0
我想從libc.so.6的基地址得到testlib.so的地址(因ASLR)如何獲得基地址的共享庫?
testlib.so是共享庫。
gcc -o ./testlib.so ./testlib.c -fPIC -shared -ldl
我用python代碼來查找內存映射狀態。這段代碼運行時
from ctypes import *
#libc = CDLL('libc.so.6')
libc = CDLL('/lib/x86_64-linux-gnu/libc.so.6')
test = CDLL('./testlib.so')
print libc
print test
,並導致
<CDLL '/lib/x86_64-linux-gnu/libc.so.6', handle 7f17750a09b0 at 7f1774f40210>
<CDLL './testlib.so', handle 15b6ea0 at 7f1774f40550>
內存狀態。
Start Addr End Addr Size Offset objfile
0x400000 0x6ea000 0x2ea000 0x0 /usr/bin/python2.7
0x8e9000 0x8eb000 0x2000 0x2e9000 /usr/bin/python2.7
0x8eb000 0x962000 0x77000 0x2eb000 /usr/bin/python2.7
0x962000 0xa6f000 0x10d000 0x0 [heap]
0x7ffff63e1000 0x7ffff6483000 0xa2000 0x0 /home/wwwlk/Downloads/testlib.so
^target address
0x7ffff6483000 0x7ffff6682000 0x1ff000 0xa2000 /home/wwwlk/Downloads/testlib.so
0x7ffff6682000 0x7ffff6683000 0x1000 0xa1000 /home/wwwlk/Downloads/testlib.so
0x7ffff6683000 0x7ffff6684000 0x1000 0xa2000 /home/wwwlk/Downloads/testlib.so
...
0x7ffff77f0000 0x7ffff79b0000 0x1c0000 0x0 /lib/x86_64-linux-gnu/libc-2.23.so
^libc.so.6 address
0x7ffff79b0000 0x7ffff7bb0000 0x200000 0x1c0000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ffff7bb0000 0x7ffff7bb4000 0x4000 0x1c0000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ffff7bb4000 0x7ffff7bb6000 0x2000 0x1c4000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ffff7bb6000 0x7ffff7bba000 0x4000 0x0
...
0x7ffff7ff8000 0x7ffff7ffa000 0x2000 0x0 [vvar]
0x7ffff7ffa000 0x7ffff7ffc000 0x2000 0x0 [vdso]
0x7ffff7ffc000 0x7ffff7ffd000 0x1000 0x25000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7ffff7ffd000 0x7ffff7ffe000 0x1000 0x26000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7ffff7ffe000 0x7ffff7fff000 0x1000 0x0
0x7ffffffde000 0x7ffffffff000 0x21000 0x0 [stack]
...
我計算了偏移量內存,但沒有運行。這裏需要什麼技術?