2017-02-08 50 views
1

我只有.out文件,我試圖用GDB更改整數。程序不會運行後修改組裝與GDB

(gdb) disas/r main 
Dump of assembler code for function main: 

0x080484da <+0>: 8d 4c 24 04 lea 0x4(%esp),%ecx 
0x080484de <+4>: 83 e4 f0 and $0xfffffff0,%esp 
0x080484e1 <+7>: ff 71 fc pushl -0x4(%ecx) 
0x080484e4 <+10>: 55 push %ebp 
0x080484e5 <+11>: 89 e5 mov %esp,%ebp 
0x080484e7 <+13>: 51 push %ecx 
0x080484e8 <+14>: 83 ec 14 sub $0x14,%esp 
0x080484eb <+17>: c7 45 f0 00 00 00 00 movl $0x0,-0x10(%ebp) 
0x080484f2 <+24>: c7 45 f4 00 00 00 00 movl $0x0,-0xc(%ebp) 
0x080484f9 <+31>: 83 ec 0c sub $0xc,%esp 
0x080484fc <+34>: 6a 00 push $0x0 
0x080484fe <+36>: e8 6d fe ff ff call 0x8048370 <[email protected]> 
0x08048503 <+41>: 83 c4 10 add $0x10,%esp 
0x08048506 <+44>: 83 ec 0c sub $0xc,%esp 
0x08048509 <+47>: 50 push %eax 
0x0804850a <+48>: e8 81 fe ff ff call 0x8048390 <[email protected]> 
0x0804850f <+53>: 83 c4 10 add $0x10,%esp 
0x08048512 <+56>: e8 99 fe ff ff call 0x80483b0 <[email protected]> 
0x08048517 <+61>: 89 c1 mov %eax,%ecx 
0x08048519 <+63>: ba 67 66 66 66 mov $0x66666667,%edx 
0x0804851e <+68>: 89 c8 mov %ecx,%eax 
0x08048520 <+70>: f7 ea imul %edx 
0x08048522 <+72>: c1 fa 02 sar $0x2,%edx 
0x08048525 <+75>: 89 c8 mov %ecx,%eax 
0x08048527 <+77>: c1 f8 1f sar $0x1f,%eax 
0x0804852a <+80>: 29 c2 sub %eax,%edx 
0x0804852c <+82>: 89 d0 mov %edx,%eax 
0x0804852e <+84>: 89 45 f4 mov %eax,-0xc(%ebp) 
0x08048531 <+87>: 8b 55 f4 mov -0xc(%ebp),%edx 
0x08048534 <+90>: 89 d0 mov %edx,%eax 
0x08048536 <+92>: c1 e0 02 shl $0x2,%eax 
0x08048539 <+95>: 01 d0 add %edx,%eax 
0x0804853b <+97>: 01 c0 add %eax,%eax 
0x0804853d <+99>: 29 c1 sub %eax,%ecx 
0x0804853f <+101>: 89 c8 mov %ecx,%eax 
0x08048541 <+103>: 89 45 f4 mov %eax,-0xc(%ebp) 
0x08048544 <+106>: 83 ec 08 sub $0x8,%esp 
0x08048547 <+109>: ff 75 f4 pushl -0xc(%ebp) 
0x0804854a <+112>: 68 50 86 04 08 push $0x8048650 
0x0804854f <+117>: e8 0c fe ff ff call 0x8048360 <[email protected]> 
0x08048554 <+122>: 83 c4 10 add $0x10,%esp 
0x08048557 <+125>: 83 7d f4 05 cmpl $0x5,-0xc(%ebp) 
0x0804855b <+129>: 7e 2a jle 0x8048587 <main+173> 
==> 0x0804855d <+131>: c7 45 f0 00 04 00 00 movl $0x400,-0x10(%ebp) 
0x08048564 <+138>: 83 ec 0c sub $0xc,%esp 
0x08048567 <+141>: ff 75 f0 pushl -0x10(%ebp) 
0x0804856a <+144>: e8 5c ff ff ff call 0x80484cb <dump> 
0x0804856f <+149>: 83 c4 10 add $0x10,%esp 
0x08048572 <+152>: 83 ec 08 sub $0x8,%esp 
0x08048575 <+155>: ff 75 f0 pushl -0x10(%ebp) 
0x08048578 <+158>: 68 82 86 04 08 push $0x8048682 
0x0804857d <+163>: e8 de fd ff ff call 0x8048360 <[email protected]> 
0x08048582 <+168>: 83 c4 10 add $0x10,%esp 
0x08048585 <+171>: eb 28 jmp 0x80485af <main+213> 
0x08048587 <+173>: c7 45 f0 8f 02 00 00 movl $0x28f,-0x10(%ebp) 
0x0804858e <+180>: 83 ec 0c sub $0xc,%esp 
0x08048591 <+183>: ff 75 f0 pushl -0x10(%ebp) 
0x08048594 <+186>: e8 32 ff ff ff call 0x80484cb <dump> 
0x08048599 <+191>: 83 c4 10 add $0x10,%esp 
0x0804859c <+194>: 83 ec 08 sub $0x8,%esp 
0x0804859f <+197>: ff 75 f0 pushl -0x10(%ebp) 
0x080485a2 <+200>: 68 82 86 04 08 push $0x8048682 
0x080485a7 <+205>: e8 b4 fd ff ff call 0x8048360 <[email protected]> 
0x080485ac <+210>: 83 c4 10 add $0x10,%esp 
0x080485af <+213>: 83 ec 0c sub $0xc,%esp 
0x080485b2 <+216>: 6a 05 push $0x5 
0x080485b4 <+218>: e8 c7 fd ff ff call 0x8048380 <[email protected]> 
0x080485b9 <+223>: 83 c4 10 add $0x10,%esp 
0x080485bc <+226>: e9 51 ff ff ff jmp 0x8048512 <main+56> 
End of assembler dump. 

我不得不排隊0x0804855d < +131>所以我做

set *(0x0804855d+4) = 0x05 

然後

(gdb) disas/r main 
..... 
0x0804855d <+131>: c7 45 f0 00 05 00 00 movl $0x500,-0x10(%edb) 
..... 

但是,當我將嘗試運行它,我將與500〜400改變得到SIGILL並且執行將停止。 有什麼顯而易見的?或不。?

+2

你可能也改變了下一條指令的第一個字節爲0。 –

回答

2

羅斯里奇是完全正確的。

相反的set *(0x0804855d+4) = 0x05,你應該做set *(0x0804855d+3) = 0x500,或set *(char*)0x8048561 = 0x5

相關問題