代码还原动态调试之 pstree 0x68(%rbx,%rdx,8)

最新推荐文章于 2024-07-03 14:07:48 发布

xiaozhiwise

最新推荐文章于 2024-07-03 14:07:48 发布

阅读量359

点赞数 5

分类专栏： Assembly 文章标签：汇编

本文链接：https://blog.csdn.net/xiaozhiwise/article/details/139836761

版权

Assembly 专栏收录该内容

438 篇文章 3 订阅

订阅专栏

结构体里的数组访问，其中rbx是结构体的基址，rdx为数组下标，8为一个数组位占8个字节，0x68为结构体中数组的基址；

                     0                   8
(gdb) x/25xg $rbx-0xc0
0x5555555691a0: 0x0000000000000000      0x0000000000000000
0x5555555691b0: 0x0000000000000000      0x0000000000000000
0x5555555691c0: 0x0000000000000000      0x0000000000000000
0x5555555691d0: 0x0000000000000000      0x0000000000000000
0x5555555691e0: 0x0000000000000000      0x0000000000000000
0x5555555691f0: 0x0000000000000000      0x0000000000000000
0x555555569200: 0x0000000000000000      0x0000000000000000
0x555555569210: 0x0000000000000000      0x0000000000000000
0x555555569220: 0x0000000000000000      0x0000000000000000
0x555555569230: 0x0000000000000000      0x0000000000000000
0x555555569240: 0x0000000000000000      0x0000000000000000
0x555555569250: 0x0000000000000000      0x00000000000000d1
0x555555569260: 0x00646d6574737973
(gdb) x/28xg $rbx
0x555555569260: 0x00646d6574737973      0x0000000000000000      // 0x0              // 0x8
0x555555569270: 0x0000000000000000      0x0000000000000000      // 0x10             // 0x18
0x555555569280: 0x0000000000000000      0x0000000000000000      // 0x20             // 0x28
0x555555569290: 0x0000000000000000      0x0000000000000000      // 0x30             // 0x38
0x5555555692a0: 0x000000002e040000      0x0000000000000000      // 0x40             // 0x48(argv)
0x5555555692b0: 0x0000000100000000      0x0000000000000001      // 0x50(argc,pid)   // 0x58(pgid,uid)
0x5555555692c0: 0x0000000000000000      0x0000000000000000      // 0x60(ns)         // 0x68
0x5555555692d0: 0x0000000000000000      0x0000000000000000      // 0x70             // 0x78
0x5555555692e0: 0x0000000000000000      0x0000000000000000      // 0x80             // 0x88
0x5555555692f0: 0x0000000000000000      0x0000000000000000      // 0x90             // 0x98
0x555555569300: 0x0000000000000000      0x414cc616beb851ec      // 0xa0(flags)      // 0xa8(age)
0x555555569310: 0x000055555558be30      0x0000555555569330      // 0xb0(children)   // 0xb8(parent)
0x555555569320: 0x0000000000000000      0x00000000000000d1      // 0xc0(next)       // 0xc8
0x555555569330: 0x000000000000003f      0x0000000000000000      // 0xd0             // 0xd8

3dca: 48 8b 83 b8 00 00 00 mov 0xb8(%rbx),%rax // rax=r->parent

    (gdb) p/x $rax
    $3 = 0x555555569330
    (gdb) x/x $rax
    0x555555569330: 0x000000000000003f

3dd6: 44 89 e2 mov %r12d,%edx // edx=id

(gdb) p/x $edx
$10 = 0x4

3dd9: 48 8b 4c d3 68 mov 0x68(%rbx,%rdx,8),%rcx // rcx=r->ns[id]

    (gdb) x/x $rbx
    0x555555569260: 0x00646d6574737973
    (gdb) x/x $rdx
    0x4:    Cannot access memory at address 0x4
    (gdb) p/x $rdx
    $11 = 0x4
    (gdb) p/x $rcx
    $12 = 0x7ffff7e7056b
    (gdb) x/x $rcx
    0x7ffff7e7056b <__GI___close_nocancel+11>:      0x0577fffff0003d48

    (gdb) x/x $rbx+$rdx*8+0x68
    0x5555555692e8: 0x0000000000000000
    (gdb) n

    (gdb) x/x $rcx
    0x0:    Cannot access memory at address 0x0
    (gdb) p/x $rcx
    $13 = 0x0

3dde: 48 39 4c d0 68 cmp %rcx,0x68(%rax,%rdx,8) // r->parent->ns[id]