Geek Answers Handbook

How to find the address of a string using gdb?

I want to find the address of a string in memory. In this case, I am looking for "/ bin / sh". Its initialized variable, so it has a fixed address in the .data section and after compilation. So what should I do in GDB to find out its memory address? And I do not know the name of the variable in which it is stored.

+5
source share
3 answers

Use the find command .

find [/sn] start_addr, +len, val1 [, val2, …]
find [/sn] start_addr, end_addr, val1 [, val2, …]

, val1, val2 .. start_addr len end_addr . s n . , .

s, .

b

h halfwords ( )

w ( )

g ( )

. , , C/++, "hello" \0.

, . , . , , , C- 0x42 '(int) 0x42, .

n, . default - .

. ( "). , .

, .

" $_. '$ numfound.

+8

, find gdb.

, cat /proc/$PID/maps , 0x08048000 0xc0000000, :

(gdb) find 0x80048000, 0xc0000000, "/bin/sh"

+6

Using info proc mapsounds like the best approach to me.

(gdb) info proc map
process 930
Mapped address spaces:

      Start Addr           End Addr       Size     Offset objfile
        0x400000           0x401000     0x1000        0x0 /myapp
        0x600000           0x601000     0x1000        0x0 /myapp
        0x601000           0x602000     0x1000     0x1000 /myapp
  0x7ffff7a1c000     0x7ffff7bd2000   0x1b6000        0x0 /usr/lib64/libc-2.17.so
  0x7ffff7bd2000     0x7ffff7dd2000   0x200000   0x1b6000 /usr/lib64/libc-2.17.so
  0x7ffff7dd2000     0x7ffff7dd6000     0x4000   0x1b6000 /usr/lib64/libc-2.17.so
  0x7ffff7dd6000     0x7ffff7dd8000     0x2000   0x1ba000 /usr/lib64/libc-2.17.so

(gdb) find 0x7ffff7a1c000,0x7ffff7bd2000,"/bin/sh"
0x7ffff7b98489
1 pattern found.
(gdb) x /s 0x7ffff7b98489
0x7ffff7b98489: "/bin/sh"
(gdb) x /xg 0x7ffff7b98489
0x7ffff7b98489: 0x0068732f6e69622f
+3
source

More articles:


All Articles