Buffer Overflow 解题讨论 #21
wumingzhilian
started this conversation in
General
Replies: 3 comments 1 reply
-
|
4.0有一个问题,二进制文件在/challenge目录下运行溢出时不产生corefile,所以不能coredump |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
结题思路:你可以把文件被拷贝到自己家目录,然后通过coredump获取控制RIP的输入位置,然后构造PoC,获取flag |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
有一个问题没绕明白,leave 时进行了 mov rbp, rsp; pop rbp 两步动作。这两步执行完毕之后,如果(刚刚被 pop 出来的)rbp(在之前某个时候)被修改,导致其事实位置冲到了比(当前的)rsp 更低的位上,那么 ret 时返回的地址是栈中哪个位置的呢 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
ret可以理解为pop rip操作,实际上只跟rsp寄存器相关,rbp的一般用来确定栈帧以及访问局部变量,对pop/push操作没有影响 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
我们在这里讨论 Buffer Overflow 模块中遇到的问题
Beta Was this translation helpful? Give feedback.
All reactions