ELF 入口点无效

Question

我正在尝试在剥离的 ELF 的入口点上设置断点。 ELF 是在 Virtual Box Linux 机器上编译和剥离的。

    root@xxxx:~# readelf -e yyyy_not_patched 
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x650
  Start of program headers:          64 (bytes into file)
  Start of section headers:          6792 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         9
  Size of section headers:           64 (bytes)
  Number of section headers:         31
  Section header string table index: 30

程序头指向：

Program Headers:

  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align

PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
                 0x00000000000001f8 0x00000000000001f8  R E    0x8
INTERP         0x0000000000000238 0x0000000000000238 0x0000000000000238
                 0x000000000000001c 0x000000000000001c  R      0x1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x00000000000009ec 0x00000000000009ec  R E    0x200000
LOAD           0x0000000000000dd8 0x0000000000200dd8 0x0000000000200dd8
                 0x0000000000000268 0x0000000000000278  RW     0x200000
DYNAMIC        0x0000000000000df0 0x0000000000200df0 0x0000000000200df0
                 0x00000000000001e0 0x00000000000001e0  RW     0x8
NOTE           0x0000000000000254 0x0000000000000254 0x0000000000000254
                 0x0000000000000044 0x0000000000000044  R      0x4
GNU_EH_FRAME   0x00000000000008a0 0x00000000000008a0 0x00000000000008a0
                 0x000000000000003c 0x000000000000003c  R      0x4
GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x10
GNU_RELRO      0x0000000000000dd8 0x0000000000200dd8 0x0000000000200dd8
                 0x0000000000000228 0x0000000000000228  R      0x1
"

在 GDB 中设置断点时，我得到“无法访问地址 0x650 的内存”

root@xxxx:~# gdb yyyy_not_patched

Reading symbols from login_not_patched...(no debugging symbols found)...done.

(gdb) b *0x650
Breakpoint 1 at 0x650
(gdb) r
Starting program: /root/yyyy_not_patched
Warning:
Cannot insert breakpoint 1.
Cannot access memory at address 0x650

知道可能是什么问题吗？

Answer 1

知道可能是什么问题吗？

这个：

Type:                              DYN (Shared object file)

表示您正在查看position-independent executable（一种特殊形式的共享库）。此类可执行文件在开始运行之前会重定位到随机地址，因此在未重定位地址0x650设置断点将不起作用。

什么有效：

(gdb) set stop-on-solib-events 1
(gdb) run
(gdb) info proc map

# Figure out where the executable got loaded

(gdb) b *($exe_load_address + 0x650)

例子：

$ readelf -h a.out | grep 'Entry point'
Entry point address:               0x620

$ gdb -q ./a.out
(gdb) set stop-on-solib-events 1
(gdb) run
Starting program: /tmp/a.out 
Stopped due to shared library event (no libraries added or removed)

(gdb) info proc map 
process 67394
Mapped address spaces:

      Start Addr           End Addr       Size     Offset objfile
  0x555555554000     0x555555555000     0x1000        0x0 /tmp/a.out
  0x555555754000     0x555555756000     0x2000        0x0 /tmp/a.out
  0x7ffff7dda000     0x7ffff7dfd000    0x23000        0x0 /lib/x86_64-linux-gnu/ld-2.19.so
  ...

(gdb) b *(0x555555554000+0x620)
Breakpoint 1 at 0x555555554620
(gdb) c
Continuing.
Stopped due to shared library event:
  Inferior loaded /lib/x86_64-linux-gnu/libc.so.6
(gdb) c
Continuing.

Breakpoint 1, 0x0000555555554620 in _start ()
(gdb) bt
#0  0x0000555555554620 in _start ()