I want to add some extra funcionality to /bin/ls.
So I started it on gdb and added a breakpoint at the beginning.
我想为/ bin / ls添加一些额外的功能。所以我在gdb上启动它并在开头添加了一个断点。
Now question is: how can I change the code of a running program in memory? I can see the assembly code, but I'm not able to modify. How can I do it?
现在的问题是:如何在内存中更改正在运行的程序的代码?我可以看到汇编代码,但我无法修改。我该怎么做?
On Windows I can easily do this with olldbg for example. How about on Linux?
在Windows上,我可以使用olldbg轻松完成此操作。在Linux上怎么样?
(I know that doing this I will only change the code of the process in memory. So then I can dump memory to a file, and then I'll have my changes saved in a binary file).
(我知道这样做我只会更改内存中进程的代码。所以我可以将内存转储到文件中,然后我将更改保存在二进制文件中)。
Thank you.
4 个解决方案
#1
13
You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)
您可以直接将二进制文件写入内存,但GDB没有内置汇编程序,但是您可以执行类似set *(unsigned char *)0x80FFDDEE = 0x90的操作,以将该地址的助记符更改为NOP。然而,您可以使用NASM编写shellcode并使用perl或python将其注入程序:)
You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474
您可能也喜欢这个小的.gdbinit文件,使调试更简单:https://gist.github.com/985474
#2
6
I would recommend a different approach: Download the coreutils package and modify the source code for ls. If possible, you should get the package from your distro's source repositories and apply any patches.
我建议采用不同的方法:下载coreutils包并修改ls的源代码。如果可能,您应该从您的发行版的源存储库获取包并应用任何修补程序。
#3
3
Here is a blog post that explains how to change the code at runtime both for gdb and Visual Studio.
这是一篇博客文章,解释了如何在运行时为gdb和Visual Studio更改代码。
#4
2
compile code command
编译代码命令
Introduced around 7.9, it allows code compilation and injection. Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
介绍大约7.9,它允许代码编译和注入。文档:https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
I have given a minimal example in this answer.
我在这个答案中给出了一个很小的例子。
While it is not actual code modification, it does allow you to compile some code on the fly and run it once immediately, which might be enough.
虽然它不是实际的代码修改,但它允许您动态编译一些代码并立即运行一次,这可能就足够了。
And the GNU cauldron presentation suggests that actual code modification may be added later on as an extension to this feature, see slide 30 "Fix and continue".
GNU大锅演示文稿建议稍后可以添加实际代码修改作为此功能的扩展,请参阅幻灯片30“修复并继续”。
There are a few constructs that did not work as I expected like return, so I've asked why at: In the GDB compile code command, what language constructs behave exactly as if they were present in the original source?
有一些构造没有像我预期的那样工作返回,所以我问为什么在:在GDB编译代码命令中,什么语言构造的行为就像它们在原始源中存在一样?
#1
13
You can write binary to memory directly but GDB doesn't have an assembler build in by default you can however do something like set *(unsigned char*)0x80FFDDEE = 0x90 to change the mnemonic at that address to a NOP for example. You could however use NASM to write a shellcode and use perl or python to inject it into the program :)
您可以直接将二进制文件写入内存,但GDB没有内置汇编程序,但是您可以执行类似set *(unsigned char *)0x80FFDDEE = 0x90的操作,以将该地址的助记符更改为NOP。然而,您可以使用NASM编写shellcode并使用perl或python将其注入程序:)
You might also like this little .gdbinit file to make debugging allot easier: https://gist.github.com/985474
您可能也喜欢这个小的.gdbinit文件,使调试更简单:https://gist.github.com/985474
#2
6
I would recommend a different approach: Download the coreutils package and modify the source code for ls. If possible, you should get the package from your distro's source repositories and apply any patches.
我建议采用不同的方法:下载coreutils包并修改ls的源代码。如果可能,您应该从您的发行版的源存储库获取包并应用任何修补程序。
#3
3
Here is a blog post that explains how to change the code at runtime both for gdb and Visual Studio.
这是一篇博客文章,解释了如何在运行时为gdb和Visual Studio更改代码。
#4
2
compile code command
编译代码命令
Introduced around 7.9, it allows code compilation and injection. Documentation: https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
介绍大约7.9,它允许代码编译和注入。文档:https://sourceware.org/gdb/onlinedocs/gdb/Compiling-and-Injecting-Code.html
I have given a minimal example in this answer.
我在这个答案中给出了一个很小的例子。
While it is not actual code modification, it does allow you to compile some code on the fly and run it once immediately, which might be enough.
虽然它不是实际的代码修改,但它允许您动态编译一些代码并立即运行一次,这可能就足够了。
And the GNU cauldron presentation suggests that actual code modification may be added later on as an extension to this feature, see slide 30 "Fix and continue".
GNU大锅演示文稿建议稍后可以添加实际代码修改作为此功能的扩展,请参阅幻灯片30“修复并继续”。
There are a few constructs that did not work as I expected like return, so I've asked why at: In the GDB compile code command, what language constructs behave exactly as if they were present in the original source?
有一些构造没有像我预期的那样工作返回,所以我问为什么在:在GDB编译代码命令中,什么语言构造的行为就像它们在原始源中存在一样?