- 论坛徽章:
- 14
|
回复 5# keymirage - 0000000000400650 <main>:
- main():
- 400650: 55 push %rbp
- 400651: 48 89 e5 mov %rsp,%rbp
- 400654: 48 83 ec 20 sub $0x20,%rsp
- 400658: be 50 07 40 00 mov $0x400750,%esi
- 40065d: bf 53 07 40 00 mov $0x400753,%edi
- 400662: e8 d9 fe ff ff callq 400540 <fopen@plt>
- 400667: 48 89 45 f8 mov %rax,-0x8(%rbp)
- 40066b: 48 83 7d f8 00 cmpq $0x0,-0x8(%rbp)
- 400670: 75 14 jne 400686 <main+0x36>
- 400672: bf 5c 07 40 00 mov $0x40075c,%edi
- 400677: e8 74 fe ff ff callq 4004f0 <puts@plt>
- 40067c: bf 01 00 00 00 mov $0x1,%edi
- 400681: e8 ca fe ff ff callq 400550 <exit@plt>
- 400686: 48 8b 55 f8 mov -0x8(%rbp),%rdx
- 40068a: 48 8d 45 e0 lea -0x20(%rbp),%rax
- 40068e: 48 89 d1 mov %rdx,%rcx
- 400691: ba 00 02 00 00 mov $0x200,%edx
- 400696: be 01 00 00 00 mov $0x1,%esi
- 40069b: 48 89 c7 mov %rax,%rdi
- 40069e: e8 5d fe ff ff callq 400500 <fread@plt>
- 4006a3: 48 8b 45 f8 mov -0x8(%rbp),%rax
- 4006a7: 48 89 c7 mov %rax,%rdi
- 4006aa: e8 61 fe ff ff callq 400510 <fclose@plt>
- 4006af: c9 leaveq
- 4006b0: c3 retq
- 4006b1: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
- 4006b8: 00 00 00
- 4006bb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
复制代码 400654: 48 83 ec 20 sub $0x20,%rsp这个地方从rbp开始下拉了0x20个字节,也就是说为fpr和buffer预留了0x20个字节的位置
400667: 48 89 45 f8 mov %rax,-0x8(%rbp)这个地方将fopen的返回值赋到rbp下拉0x8字节的位置,这个地方就是fpr的首地址了
buffer也是类似,好久不看这类东西了,只能给你点分析的线索吧,你不分析服务器端的代码,怎么攻击? |
|