逆向工程 - 在入口点执行程序时，启动程序以代码 126 退出 - 吾爱随笔录

在入口点执行程序时，启动程序以代码 126 退出

逆向工程 x86 数据库小精灵 x86-64

2021-06-25 09:00:44

我想对程序进行逆向工程。我设法找到了入口点，但每次我想启动应用程序时，我都会遇到同样的错误`在启动程序期间以代码 126 退出。

这是我所做的：

┌──(kali㉿kali)-[~/Documents/Guessy]
└─$ gdb guessy\?token=eyJ1c2VyX2lkIjoxNDM4LCJ0ZWFtX2lkIjpudWxsLCJmaWxlX2lkIjoxNjd9.YIyJZA.QQbX2E3vChspI95coiZvSzAwDOo
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.                                                                                                                                                                                            
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from guessy?token=eyJ1c2VyX2lkIjoxNDM4LCJ0ZWFtX2lkIjpudWxsLCJmaWxlX2lkIjoxNjd9.YIyJZA.QQbX2E3vChspI95coiZvSzAwDOo...
(No debugging symbols found in guessy?token=eyJ1c2VyX2lkIjoxNDM4LCJ0ZWFtX2lkIjpudWxsLCJmaWxlX2lkIjoxNjd9.YIyJZA.QQbX2E3vChspI95coiZvSzAwDOo)
(gdb) break 1
No symbol table is loaded.  Use the "file" command.
(gdb) break 0x0000000000006160
Function "0x0000000000006160" not defined.
Make breakpoint pending on future shared library load? (y or [n]) 
(gdb) run
Starting program: /home/kali/Documents/Guessy/guessy?token=eyJ1c2VyX2lkIjoxNDM4LCJ0ZWFtX2lkIjpudWxsLCJmaWxlX2lkIjoxNjd9.YIyJZA.QQbX2E3vChspI95coiZvSzAwDOo 
zsh:1: permission denied: /home/kali/Documents/Guessy/guessy?token=eyJ1c2VyX2lkIjoxNDM4LCJ0ZWFtX2lkIjpudWxsLCJmaWxlX2lkIjoxNjd9.YIyJZA.QQbX2E3vChspI95coiZvSzAwDOo
During startup program exited with code 126.

我找到了这个入口点：

┌──(kali㉿kali)-[~/Documents/Guessy]
└─$ objdump -f /bin/ls                                                                                                                                                                                                                 130 ⨯

/bin/ls:     file format elf64-x86-64
architecture: i386:x86-64, flags 0x00000150:
HAS_SYMS, DYNAMIC, D_PAGED
start address 0x0000000000006160

1个回答

当当前用户对正在调试的二进制文件没有执行权限时，会出现 GDB 中以代码 126 退出的程序：

$ ls -l test
-rw-r--r-- 1 user01 user01 110080 May  1 22:18 test

$ gdb -q test
...
gef➤  run
Starting program: /home/user01/test 
/bin/bash: /home/user01/test: Permission denied
/bin/bash: line 0: exec: /home/user01/test: cannot execute: Permission denied
During startup program exited with code 126.

请注意，当将断点设置为特定地址时0x0000000000006160，必须使用星号：

break * 0x0000000000006160 或者 break *0x0000000000006160

以下将导致错误：

break 0x0000000000006160

在（2）中，GDB 将内存地址解释为函数名。由于没有名为的函数0x0000000000006160，它会打印错误消息

Function "0x0000000000006160" not defined.

有关 GDB 语法的更多信息，请参阅GDB 命令参考：

其它你可能感兴趣的问题

上一篇编译时如何禁用relro？下一篇试图识别这个 SOP14 芯片