libc_base 구하기
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | from pwn import * elf = ELF('./a.out') #rop = ROP(elf) libc = ELF("/lib/i386-linux-gnu/libc.so.6") printf_system_offset = libc.symbols['printf'] - libc.symbols['system'] printf_plt = elf.plt['printf'] printf_got = elf.got['printf'] write_plt = elf.plt['write'] write_got = elf.got['write'] libc_start_main = elf.plt['__libc_start_main'] print '[*] printf@plt : %s' % str(hex(printf_plt)) print '[*] printf@got : %s' % str(hex(printf_got)) print '[*] write@plt : %s' % str(hex(write_plt)) print '[*] write@got : %s' % str(hex(write_got)) print '[*] printf - system : %s(%s)' % (str(hex(printf_system_offset)), str(int(printf_system_offset))) print '[*] lib_strat_main : %s' % str(hex(libc_start_main)) 출처: http://crattack.tistory.com/entry/함수-offset-계산-방법 [Security & Reverse] | cs |
__libc_start_main이 libc_base인듯...?
'포너블' 카테고리의 다른 글
| gdb에서 mapping 보기 (0) | 2019.02.19 |
|---|---|
| HITCON TRAINING (0) | 2019.02.02 |
| pwntools에서 gdb사용하기 (1) | 2018.11.24 |
| Pwntools- 설치및 사용법1 (0) | 2018.07.24 |
| how2heap (0) | 2018.06.16 |