在学习《程序员的自我修养》时,对其P172页图6-12 “Linux进程初始堆栈”内容的来路有点兴趣,遂花了点时间研究了下,茫然中居然试探出了条可以得到进程初始堆栈的途径……
[root@cxj /]# cat a.c
#include
#include
int main()
{
printf("hello world\n");
return 0;
}
[root@cxj /]# readelf -a a.out | head -n 11
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80482f0 %获取入口地址
[root@cxj /]# gdb a.out %载入可执行文件
GNU gdb Red Hat Linux (6.6-35.fc8rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) b *0x80482f0 %将入口地址设为断点
Breakpoint 1 at 0x80482f0
(gdb) r %启动进程
Starting program: /a.out
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/ac/2eeb206486bb7315d6ac4cd64de0cb50838ff6.debug
warning: Missing the separate debug info file: /usr/lib/debug/.build-id/ba/4ea1118691c826426e9410cafb798f25cefad5.debug
Breakpoint 1, 0x080482f0 in _start ()
(gdb) i r esp %查看栈顶指针(esp)
esp 0xbf8e5a40 0xbf8e5a40
(gdb) x/5570bw 0xbf8e5a40 %查看从esp所指位置开始足够远的存储区域内容,此处5570指查看从0xbf8e5a40开始的5570个“字”(此处为4字节)的内容
%此处取5570只是为了使往后查看的内容足够大。
%事实上我们可以从当前地址往后推最多0x3000个字节且以0x1000对齐的字节数。【经验,我并没有深究理论上的原因】
%比如 0xbf8e5a40 往后推最多0x3000个字节且保持 0x1000对齐的话将得到 0xbf8e8000
%这片区域包含的字节数换算成“字”数即为:(0xbf8e8000-0xbf8e5a40)/4 = 2416
%所以此处用比2416略大(为了得到错误)的值替换5570即可成功得到 Cannot access memory at address 0xXXXXXXXX 的错误消息(((不妨一试)))
%该错误消息可作为对当前进程的栈访问越界的标志。
%
%如果使用“ x/5570bw 0xbf8e5a40 ”命令无法得到如下所示的输出结构,不妨试试 “ x/5570x 0xbf8e5a40 ”
0xbf8e5a40: 0x00000001 0xbf8e7a98 0x00000000 0xbf8e7a9f
0xbf8e5a50: 0xbf8e7ad2 0xbf8e7aea 0xbf8e7afa 0xbf8e7b05
0xbf8e5a60: 0xbf8e7b13 0xbf8e7b30 0xbf8e7b46 0xbf8e7b64
0xbf8e5a70: 0xbf8e7b77 0xbf8e7b81 0xbf8e7bb0 0xbf8e7d73
0xbf8e5a80: 0xbf8e7d90 0xbf8e7d9b 0xbf8e7e30 0xbf8e7e4a
0xbf8e5a90: 0xbf8e7e59 0xbf8e7e88 0xbf8e7e8e 0xbf8e7ea3
0xbf8e5aa0: 0xbf8e7eb4 0xbf8e7ec7 0xbf8e7ed9 0xbf8e7ee6
0xbf8e5ab0: 0xbf8e7eef 0xbf8e7f22 0xbf8e7f2d 0xbf8e7f35
0xbf8e5ac0: 0xbf8e7f5f 0xbf8e7f6c 0xbf8e7f78 0xbf8e7f92
0xbf8e5ad0: 0xbf8e7fbe 0xbf8e7fe0 0x00000000 0x00000020
0xbf8e5ae0: 0x00110400 0x00000021 0x00110000 0x00000010
0xbf8e5af0: 0xbfebf3ff 0x00000006 0x00001000 0x00000011
0xbf8e5b00: 0x00000064 0x00000003 0x08048034 0x00000004
0xbf8e5b10: 0x00000020 0x00000005 0x00000008 0x00000007
0xbf8e5b20: 0x00000000 0x00000008 0x00000000 0x00000009
0xbf8e5b30: 0x080482f0 0x0000000b 0x00000000 0x0000000c
0xbf8e5b40: 0x00000000 0x0000000d 0x00000000 0x0000000e
0xbf8e5b50: 0x00000000 0x00000017 0x00000000 0x0000000f
0xbf8e5b60: 0xbf8e5b7b 0x00000000 0x00000000 0x00000000
0xbf8e5b70: 0x00000000 0x00000000 0x69000000 0x00363836
0xbf8e5b80: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5b90: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5ba0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5bb0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5bc0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5bd0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5be0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5bf0: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5c00: 0x00000000 0x00000000 0x00000000 0x00000000
0xbf8e5c10: 0x00000000 0x00000000 0x00000000 0x00000000
[1] [2] [3] [4] [5] [6] 下一页