Menu
I am trying to obtain the address (in hex) of function exit() provided in libc, but I am not sure where and how to find it.
Anyone knows the way to find it please share some idea. Thank you!
530
You can easily check this by running gdb-->b main-->info proc mappings a couple of times and comparing the offsets. If they are different, your executable is probably running under ASLR. Assuming there is no ASLR protection, using gdb-->b main-->info proc mappings should give you the base address of the libc SO.
The C standard library or libc is the standard library for the C programming language, as specified in the ISO C standard. Starting from the original ANSI C standard, it was developed at the same time as the C library POSIX specification, which is a superset of it.
The string “/bin/sh” will also be present in the libc, and thus getting a pointer is just to note the address of this string.
Both __libc_csu_init and call_init do basically the same thing: They run all constructors registered in the dynamic table entries INIT and INIT_ARRAY .
If you need the address of the exit function already present in your process, see answers by Grijesh and others. But if you need to resolve the libc exit function by name, for example because libc's exit has been shadowed by another library, you can obtain it with dlsym:
#define _GNU_SOURCE /* for RTLD_NEXT */
#include <dlfcn.h>
/* ... */
void (*exit_addr)(int) = dlsym(RTLD_NEXT, "exit");
For dlsym to resolve, you'll need to link with -ldl.
189
I think this will work:
printf("%p", (void*)exit);
IEEE Std 1003.1, 2004 Edition:
"%p"The argument shall be a pointer tovoid. The value of the pointer is converted to a sequence of printable characters, in an implementation-defined manner.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
