如何获取从shell调用的二进制文本段的基地址?
How to get the base address of the text segment of the binary invoked from shell?
我的目标是获取二进制 gpg 文本段的基地址,而我 运行 它是 shell 中的一个进程。
在我 运行 带有一些参数的二进制文件之后,我获得了我的进程 ID (pid)。所以我转储地图文件 /proc/pid/maps
00400000-004ee000 r-xp 00000000 08:06 12723157 /usr/local/bin/gpg
006ed000-006ee000 r--p 000ed000 08:06 12723157 /usr/local/bin/gpg
006ee000-006f2000 rw-p 000ee000 08:06 12723157 /usr/local/bin/gpg
006f2000-006f5000 rw-p 00000000 00:00 0
018f2000-01934000 rw-p 00000000 00:00 0 [heap]
7f0a1d922000-7f0a1e225000 r--p 00000000 08:06 12459144 /usr/lib/locale/locale-archive
7f0a1e225000-7f0a1e24a000 r-xp 00000000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e24a000-7f0a1e449000 ---p 00025000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e449000-7f0a1e44d000 r--p 00024000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e44d000-7f0a1e44e000 rw-p 00028000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e44e000-7f0a1e609000 r-xp 00000000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e609000-7f0a1e808000 ---p 001bb000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e808000-7f0a1e80c000 r--p 001ba000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e80c000-7f0a1e80e000 rw-p 001be000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e80e000-7f0a1e813000 rw-p 00000000 00:00 0
7f0a1e813000-7f0a1e81a000 r-xp 00000000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1e81a000-7f0a1ea19000 ---p 00007000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea19000-7f0a1ea1a000 r--p 00006000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea1a000-7f0a1ea1b000 rw-p 00007000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea1b000-7f0a1ea1c000 rw-p 00000000 00:00 0
7f0a1ea1c000-7f0a1ea1f000 r-xp 00000000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ea1f000-7f0a1ec1e000 ---p 00003000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec1e000-7f0a1ec1f000 r--p 00002000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec1f000-7f0a1ec20000 rw-p 00003000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec20000-7f0a1ec5d000 r-xp 00000000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ec5d000-7f0a1ee5d000 ---p 0003d000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee5d000-7f0a1ee5f000 r--p 0003d000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee5f000-7f0a1ee65000 rw-p 0003f000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee65000-7f0a1ee66000 rw-p 00000000 00:00 0
7f0a1ee66000-7f0a1ee75000 r-xp 00000000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1ee75000-7f0a1f074000 ---p 0000f000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f074000-7f0a1f075000 r--p 0000e000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f075000-7f0a1f076000 rw-p 0000f000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f076000-7f0a1f08e000 r-xp 00000000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f08e000-7f0a1f28d000 ---p 00018000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28d000-7f0a1f28e000 r--p 00017000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28e000-7f0a1f28f000 rw-p 00018000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28f000-7f0a1f2a6000 r-xp 00000000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f2a6000-7f0a1f4a6000 ---p 00017000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a6000-7f0a1f4a7000 r--p 00017000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a7000-7f0a1f4a8000 rw-p 00018000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a8000-7f0a1f4aa000 rw-p 00000000 00:00 0
7f0a1f4aa000-7f0a1f4cd000 r-xp 00000000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f694000-7f0a1f699000 rw-p 00000000 00:00 0
7f0a1f6ba000-7f0a1f6c1000 r--s 00000000 08:06 12738074 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f0a1f6c1000-7f0a1f6c2000 rw-p 00000000 00:00 0
7f0a1f6c2000-7f0a1f6ca000 rw-p 00000000 00:00 0
7f0a1f6ca000-7f0a1f6cc000 rw-p 00000000 00:00 0
7f0a1f6cc000-7f0a1f6cd000 r--p 00022000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f6cd000-7f0a1f6ce000 rw-p 00023000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f6ce000-7f0a1f6cf000 rw-p 00000000 00:00 0
7fff955bb000-7fff955dd000 rw-p 00000000 00:00 0 [stack]
7fff955fe000-7fff95600000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
现在如何找到gpg二进制文本段的基地址?
分配图开头给出三个段:
00400000-004ee000 r-xp 00000000 08:06 12723157 /usr/local/bin/gpg
006ed000-006ee000 r--p 000ed000 08:06 12723157 /usr/local/bin/gpg
006ee000-006f2000 rw-p 000ee000 08:06 12723157 /usr/local/bin/gpg
r-xp是可读可执行的,所以一定是可执行的.text,其基地址是0x400000。
作为参考,r--p 段是只读的但不可执行,因此它必须是各种类型的常量,例如声明和初始化的字符串或变量const。
rw-p段是可读可写的,因此它必须是静态变量或其他在程序运行期间持续存在的数据:数据可能已初始化或未初始化。
我的目标是获取二进制 gpg 文本段的基地址,而我 运行 它是 shell 中的一个进程。
在我 运行 带有一些参数的二进制文件之后,我获得了我的进程 ID (pid)。所以我转储地图文件 /proc/pid/maps
00400000-004ee000 r-xp 00000000 08:06 12723157 /usr/local/bin/gpg
006ed000-006ee000 r--p 000ed000 08:06 12723157 /usr/local/bin/gpg
006ee000-006f2000 rw-p 000ee000 08:06 12723157 /usr/local/bin/gpg
006f2000-006f5000 rw-p 00000000 00:00 0
018f2000-01934000 rw-p 00000000 00:00 0 [heap]
7f0a1d922000-7f0a1e225000 r--p 00000000 08:06 12459144 /usr/lib/locale/locale-archive
7f0a1e225000-7f0a1e24a000 r-xp 00000000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e24a000-7f0a1e449000 ---p 00025000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e449000-7f0a1e44d000 r--p 00024000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e44d000-7f0a1e44e000 rw-p 00028000 08:06 9573637 /lib/x86_64-linux-gnu/libtinfo.so.5.9
7f0a1e44e000-7f0a1e609000 r-xp 00000000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e609000-7f0a1e808000 ---p 001bb000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e808000-7f0a1e80c000 r--p 001ba000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e80c000-7f0a1e80e000 rw-p 001be000 08:06 9574052 /lib/x86_64-linux-gnu/libc-2.19.so
7f0a1e80e000-7f0a1e813000 rw-p 00000000 00:00 0
7f0a1e813000-7f0a1e81a000 r-xp 00000000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1e81a000-7f0a1ea19000 ---p 00007000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea19000-7f0a1ea1a000 r--p 00006000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea1a000-7f0a1ea1b000 rw-p 00007000 08:06 9571938 /lib/x86_64-linux-gnu/libusb-0.1.so.4.4.4
7f0a1ea1b000-7f0a1ea1c000 rw-p 00000000 00:00 0
7f0a1ea1c000-7f0a1ea1f000 r-xp 00000000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ea1f000-7f0a1ec1e000 ---p 00003000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec1e000-7f0a1ec1f000 r--p 00002000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec1f000-7f0a1ec20000 rw-p 00003000 08:06 9574030 /lib/x86_64-linux-gnu/libdl-2.19.so
7f0a1ec20000-7f0a1ec5d000 r-xp 00000000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ec5d000-7f0a1ee5d000 ---p 0003d000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee5d000-7f0a1ee5f000 r--p 0003d000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee5f000-7f0a1ee65000 rw-p 0003f000 08:06 9573639 /lib/x86_64-linux-gnu/libreadline.so.6.3
7f0a1ee65000-7f0a1ee66000 rw-p 00000000 00:00 0
7f0a1ee66000-7f0a1ee75000 r-xp 00000000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1ee75000-7f0a1f074000 ---p 0000f000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f074000-7f0a1f075000 r--p 0000e000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f075000-7f0a1f076000 rw-p 0000f000 08:06 9571897 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f0a1f076000-7f0a1f08e000 r-xp 00000000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f08e000-7f0a1f28d000 ---p 00018000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28d000-7f0a1f28e000 r--p 00017000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28e000-7f0a1f28f000 rw-p 00018000 08:06 9573630 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f0a1f28f000-7f0a1f2a6000 r-xp 00000000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f2a6000-7f0a1f4a6000 ---p 00017000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a6000-7f0a1f4a7000 r--p 00017000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a7000-7f0a1f4a8000 rw-p 00018000 08:06 9573664 /lib/x86_64-linux-gnu/libresolv-2.19.so
7f0a1f4a8000-7f0a1f4aa000 rw-p 00000000 00:00 0
7f0a1f4aa000-7f0a1f4cd000 r-xp 00000000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f694000-7f0a1f699000 rw-p 00000000 00:00 0
7f0a1f6ba000-7f0a1f6c1000 r--s 00000000 08:06 12738074 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f0a1f6c1000-7f0a1f6c2000 rw-p 00000000 00:00 0
7f0a1f6c2000-7f0a1f6ca000 rw-p 00000000 00:00 0
7f0a1f6ca000-7f0a1f6cc000 rw-p 00000000 00:00 0
7f0a1f6cc000-7f0a1f6cd000 r--p 00022000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f6cd000-7f0a1f6ce000 rw-p 00023000 08:06 9574046 /lib/x86_64-linux-gnu/ld-2.19.so
7f0a1f6ce000-7f0a1f6cf000 rw-p 00000000 00:00 0
7fff955bb000-7fff955dd000 rw-p 00000000 00:00 0 [stack]
7fff955fe000-7fff95600000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
现在如何找到gpg二进制文本段的基地址?
分配图开头给出三个段:
00400000-004ee000 r-xp 00000000 08:06 12723157 /usr/local/bin/gpg
006ed000-006ee000 r--p 000ed000 08:06 12723157 /usr/local/bin/gpg
006ee000-006f2000 rw-p 000ee000 08:06 12723157 /usr/local/bin/gpg
r-xp是可读可执行的,所以一定是可执行的.text,其基地址是0x400000。
作为参考,r--p 段是只读的但不可执行,因此它必须是各种类型的常量,例如声明和初始化的字符串或变量const。
rw-p段是可读可写的,因此它必须是静态变量或其他在程序运行期间持续存在的数据:数据可能已初始化或未初始化。