Get GDB Return Address

Question

Get GDB Return Address

I recently started using GDB for a class, and I struggled a bit. I have a task where I need to perform Lab 1 exercise, which requires me to search for two vulnerabilities in the code and do the following: them:

The first should overwrite the return address on the stack, and the second should overwrite some other data structure that you will use to control the program control flow.

I have already overfilled the data structure that I think of is EIP, which indicates which other command it will make.

Now how do I get to the return address (RET) of the frame? Any frame, it doesn't matter, I just want to know how I can calculate the bytes between RET and possibly ESP so that I can subtract it and get the length. I just started with GDB, so take it easy.

+5

gdb

Joe Sep 2 '15 at 5:35

source share

1 answer

mofoe · Accepted Answer · 2015-09-02T19:55:12+0000

Now how do I get to the return address (RET) of the frame?

To get the location of the stored return address of a particular function, you can put a breakpoint in that function and use the info frame command.

Here is an example:

 gdb /path/to/binary (gdb) br main (gdb) run Starting program: /path/to/binary Breakpoint 1, 0x08048480 in main () (gdb) info frame Stack level 0, frame at 0xffffd700: eip = 0x8048480 in main; saved eip = 0xf7e3ca63 Arglist at 0xffffd6f8, args: Locals at 0xffffd6f8, Previous frame sp is 0xffffd700 Saved registers: ebp at 0xffffd6f8, eip at 0xffffd6fc

Pay attention to saved eip = 0xf7e3ca63 and eip at 0xffffd6fc . In this case, you will need to overwrite the value in 0xffffd6fc so that when the function returns, execution continues with the value you saved.

Get GDB Return Address

More articles: