¸¸µé¾î¼ µ¹¸±·Á°í xinetd¸¦ ¸®½ºÅ¸Æ® Çؼ ¾Æ±î¿Í pid°¡ Á» ´Ù¸¨´Ï´Ù. #ps ·Î pid¸¦ ÀçÈ®ÀÎ ÇØÁØµÚ attachÇսôÙ. root@hex-ubuntu:/# gdb -q -p 18991 Attaching to process 18991 Reading symbols from /usr/sbin/xinetd...(no debugging symbols found)...done. Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 0x004a2422 in __kernel_vsyscall () (gdb) b *main Breakpoint 1 at 0x54f180 (gdb) set follow-fork-mode child (gdb) c Continuing. [New process 19152] process 19152 is executing new program: /a [Switching to process 19152] ±º¸»¾øÀÌ ¾Æ±î ÇÑ°úÁ¤¿¡´Ù°¡ write¿¡ ºê·¹ÀÌÅ© °É°í ÁÖ¼Ò¸¦ È®ÀÎÇսôÙ. __kernel_vsyscalãÀ¸¸é ½Éº¼ ³´ ÆÄ¿îµå·Î ãÀ»¼ö ¾ø´Ù ¶ß´Ï±î ¿©±â¿¡ °É¾î¾ßÇÕ´Ï´Ù. Breakpoint 1, 0x08048494 in main () (gdb) b *write+28 Breakpoint 2 at 0x53fdbc (gdb) c Continuing. ÄÁƼ´ºÇÑ°á°ú ÀÌ´ë·Î ¸ØÃçÀֱ淡 Ŭ¶óÀ̾ðÆ® Ãø¿¡¼(ÀÌÁ¦ nc¸¦ »ç¿ëÇÕ´Ï´Ù.) ¾Æ¹«°ªÀ» ÀÔ·ÂÇØÁá½À´Ï´Ù. root@hex-ubuntu:/etc/xinetd.d# nc localhost 6666 dkanrjsk (Ä¿¼À§Ä¡) ´Ù½Ã µð¹ö±ëÇϴ°÷À¸·Î ³Ñ¾î°¡¼ º¸¸é ºê·¹ÀÌÅ©°¡ °É·ÁÀÖ½À´Ï´Ù. scanf ´Â Áö³µ°í writeÇÔ¼öÀΰÍÀ¸·Î º¸¾Æ printf°¡ Ʋ¸²¾ø½À´Ï´Ù. Breakpoint 2, 0x0053fdbc in write () from /lib/tls/i686/cmov/libc.so.6 (gdb) disp/i $pc 1: x/i $pc => 0x53fdbc <write+28>: call *%gs:0x10 (gdb) si 0x007e3420 in ?? () 1: x/i $pc => 0x7e3420: int $0x80 ÀÎÅÍ·´Æ®Á÷Àü¿¡ bp°É°í ÀÌÁ¦ °è¼Ó Çغ¸°Ú½À´Ï´Ù. (gdb) b *0x7e3420 Breakpoint 3 at 0x7e3420 (gdb) si 0x007e3422 in ?? () 1: x/i $pc => 0x7e3422: ret Ŭ¶óÀ̾ðÆ®Ãø¿¡¼ ³î¶ø°Ôµµ ¾Æ±î Ä¿¼ À§Ä¡¿¡¼ New StartdkanrjskÀÌ ÇѲ¨¹ø¿¡ Ãâ·ÂµÇ¾ú½À´Ï´Ù. (gdb) c Continuing. ´Ù½Ã ÄÁƼ´ºÇϸé scanf, printfx2(write) À̼ø¼·Î ó¸®ÇØ¿ÔÀ¸´Ï ¸¶Áö¸·À¸·Î ³²Àº°Ç exit»ÓÀΰͰ°½À´Ï´Ù. Breakpoint 3, 0x007e3420 in ?? () 1: x/i $pc => 0x7e3420: int $0x80 (gdb) c Continuing. ¿¹»ó´ë·Î Çѹø´õ ºê·¹ÀÌÅ© °É¸³´Ï´Ù. Breakpoint 3, 0x007e3420 in ?? () 1: x/i $pc => 0x7e3420: int $0x80 (gdb) si exit code°¡ 10¹øÀÎ°Ô Á» ÀÌ»óÇÏÁö¸¸ ÀßÁ¾·áµÇ¾ú½À´Ï´Ù. Program exited with code 010. À̹ø¿£ printf ÇÑÁÙ¸¸ÀÖ´Â ÇÁ·Î±×·¥À» ½ÇÇàÇغ¸°Ú½À´Ï´Ù. # nc localhost 7777 Breakpoint 1, 0x080483e4 in main () (gdb) b *write+28 Breakpoint 2 at 0x403dbc (gdb) c Continuing. Breakpoint 2, 0x00403dbc in write () from /lib/tls/i686/cmov/libc.so.6 (gdb) disp/i $pc 1: x/i $pc => 0x403dbc <write+28>: call *%gs:0x10 (gdb) si 0x00db2420 in ?? () 1: x/i $pc => 0xdb2420: int $0x80 (gdb) b *0xdb2420 Breakpoint 3 at 0xdb2420 (gdb) si ¿©±â¼ Ãâ·Â°á°ú´Â ´ÙÀ½°ú °°½À´Ï´Ù. # nc localhost 7777 b ºê·¹ÀÌÅ© °É¸°»óÅ¿¡¼µµ Á¦°¡ ¾Æ¹«°Å³ª ÀÔ·ÂÇØÁÖ¸é # nc localhost 7777 b dd e e ee ee ee r °è¼ÓÇؼ ÀÔ·ÂÀ» ¹Þ½À´Ï´Ù. ±×³É Ŭ¶óÀ̾ðÆ®Ãø¿¡¼ Á¦ÇѾøÀÌ ¸Þ¼¼Áö¸¦ º¸³¾¼öÀִ°ų׿ä. ¼¹öÃø¿¡¼ ±×°É ¹Þ´ø¸»´ø »ó°ü¾ø´Â°Í°°½À´Ï´Ù. sleep(5) ÇÑÁÙ¸¸ ÀÖ´Â ÇÁ·Î±×·¥¿¡ Á¢¼ÓÇÏ¸é °è¼ÓÇؼ 5ÃÊ°£ ¾Æ¹«°Å³ª ÀÔ·ÂÇÏ°í ¿£ÅÍÄ¥¼öÀÖ´Â°É º»´Ù¸é¿ä. ±×³É ¼ø¼´ë·Î ³Ñ°ÜÁØ ÀÎÀÚ¸¦ ÇÁ·Î±×·¥¿¡¼ ¾Ë ¾Æ¼ °¡Á®¿À´Â ±¸Á¶ÀΰͰ°½À´Ï´Ù. ´Ù°¡Á®¿À¸é printf ÇÔ¼ö¸¦ È£ÃâÇÏ°í¿©. 0x00db2422 in ?? () 1: x/i $pc => 0xdb2422: ret (gdb) c Continuing. Breakpoint 3, 0x00db2420 in ?? () 1: x/i $pc => 0xdb2420: int $0x80 (gdb) si exit È£ÃâÈÄ Á¾·áÄÚµå´Â À̹ø¿£ 2¹øÀÔ´Ï´Ù. Program exited with code 02. (gdb) q °á·Ð : scanf°¡ ¸ÕÀú ½ÇÇàµË´Ï´ç, ½ÉÁö¾î printf°¡ »ý¼ºÀÚ¿¡ ÀÖ°í ¼Ò¸êÀÚ¿¡¼ scanf¹Þ¾ÆÁ൵ ¸¶Âù°¡Áö·Î »ý¼ºÀÚÀÇ printf°¡ ³ªÁß¿¡ È£ÃâµË´Ï´Ù. È£ÃâµÇ´Â printf´Â ¹¾î¼ Çѹø¿¡ ÀÎÅÍ·´Æ®µË´Ï´ç. scanfÇÔ¼ö°¡ ¾ø´Â°æ¿ì ÀÔ·ÂÀ» ¹ÞÁø¾Ê°í Ãâ·Â¸¸ ÇÕ´Ï´ç. ÇÏÁö¸¸ sleep ÇÔ¼ö°¡ µ¹¶§µµ ÀÔ·ÂÀ» Àß ¹Þ´Â°É·Î º¸¾Æ Ŭ¶óÀ̾ðÆ®ÂÊ¿¡¼ ¼¹öÇÁ·Î±×·¥ÀÌ Á¾·áµÇ±âÀü±îÁö Á¦ÇѾøÀÌ °è¼Ó µ¥ÀÌÅ͸¦ ½á¼ º¸³¾¼ö´Â Àִ°Ͱ°½À´Ï´Ù. scanf ÇÔ¼ö°¡ º¸³½ ÀÎÀÚ¸¦ ¹Þ¾Æ¿À´Â ¼ø¼´Â º¸³½ ¼ø¼¿Í µ¿ÀÏÇÕ´Ï´Ù. µû¶ó¼ xinetd µ¥¸ó´ë½Å µ¶¸³ÀûÀ¸·Î ½ÇÇàµÇ´Â Standalone ȯ°æÀÇ ¼ºñ½º µ¥¸óÀ» ¾²½Ã¸éµË´Ï´Ù. send ÇÔ¼ö¾²¼¼¿ä. µÎ¹ø¾²¼¼¿ä. |
2012/10/14 | |
| attainer | °¨»çÇÕ´Ï´Ù | 2012/10/14 | |
| attainer | setvbuf¸¦ ÀÌ¿ëÇÏ¿© ÇØ°áÇß½À´Ï´Ù. °°Àº ¹®Á¦ ÀÖ´Â ºÐµé Âü°íÇϼ¼¿ä | 2012/10/14 | |
|
|
