btmuli@amadus:~/桌面/LAB3/handout$ ./hex2raw < ans0.txt | ./bufbomb -u btmuli Userid: btmuli Cookie: 0x29334f58 Type string:Smoke!: You called smoke() VALID NICE JOB!
通过。
Level 1
根据指导书的内容,存在一个fizz()函数,其 C 代码如下:
1 2 3 4 5 6 7 8 9
voidfizz(int val) { if (val == cookie) { printf("Fizz!: You called fizz(0x%x)\n", val); validate(1); } else { printf("Misfire: You called fizz(0x%x)\n", val); exit(0); } }
btmuli@amadus:~/桌面/LAB3/handout$ gdb bufbomb GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty"for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration"for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.
For help, type"help". Type "apropos word" to search for commands related to "word"... Reading symbols from bufbomb... (No debugging symbols found in bufbomb) (gdb) disas getbuf Dump of assembler code forfunction getbuf: 0x08049262 <+0>: push %ebp 0x08049263 <+1>: mov %esp,%ebp 0x08049265 <+3>: sub $0x38,%esp 0x08049268 <+6>: lea -0x28(%ebp),%eax 0x0804926b <+9>: mov %eax,(%esp) 0x0804926e <+12>: call 0x8048c32 <Gets> 0x08049273 <+17>: mov $0x1,%eax 0x08049278 <+22>: leave 0x08049279 <+23>: ret End of assembler dump. (gdb) b* getbuf+9 Breakpoint 1 at 0x804926b (gdb) run -u btmuli Starting program: /home/btmuli/桌面/LAB3/handout/bufbomb -u btmuli Userid: btmuli Cookie: 0x29334f58
btmuli@amadus:~/桌面/LAB3/handout$ gdb bufbomb GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty"for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration"for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.
For help, type"help". Type "apropos word" to search for commands related to "word"... Reading symbols from bufbomb... (No debugging symbols found in bufbomb) (gdb) disas getbuf Dump of assembler code forfunction getbuf: 0x08049262 <+0>: push %ebp 0x08049263 <+1>: mov %esp,%ebp 0x08049265 <+3>: sub $0x38,%esp 0x08049268 <+6>: lea -0x28(%ebp),%eax 0x0804926b <+9>: mov %eax,(%esp) 0x0804926e <+12>: call 0x8048c32 <Gets> 0x08049273 <+17>: mov $0x1,%eax 0x08049278 <+22>: leave 0x08049279 <+23>: ret End of assembler dump. (gdb) b* getbuf Breakpoint 1 at 0x8049262 (gdb) run -u btmuli Starting program: /home/btmuli/桌面/LAB3/handout/bufbomb -u btmuli Userid: btmuli Cookie: 0x29334f58
btmuli@amadus:~/桌面/LAB3/handout$ gdb bufbomb GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty"for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration"for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>.
For help, type"help". Type "apropos word" to search for commands related to "word"... Reading symbols from bufbomb... (No debugging symbols found in bufbomb) (gdb) b* getbufn Breakpoint 1 at 0x8049244 (gdb) run -n -u btmuli Starting program: /home/btmuli/桌面/LAB3/handout/bufbomb -n -u btmuli Userid: btmuli Cookie: 0x29334f58
Breakpoint 1, 0x08049244 in getbufn () (gdb) p/x $ebp-0x208 $1 = 0x556835e8 (gdb) c Continuing. Type string:1 Dud: getbufn returned 0x1 Better luck next time
Breakpoint 1, 0x08049244 in getbufn () (gdb) p/x $ebp-0x208 $2 = 0x556835d8 (gdb) c Continuing. Type string:2 Dud: getbufn returned 0x1 Better luck next time
Breakpoint 1, 0x08049244 in getbufn () (gdb) p/x $ebp-0x208 $3 = 0x55683658 (gdb) c Continuing. Type string:3 Dud: getbufn returned 0x1 Better luck next time
Breakpoint 1, 0x08049244 in getbufn () (gdb) p/x $ebp-0x208 $4 = 0x55683608 (gdb) c Continuing. Type string:4 Dud: getbufn returned 0x1 Better luck next time
Breakpoint 1, 0x08049244 in getbufn () (gdb) p/x $ebp-0x208 $5 = 0x55683658 (gdb) c Continuing. Type string:5 Dud: getbufn returned 0x1 Better luck next time [Inferior 1 (process 3009) exited normally]
btmuli@amadus:~/桌面/LAB3/handout$ ./hex2raw -n < ans4.txt | ./bufbomb -n -u btmuli Userid: btmuli Cookie: 0x29334f58 Type string:KABOOM!: getbufn returned 0x29334f58 Keep going Type string:KABOOM!: getbufn returned 0x29334f58 Keep going Type string:KABOOM!: getbufn returned 0x29334f58 Keep going Type string:KABOOM!: getbufn returned 0x29334f58 Keep going Type string:KABOOM!: getbufn returned 0x29334f58 VALID NICE JOB!