向正在运行的Linux应用程序注入代码
来源:互联网 发布:淘宝开店的快递 编辑:程序博客网 时间:2024/05/16 09:06
原文地址::http://blog.csdn.net/occupy8/article/details/17056769
相关文章
1、向正在运行的Linux应用程序注入代码----http://www.2cto.com/kf/201212/174170.html
2、linux-inject:注入代码到运行的Linux进程中----http://www.tuicool.com/articles/ramqQnI
from http://www.freebuf.com/articles/system/6388.html
小编的话:感谢0×80的认真翻译,辛苦:) ,各位同学,不要吝惜你的顶和评论哦!
原作者:Gregory Shpitalnik
翻译:0×80
1、简介
假设Linux上正在运行某程序,像Unix守护程序等,我们不想终止该程序,但是同时又需要更新程序的功能。首先映入脑海的可能是更新程序中一些已知函数,添加额外的功能,这样就不会影响到程序已有的功能,且不用终止程序。考虑向正在运行的程序中注入一些新的代码,当程序中已存在的另一个函数被调用时触发这些新代码。也许这种想法有些异想天开,但并不是不能实现的,有时我们确实需要向正在运行的程序中注入一些代码,当然其与病毒的代码注入技术与存在一定关联。
在本文中,我会向读者解释如何向正在Linux系统上运行的程序中注入一段C函数代码,而不必终止该程序。文中我们会讨论Linux目标文件格式Executable and Linkable Format(ELF),讨论目标文件sections(段)、symbols(符号)以及relocations(重定位)。
2、示例概述
笔者会利用以下简单的示例程序向读者一步步解释代码注入技术。示例由以下三部分组成:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)由源码</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">h</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">与</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">编译的动态(共享)库</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)由源码</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">编译的</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">程序,会链接</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">库</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">文件中的注入函数</span>
下面看一下这些代码:
<span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//dynlib.h</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">extern</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">();</span>
dynlib.h文件中声明了printf()函数。
<span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//dynlib.c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><stdio.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><sys/types.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><unistd.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"dynlib.h"</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">extern</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">{</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">static</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">unsigned</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">int</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> counter </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">;</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">++</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">counter</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">;</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> printf</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"%d : PID %d : In print()\n"</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> counter</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> getpid</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">());</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">}</span>dynlib.c文件实现了print()函数,该函数只是打印一个计数(每次函数被调用时都会使该值增加)以及当前进程的pid。
<span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//app.c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><stdio.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><unistd.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"dynlib.h"</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">int</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> main</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">{</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">while</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">{</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">();</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> printf</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"Going to sleep...\n"</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">);</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> sleep</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">);</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> printf</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"Waked up...\n"</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">);</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">}</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">return</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">;</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">}</span>app.c文件中的函数调用print()函数(来自libdynlib.so动态库),之后睡眠几秒钟,然后继续执行该无限循环。
<span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//injection.c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><stdlib.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">extern</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">();</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">extern</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">{</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">();</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//原本的工作,调用print()函数</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> system</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">"date"</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">);</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//添加的额外工作</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">}</span>injection()函数调用会替换app.c文件中main()函数调用的print()函数调用。injection()函数首先会调用原print()函数,之后进行额外的工作。例如,它可以利用system()函数运行一些外部可执行程序,或者像本例中一样打印当前的日期。
3、编译并运行程序
首先利用gcc编译器编译这些源文件:
<span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ gcc </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">g </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Wall</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">fPIC </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">shared </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so$ gcc </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">g app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">ldynlib </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">L </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">./</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o app$ gcc </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Wall</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span>
编译后的程序为:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rwxrwxr</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">x </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6224</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">15</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">14</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">04</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">888</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">16</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">17</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">53</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rwxrwxr</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">x </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5753</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">16</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">17</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">52</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span>
需要注意的是动态库libdynlib.so在编译时指定了-fPIC选项,用来生成地址无关的程序。下面运行app可执行程序:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">./</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">./</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> error </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">while</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> loading shared libraries</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> cannot open shared object file</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">No</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> such file or directory</span>
如果产生以上错误,我们需要将生成的libdynlib.so文件拷贝到/usr/lib/目录下,再执行该程序,得到如下结果:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">./</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span>
4、调试应用程序
程序app只是一个简单的循环程序,这里我们假设其已经运行了几周,在不终止该程序的情况下,将我们的新代码注入到该程序中。在注入过程中利用Linux自带的功能强大的调试器gdb。首先我们需要利用pid(见程序的输出)将程序附着到gdb:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ gdb app </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">GNU gdb </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Red</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Hat</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Linux</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6.3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0.0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1.122rh</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Copyright</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2004</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Free</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Software</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Foundation</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Inc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">GDB is free software</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> covered by the GNU </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">General</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Public</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">License</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> and you arewelcome to change it and</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">or distribute copies of it under certain conditions</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">“</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">show copying</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">”</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to see the conditions</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">There</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> is absolutely no warranty </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">for</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> GDB</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">“</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">show warranty</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">”</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">for</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> details</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">This</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> GDB was configured as </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">“</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">i386</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">redhat</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">linux</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gnu</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">”…</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Using</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> host libthread_db library </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">“/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libthread_db</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">″.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Attaching</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to program</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">home</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> process </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Reading</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> symbols from shared object read from target memory</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">done</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Loaded</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> system supplied DSO at </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">464000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);">`shared object read from target memory’ has disappeared; keeping its symbols.Reading symbols from /usr/lib/libdynlib.so…done.Loaded symbols for /usr/lib/libdynlib.soReading symbols from /lib/libc.so.6…done.Loaded symbols for /lib/libc.so.6Reading symbols from /lib/ld-linux.so.2…done.Loaded symbols for /lib/ld-linux.so.20×00464410 in __kernel_vsyscall ()(gdb)</span>
5、将注入代码加载到可执行程序的内存中
如前所述,目标文件injection.o初始并不包含在app可执行进程镜像中,我们首先需要将injection.o加载到进程的内存地址空间。可以通过mmap()系统调用,该系统调用可以将injection.o文件映射到app进程地址空间中。在gdb调试器中:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> call open</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(“</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">”,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$1 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> call mmap</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">888</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">|</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">|</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$2 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1118208</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span>
首先利用O_RDWR(值为2)的读/写权限打开injection.o文件。一会之后我们在加载注入代码时做写修改,因此需要写权限。返回值为系统分配的文件描述符,可以看到值为3。之后调用mmap()系统调用将该文件载入进程的地址空间。mmap()函数原型如下:
<span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">#include</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="str" style="margin: 0px; padding: 0px; color: rgb(221, 17, 68);"><sys/mman.h></span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">mmap</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">start</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">size_t</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> length</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">int</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> prot</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">int</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> flags</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">int</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> fd</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">off_t</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> offset</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">);</span>
函数包含6个参数:
start表示映射区的开始地址,设置为0时表示由系统决定映射区起始地址。
length表示映射区的长度,这里为injection.o文件的长度,该值在前文第3节出现过。
prot表示期望的内存保护标志(即映射权限),不能与文件的打开模式冲突,这里为1|2|4(即PROT_READ | PROT_WRITE | PROT_EXEC,读/写/执行)
flags指定映射对象的类型,映射选项和映射页是否可以共享,
fd表示已经打开的文件描述符,这里为3。
offset表示被映射对象内容的起点,这里为0。
如果函数执行成功,则返回被映射文件在映射区的起始地址
通过查看/proc/[pid]/maps的内容(这里pid为要注入的可执行进程的pid,本例为25593),我们可以确定injection.o文件实际被映射到的进程地址空间,在Linux系统中,文件包含当前正在运行的进程的内存布局信息
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">~]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ cat </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">proc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">maps</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00112000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rwxs </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">02</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">57933979</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">home</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00464000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00465000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">xp </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00464000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">vdso</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00500000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00501000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">xp </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5464089</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">usr</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00501000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00502000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5464089</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">usr</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libdynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007bb000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d4000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">xp </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311704</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">ld</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d4000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d5000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">--</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00018000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311704</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">ld</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d5000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d6000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00019000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311704</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">ld</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">007d8000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00904000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">xp </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311705</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00904000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00907000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">--</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0012b000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311705</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00907000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00908000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0012e000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">01</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1311705</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">libc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2.4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">so</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00908000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0090b000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00908000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08048000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> r</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">xp </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">02</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">57933977</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">home</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0804a000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">03</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">02</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">57933977</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">home</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09ca5000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09cc6000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09ca5000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">heap</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">b7f94000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">b7f95000 rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p b7f94000 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">b7fa4000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">b7fa6000 rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p b7fa4000 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">bfb91000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">bfba6000 rw</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">p bfb91000 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">stack</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">~]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$</span>
可以看到/home/0×80/dynlib/injection.o起始于进程地址空间的0×00111000地址处(转换成十进制即为1118208),终止于地址空间的0×00112000地址处。以上输出同时包含了其它动态库的映射信息。现在我们已经将所有需要的组件加载到可执行进程的内存空间中了。
6、重定位
下面,我们从内部检查ELF格式的二进制可执行文件程序app。我们使用Linux自带的readelf程序,来显示ELF格式的目标文件(Linux中的任意object文件、库或可执行文件)中的不同数据,即查看app程序中的符号重定位信息。我们只对其中的print()函数调用的重定位感兴趣。
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ readelf </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">r app</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Relocation</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> section </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">‘.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rel</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dyn</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">’</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> at offset </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">338</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> contains </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> entries</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Offset</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Info</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Value</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Name</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049678</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000c06</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_GLOB_DAT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> __gmon_start__</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Relocation</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> section </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">‘.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rel</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">plt</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">’</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> at offset </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">340</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> contains </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> entries</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Offset</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Info</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Value</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Name</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049688</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000107</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_JUMP_SLOT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0804968c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000207</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_JUMP_SLOT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> puts</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049690</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000407</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_JUMP_SLOT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> sleep</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049694</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000607</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_JUMP_SLOT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> __libc_start_main</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049698</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000c07</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_JUMP_SLOT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> __gmon_start__</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$</span>
如读者所见,print符号重定位位于app程序的绝对(虚拟)地址0×08049688偏移处,重定位的类型为R_386_JUMP_SLOT。在程序被加载到内存且在运行之前,重定位地址是一个绝对虚拟地址。注意该重定位驻留在程序二进制镜像的.rel.plt段内。PLT即Procedure Linkage Table的缩写,是为函数间接调用提供的表,即在调用一个函数是,不是直接跳转到函数的位置,而是首先跳转到Procedure Linkage Table的入口处,之后再从PLT跳转到函数的实际代码处。如果要调用的函数位于一个动态库中(如本例中的libdynlib.so),那么这种做法是必要的,因为我们不可能提前知道动态库会被加载到进程空间的什么位置,以及动态库中的第一个函数是什么(本位中为print()函数)。所有这些知识只在程序被加载到内存之后且运行之前有效,这时系统的动态链接器(Linux系统中为ld-linux.so)会解决重定位的问题,使请求的函数能够被正确调用。在本文的例子中,动态链接器会将libdynlib.so加载到可执行进程的地址空间,找到print()函数在库中的地址,并将该地址设置为重定位地址0×08049688。
我们的目标是用injection.o目标文件中injection()函数的地址替换print()函数的地址,该函数在程序刚开始运行之初并不包含在它的进程地址空间中。
更多关于ELF格式、重定位以及动态链接器的的信息,读者可以参考Executable and Linkable Format(ELF)文档。
我们可以检查地址0×08049688正是函数print()函数的地址:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">&</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print$3 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(*)())</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x50051c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">x </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049688</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$4 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x50051c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span>
injection()函数的地址可以通过对injection.o文件运行readelf –s(显示目标文件的符号表)得到:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ readelf </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">s injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Symbol</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> table </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">‘.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">symtab</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">’</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> contains </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">11</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> entries</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Num</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Value</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Size</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Bind</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Vis</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Ndx</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Name</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> NOTYPE LOCAL DEFAULT UND</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">FILE</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> LOCAL DEFAULT ABS injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">c</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">7</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">7</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> SECTION LOCAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">8</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> FUNC GLOBAL DEFAULT </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> injection</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">9</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> NOTYPE GLOBAL DEFAULT UND print</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">10</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> NOTYPE GLOBAL DEFAULT UND system</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$</span>
函数(符号)injection位于injection.o文件.text段的偏移0处,但.text段起始于injection.o文件的偏移0×000034处:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ sudo readelf </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">S injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">There</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> are </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">11</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> section headers</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> starting at offset </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0xd4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Section</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Headers</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Nr</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Name</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Addr</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Off</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Size</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> ES </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Flg</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Lk</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Inf</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Al</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> NULL </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">text PROGBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000019</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> AX </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rel</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">text REL </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000360</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000018</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">9</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">data PROGBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000050</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> WA </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">bss NOBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000050</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> WA </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rodata PROGBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000050</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000005</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> A </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">comment PROGBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000055</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00002d</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">7</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">note</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">GNU</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">stack</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PROGBITS </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000082</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">8</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">shstrtab STRTAB </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000082</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000051</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">9</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">symtab SYMTAB </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00028c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0000b0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">10</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">10</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">8</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">10</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">strtab STRTAB </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00033c</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000024</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Key</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Flags</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">W </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">write</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> A </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">alloc</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> X </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">execute</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> M </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">merge</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> S </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">strings</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">I </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">info</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> L </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">link order</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> G </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">group</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> x </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">unknown</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">O </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">extra OS processing required</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> o </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">OS specific</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">),</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">processor specific</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$</span>
7、用injection()函数替换print()函数
这里提醒读者,injection.o文件已经被加载到app进程内存空间的地址0×00111000处(见上文)。因此injection()函数的最终绝对虚拟地址为0×00111000+0×000034.
下面用该地址替换print()函数的重定位地址0×08069688:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">set</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">08049688</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span>
到这里,我们已经成功用对injection()函数的调用替换了对print()函数的调用。
8、解决injection()函数的重定位
不过我们还有一些工作要做。injection()函数的代码目前还不能运行,因为我们仍有3个重定位没有解决:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ readelf </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">r injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Relocation</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> section </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">‘.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rel</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">text</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">’</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> at offset </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">360</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> contains </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> entries</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Offset</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Info</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Type</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Value</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Sym</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Name</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000007</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000902</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_PC32 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0000000e</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000501</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_32 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rodata</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000013</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000a02</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> R_386_PC32 </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> system</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$</span>
print重定位引用libdynlib.so库中的print()函数调用,.rodata重定位指向保存在.rodata只读数据段的“date”常量字符串(译者注:即system(date)调用中的“date”),system重定位引用系统的system()函数调用。需要注意的是所有这三个重定位是驻留在.rel.text段中的,因此它们的偏移是相对于.text段而言的。
我们需要手动解决以上三个重定位,为这三个内存位置设置适当的地址。程序进程地址空间中的这些重定位地址是通过求和计算出来的:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">在进程地址空间中的起始地址(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)。</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">).</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">text</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">段在</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">o</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">目标文件中的起始偏移量(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)。</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">3</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)相对于.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">text</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">段的重定位偏移量(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">为</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000007</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">rodata</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">为</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x0000000e</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">system</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">为</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00000013</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)。</span>
可以看到print与system的重定位类型为R_386_PC32,意味着要设置的重定位地址的值应该利用程序计数寄存器PC来计算,这样才是相对于重定位地址的。
(译者注:所谓重定位类型,就是规定了使用何种方式,去计算这个值,具体有哪些变量参与计算如同如何进行计算一样也是不固定的,各种重定位类型有自己的规定。据规范里面的规定,重定位类型R_386_PC32的计算需要有三个变量参与:S,A和P。其计算方式是 S+A-P。根据规范,当R_386_PC32类型的重定位发生在link editor链接若干个.o对象文件从而形成可执行文件的过程中的时候,变量S指代的是被重定位的符号的实际运行时地址,而变量P是重定位所影响到的地址单元的实际运行时地址。在运行于x86架构上的Linux系统中,这两个地址都是虚拟地址。变量A最简单,就是重定位所需要的附加数,它是一个常数。别忘x86架构所使用的重定位条目结构体类型Elf32_Rela,所以附加数就存在于受重定位影响的地址单元中。重定位最后将计算得到的值patch到这个地址单元中。)
R_386_32表示绝对地址的重定位,可以直接使用符号的地址;R_386_PC32表示对相对地址的重定位,要用“符号地址-重定位地址”得出相对地址。
R_386_32 类型规定只是将附加数加上符号的值作为所需要的值,即.rodata的重定位需要在地址0×00111000的基础上加上一个附加数。
计算方法如下:
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">&</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> system$7 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">733650</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//system()函数的地址</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000013</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$8 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">// system符号重定位的加数</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">set</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000013</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">733650</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000000013</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">&</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print$9 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(*)(</span><span class="kwd" style="margin: 0px; padding: 0px; color: rgb(30, 52, 123);">void</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">))</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x40000be8</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">// print()函数的地址</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0000007</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$10 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">-</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">// print符号重定位的加数</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">set</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0000007</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x40000be8</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0000007</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">–</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> p </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x0000000e</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$11 </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">// .rodata符号重定位的加数</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">set</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">*</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000034</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x0000000e</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">=</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">00111000</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">+</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">000050</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">//0×000050为.rodata 段在injection.o目标文件中的偏移(见上文第6节结尾处)</span>
解决了injection()函数代码中的所有3个重定位,那么要做的准备工作就做完了,可以退出gdb调试器了。应用程序会继续运行,并且在此之后,除了继续之前的打印工作,程序同时还会输出当前的日期。
<span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">gdb</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> qA debugging session is active</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Inferior</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">1</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">process </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> will be detached</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">.</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Quit</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> anyway</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">?</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">(</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">y or n</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">)</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> y</span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Detaching</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> from program</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">home</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">×</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">80</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">/</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">app</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">,</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> process </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">0x80@localhost</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> dynlib</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">$ </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">[</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">lnx63</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);">code_injection</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">]</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="com" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">// app程序会继续执行</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Thu</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">12</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">20</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">40</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> IST </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2012</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">4</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Thu</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">12</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">20</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">43</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> IST </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2012</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">5</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Thu</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">12</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">20</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">46</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> IST </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2012</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">6</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Thu</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Oct</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">12</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">20</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">09</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">49</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> IST </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">2012</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">7</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> PID </span><span class="lit" style="margin: 0px; padding: 0px; color: rgb(25, 95, 145);">25658</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">:</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> </span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">In</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> print</span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">()</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Going</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> to sleep </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"></span><span class="typ" style="margin: 0px; padding: 0px; color: teal;">Waked</span><span class="pln" style="margin: 0px; padding: 0px; color: rgb(72, 72, 76);"> up </span><span class="pun" style="margin: 0px; padding: 0px; color: rgb(147, 161, 161);">…</span>
9、结论
在本文中,笔者演示了如何向正在运行于Linux系统上的应用程序注入一个C函数,而不必终止该程序。需要注意的是当前用户必须是被注入的进程的,或者拥有对进程内存处理的相应权限。
0 0
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码f
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代码f
- 向正在运行的Linux应用程序注入代码
- 向正在运行的Linux应用程序注入代…
- 如何向一个正在运行的linux应用插入代码
- 向一个运行中的进程注入自己的代码
- 列举正在运行的所有应用程序
- android 获取正在运行的应用程序列表
- android 获取正在运行的应用程序列表 .
- android获取正在运行的应用程序
- android获取正在运行的应用程序
- 项目随记——SharePoint 2003
- Poj 3921 Destroying the bus stations【最小费用流】
- NSQ如何创建生产者(topic)
- [LeetCode]Convert a Number to Hexadecimal(Java)
- configuration of tomcat: switch from http protocol to https protocol
- 向正在运行的Linux应用程序注入代码
- 聊聊并发(二)——Java SE1.6中的Synchronized
- ios10 代码注释不能用的解决办法
- android 播放视频时切换全屏隐藏状态栏
- java.lang.ClassCastException: android.widget.LinearLayout$LayoutParams cannot be cast to android.wid
- CentOS_6.5安装Nginx+PHP+MySQL
- MD5签名加密
- Delphi操作Word中的表
- 【文件上传 前端】文件上传 前端 Part2 —— HTML5 文件指针方式
