קוד: |
$ gdb ./getaddr ... (gdb) p system $2 = {<text variable, no debug info>} 0xb7ecffb0 <__libc_system> |
קוד: |
$ gdb ./getaddr2 ... (gdb) p system $1 = {<text variable, no debug info>} 0xb7ecbfb0 <__libc_system> |
קוד: |
$ ldd getaddr linux-gate.so.1 => (0xb7fe4000) libc.so.6 => /lib/libc.so.6 (0xb7e99000) /lib/ld-linux.so.2 (0xb7fe5000) $ ldd getaddr2 linux-gate.so.1 => (0xb7fe4000) libdl.so.2 => /lib/libdl.so.2 (0xb7fda000) libc.so.6 => /lib/libc.so.6 (0xb7e95000) /lib/ld-linux.so.2 (0xb7fe5000) |
קוד: |
0xb7ecffb0-0xb7e99000 = 0x36fb0
0xb7ecbfb0-0xb7e95000 = 0x36fb0 |
קוד: |
$ nm -D /lib/libc.so.6 | grep system 00038fb0 T __libc_system 00038fb0 W system |
קוד: |
cat <<EOF >test.c #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main() { char buf[512]; sprintf(buf, "pmap %d", getpid()); system(buf); printf("\nAddress of the function systen(): %p\n", system); } EOF $ gcc -otest -g -Wall test.c $ setarch x86_64 -R ./test 26971: ./test 0000555555554000 4K r-x-- test 0000555555754000 4K r---- test 0000555555755000 4K rw--- test 00007ffff7a3b000 1620K r-x-- libc-2.24.so 00007ffff7bd0000 2044K ----- libc-2.24.so 00007ffff7dcf000 16K r---- libc-2.24.so 00007ffff7dd3000 8K rw--- libc-2.24.so 00007ffff7dd5000 16K rw--- [ anon ] 00007ffff7dd9000 140K r-x-- ld-2.24.so 00007ffff7faa000 8K rw--- [ anon ] 00007ffff7ff5000 12K rw--- [ anon ] 00007ffff7ff8000 8K r---- [ anon ] 00007ffff7ffa000 8K r-x-- [ anon ] 00007ffff7ffc000 4K r---- ld-2.24.so 00007ffff7ffd000 4K rw--- ld-2.24.so 00007ffff7ffe000 4K rw--- [ anon ] 00007ffffffde000 132K rw--- [ stack ] ffffffffff600000 4K r-x-- [ anon ] total 4040K Address of the function systen(): 0x7ffff7a7a450 $ nm -D /lib/x86_64-linux-gnu/libc-2.24.so | grep system 000000000003f450 T __libc_system 0000000000115230 T svcerr_systemerr 000000000003f450 W system |