debugging 如何在gdb中查找二进制字符串地址？

bweufnob 于 2022-11-14 发布在其他

关注(0)|答案(1)|浏览(316)

下面是该二进制文件的源代码：

#include <stdio.h>

int main(){
  printf("Hello World\n");
  return 0;
}

下面是这个源代码的编译：
@CTOS：/tmp/mytemp$ gcc你好世界. c-o你好世界
现在，当我在gdb中反汇编我的二进制文件时，如下所示：

Reading symbols from helloWorld...
(No debugging symbols found in helloWorld)
(gdb) disassemble main
Dump of assembler code for function main:
   0x0000000000001149 <+0>:     endbr64 
   0x000000000000114d <+4>:     push   %rbp
   0x000000000000114e <+5>:     mov    %rsp,%rbp
   0x0000000000001151 <+8>:     lea    0xeac(%rip),%rax     
   0x0000000000001158 <+15>:    mov    %rax,%rdi
   0x000000000000115b <+18>:    call   0x1050 <puts@plt>
   0x0000000000001160 <+23>:    mov    $0x0,%eax
   0x0000000000001165 <+28>:    pop    %rbp
   0x0000000000001166 <+29>:    ret    
End of assembler dump.

(gdb) p (char*)0xeac
$1 = 0xeac <error: Cannot access memory at address 0xeac>

现在我想知道在puts函数调用中传递的“Hello World”字符串的地址，我想通过gdb命令在gdb中显示该地址。我该怎么做呢？

debugging

来源：https://stackoverflow.com/questions/73752029/how-to-find-address-of-string-in-binary-in-gdb

1条答案

按热度按时间

smdnsysy1#

进入打印的步骤产生以下输出：

__GI__IO_puts (str=0x555555556004 "Hello World") at ioputs.c:35

另一种方法是在进程的文本段中查找字符串，首先查看进程Map，然后使用find查找字符串。

(gdb) info proc mappings
process 212970
Mapped address spaces:

          Start Addr           End Addr       Size     Offset objfile
      0x555555554000     0x555555555000     0x1000        0x0 /home/allan/a.out
      0x555555555000     0x555555556000     0x1000     0x1000 /home/allan/a.out
      0x555555556000     0x555555557000     0x1000     0x2000 /home/allan/a.out
      0x555555557000     0x555555558000     0x1000     0x2000 /home/allan/a.out
      0x555555558000     0x555555559000     0x1000     0x3000 /home/allan/a.out
      0x7ffff7dd7000     0x7ffff7df9000    0x22000        0x0 /usr/lib/x86_64-linux-gnu/libc-2.31.so
      0x7ffff7df9000     0x7ffff7f53000   0x15a000    0x22000 /usr/lib/x86_64-linux-gnu/libc-2.31.so
      0x7ffff7f53000     0x7ffff7fa2000    0x4f000   0x17c000 /usr/lib/x86_64-linux-gnu/libc-2.31.so
      0x7ffff7fa2000     0x7ffff7fa6000     0x4000   0x1ca000 /usr/lib/x86_64-linux-gnu/libc-2.31.so
      0x7ffff7fa6000     0x7ffff7fa8000     0x2000   0x1ce000 /usr/lib/x86_64-linux-gnu/libc-2.31.so
      0x7ffff7fa8000     0x7ffff7fae000     0x6000        0x0 
      0x7ffff7fca000     0x7ffff7fcc000     0x2000        0x0 
      0x7ffff7fcc000     0x7ffff7fd0000     0x4000        0x0 [vvar]
      0x7ffff7fd0000     0x7ffff7fd2000     0x2000        0x0 [vdso]
      0x7ffff7fd2000     0x7ffff7fd3000     0x1000        0x0 /usr/lib/x86_64-linux-gnu/ld-2.31.so
      0x7ffff7fd3000     0x7ffff7ff3000    0x20000     0x1000 /usr/lib/x86_64-linux-gnu/ld-2.31.so
      0x7ffff7ff3000     0x7ffff7ffb000     0x8000    0x21000 /usr/lib/x86_64-linux-gnu/ld-2.31.so
      0x7ffff7ffc000     0x7ffff7ffd000     0x1000    0x29000 /usr/lib/x86_64-linux-gnu/ld-2.31.so
      0x7ffff7ffd000     0x7ffff7ffe000     0x1000    0x2a000 /usr/lib/x86_64-linux-gnu/ld-2.31.so
      0x7ffff7ffe000     0x7ffff7fff000     0x1000        0x0 
      0x7ffffffde000     0x7ffffffff000    0x21000        0x0 [stack]

(gdb) find 0x555555554000, 0x555555559000, "Hello World"
0x555555556004

赞(0）回复(0）举报 2022-11-14

我来回答

debugging 如何在gdb中查找二进制字符串地址？

1条答案

相关问题

热门标签

最新问答