reverse knowledge
Assembly Basics
mov: data transfer instruction
CALL: 1. Push the current IP into the stack, 2. Jump to the specified position
RET: Assign the data stored in the stack to IP, and jump back
PUSH: First reduce ESP, then put the data Put in
POP: POP the data first, then add ESP
LEAVE:MOV SP,BP;POP BP
- general purpose register
- 8位AL AH BL,BH
- 16位AX BX CX DX
- 32-bit EAX EBX ECX EDX
- 64位RAX RBX RCX RDX
- Instruction pointer register: IP {points to the address of the next instruction to be valued}
- Base register: BP (pointer)
- Stack register: SP (pointer)
pointer
- A pointer to a variable holding a memory address
- A range of memory addresses (virtual addresses), all addresses seen in the debugger are virtual addresses.
- 32-bit system address range: 0x0000000-0xFFFFFFFF
- 64-bit system address range:
0x00000000000000-0xFFFFFFFFFFFFFFFF - 32-bit system pointer size: 4 bytes
- 64-bit system pointer size: 8 bytes
Data field, which stores the data in the node
Pointer field, which stores the pointer to the next node
gdb debugging
.s is the assembly code
file xxx//specify the binary file to be debugged
breakpoint xxxx//abbreviated as b next breakpoint
delete xxx//abbreviated as d delete breakpoint
information//abbreviated i view information
run//abbreviated r start executing
ni // execute next statement
BYTE in IDA 1 byte
QWORD is 4 bytes
nop The corresponding hex value is 90 90
LD_PRELOAD stealing the beam and changing the column
ptrace anti-debugging
Steps: 1. Anti-debugging
2. Initialize the linked list
3. Circulate the linked list
4. Compare and
focus on pwn