We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(https://github.com/ctf-wiki/ctf-challenges/tree/master/pwn/stackoverflow/ret2shellcode/ret2shellcode-example)/ret2shellcode.c 用这个文件编译之后,用给出的方法不行,用题目中提供的执行文件可以。通过gdb发现: 题目给的目标文件: ──────[ DISASM ]──── ► 0x8048536 <main+9> mov eax, dword ptr [0x804a060] 0x804853b <main+14> mov dword ptr [esp + 0xc], 0 mov操作 0x8048543 <main+22> mov dword ptr [esp + 8], 2 0x804854b <main+30> mov dword ptr [esp + 4], 0 0x8048553 <main+38> mov dword ptr [esp], eax 0x8048556 <main+41> call setvbuf@plt setvbuf@plt 而自己编译之后这样: ────────────[ DISASM ]───── ► 0x80484f9 <main+14> sub esp, 0x74 0x80484fc <main+17> mov eax, dword ptr [stdout@@GLIBC_2.0] <0x804a044> 0x8048501 <main+22> push 0 push操作 0x8048503 <main+24> push 2 0x8048505 <main+26> push 0 0x8048507 <main+28> push eax 0x8048508 <main+29> call setvbuf@plt setvbuf@plt 造成不能溢出成功 请问题目中的执行文件如何编译的?
The text was updated successfully, but these errors were encountered:
我的版本:gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)
Sorry, something went wrong.
按照:https://www.cnblogs.com/clover-toeic/p/3755401.html 提到: 参数压栈指令因编译器而异,如下两种压栈方式基本等效: 种压栈方式均遵循C调用约定,但方式二中主调函数在调用返回后并未显式清理堆栈空间。因为在被调函数序阶段,编译器在栈顶为函数参数预先分配内存空间(sub指令)。函数参数被复制到栈中(而非压入栈中),并未修改栈顶指针,故调用返回时主调函数也无需修改栈顶指针。gcc3.4(或更高版本)编译器采用该技术将函数参数传递至栈上,相比栈顶指针随每次参数压栈而多次下移,一次性设置好栈顶指针更为高效。
我的版本应该是第二种方式,实际怎么是第一种?
No branches or pull requests
(https://github.com/ctf-wiki/ctf-challenges/tree/master/pwn/stackoverflow/ret2shellcode/ret2shellcode-example)/ret2shellcode.c
用这个文件编译之后,用给出的方法不行,用题目中提供的执行文件可以。通过gdb发现:
题目给的目标文件:
──────[ DISASM ]────
► 0x8048536 <main+9> mov eax, dword ptr [0x804a060]
0x804853b <main+14> mov dword ptr [esp + 0xc], 0 mov操作
0x8048543 <main+22> mov dword ptr [esp + 8], 2
0x804854b <main+30> mov dword ptr [esp + 4], 0
0x8048553 <main+38> mov dword ptr [esp], eax
0x8048556 <main+41> call setvbuf@plt setvbuf@plt
而自己编译之后这样:
────────────[ DISASM ]─────
► 0x80484f9 <main+14> sub esp, 0x74
0x80484fc <main+17> mov eax, dword ptr [stdout@@GLIBC_2.0] <0x804a044>
0x8048501 <main+22> push 0 push操作
0x8048503 <main+24> push 2
0x8048505 <main+26> push 0
0x8048507 <main+28> push eax
0x8048508 <main+29> call setvbuf@plt setvbuf@plt
造成不能溢出成功
请问题目中的执行文件如何编译的?
The text was updated successfully, but these errors were encountered: