Breakpoint 1, 0x00007ffff7de8060 in __libc_start_main () from /usr/lib/libc.so.6
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/firstlove/projects/org-ioslide/example/a.out
Breakpoint 1, 0x00007ffff7de8060 in __libc_start_main () from /usr/lib/libc.so.6
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/firstlove/projects/org-ioslide/example/a.out
Breakpoint 1, 0x00007ffff7de8060 in __libc_start_main () from /usr/lib/libc.so.6
(gdb) Quit
(gdb) quit
A debugging session is active.
Inferior 1 [process 16372] will be killed.
Quit anyway? (y or n) y
firstlove-pc% cat /proc/sys/kernel/randomize_va_space
2
IIUC, ASLR should randomize all address, including the one of libc.so
, but I found that the address of __libc_start_main()
is always 0x00007ffff7de8060
on my Linux machine, why? What is wrong?
You can easily check this by running gdb-->b main-->info proc mappings a couple of times and comparing the offsets. If they are different, your executable is probably running under ASLR. Assuming there is no ASLR protection, using gdb-->b main-->info proc mappings should give you the base address of the libc SO.
Here are two methods: 1. strings -t x -a /path/to/libc | grep "/bin/sh" --> this outputs the offset of the string in libc. Thanks for contributing an answer to Information Security Stack Exchange!
The address of an executable under linux is usually 0x400000 for 64 bit executables and 0x08048000 for 32 bit executables as defined by the gnu linker. But there's nothing stopping someone from changing the entry point to a different address.
When you run a program inside gdb
, gdb
tries to help you debugging by disabling address randomization. You can use the following command to enable it (effective from the next run of the program):
set disable-randomization off
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With