Reputation: 76
Get the address of a function in libc (execve) without gdb
I'm trying to automate a return-to-libc attack based on the exploitation of a buffer overflow vulnerabulity (on a x86-32 linux machine). I need a way to find the address of execve function in libc without using gdb:
(gdb) p execve
$1 = {} 0xf7ec1b30
The ASLR protection is disabled so as to allow this technique.
Is there a way to get the address of a function in libc as execve? With a program or any other automatable way? (no gdb because isn't automatable in a bash script or a C program).
Any advice is welcome.
Upvotes: 2
Views: 3363
Answers (2)
Reputation: 96
If you are trying to get this information for a script, perhaps the nm utility would help?
example: nm {libraryPath} | grep execve
Upvotes: 0
Reputation: 25119
Is this a trick question or does something like this not work:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
main (int argc, char **argv)
{
void *a = execv;
printf ("execv is at %p\n", a);
exit (0);
}
Works here.
Upvotes: 1
Related Questions
- Managed to leak puts function address in libc, but unable to get addresses of other functions
- Getting the memory address of a function in linux x86
- How to use GDB to find what function a memory address corresponds to
- Getting the return address of a function in C
- Get Address of Pointer in gdb
- Getting the address of a function
- Getting the address of a function in C?
- Get linux executable load address (__builtin_return_address and addr2line)
- How to find a function's memory address with lldb?
- Quickly determine where a function returned