PWN中调试arm程序 Monday, January 2, 2023 本文共631字 2分钟阅读时长 tricks pwn 订阅 ⚠️本文是作者P3troL1er原创,首发于https://peterliuzhi.top/tricks/pwn%E4%B8%AD%E8%B0%83%E8%AF%95arm%E7%A8%8B%E5%BA%8F/。商业转载请联系作者获得授权,非商业转载请注明出处! Motivation is the art of getting people to do what you want them to do because they want to do it. — Dwight D. Eisenhower 初始化arm调试环境 sudo apt-get install qemu-user qemu-user-static gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu binutils-aarch64-linux-gnu-dbg build-essential qemu gdbserver gdb-multiarch libc6-arm64-cross 有些Ubuntu版本可能有些库没有,或者更名了,如果仅调试可以只用: sudo apt-get install qemu gdbserver gdb-multiarch libc6-arm64-cross 其中libc6-arm64-cross在不同系统名字可能不一样,可以使用以下指令检查: sudo apt search "libc6-" | grep "arm" 更多阅读: arm pwn入门 | blingbling’s blog 用qemu在指定端口运行程序并自动用gdb连接该程序 将下列代码保存为脚本ARM,复制到/usr/local/bin/并增加可执行权限,使用方法: ARM [端口号] [程序名] #!/bin/bash if [[ "$*" =~ "--help" ]] || [[ "$*" =~ "-h" ]]; then echo "【用法】$(basename $0) 程序运行的端口号 程序文件名" echo "脚本自动判断32位还是64位,同时设置大小端" echo "程序运行的端口号和程序文件名不得确实,不然脚本不会运行" echo "示例:" echo -e "\t$(basename $0) 1234 example" echo "By PeterLiu" exit 0 fi if [[ -z $1 ]];then echo "缺失端口号!" exit 3 elif [[ ! $1 =~ ^[0-9]+$ ]];then echo "端口号必须是数字!" exit 3 fi if [[ -z $2 ]];then echo "缺失程序名!" exit 4 fi result=`file $2` if [[ ! $result =~ "ARM" ]];then echo "不是ARM架构程序!" exit 1 fi if [[ $result =~ "32-bit" ]];then echo "$1是32位系统" qemu-arm -g $1 $2 & elif [[ $result =~ "64-bit" ]];then echo "$1是64位系统" qemu-aarch64 -L /usr/aarch64-linux-gnu -g $1 $2 & else echo "无法判断架构!" exit 2 fi endian=`readelf -h typo | grep endian` if [[ $endian =~ "little endian" ]];then gdb $2 -ex "set endian little" \ -ex "set architecture arm" \ -ex "target remote localhost:$1 " else gdb $2 -ex "set endian big" \ -ex "set architecture arm" \ -ex "target remote localhost:$1 " fi 点此订阅P3troL1er的博客! 点此复制分享二维码! 点此复制分享信息! 扫码阅读此文章 点击按钮复制分享信息 点击订阅