Reputation: 655
How to change the value of variable with gdb
I have a file named exploit.c inside which:
#include <stdbool.h>
#include <stdio.h>
const char y1 = 'a';
const char y2 = 'b';
const char y3 = 'x';
const char y4 = 'y';
const char y5 = 'i';
const char y6 = 'j';
char x1 = 'f' ^ 'a';
char x2 = 'l' ^ 'b';
char x3 = 'a' ^ 'x';
char x4 = 'g' ^ 'y';
char x5 = 'y' ^ 'i';
char x6 = '-' ^ 'j';
int main() {
bool c = false;
if(c) { printf("The flag is: %c%c%c%c%c%c%c%c%c%c%c\n", x1 ^ y1, x2 ^ y2, x3 ^ y3, x4 ^
y4, x4 ^ y4, x5 ^ y5, x6 ^ y6, x1 ^ y1, x2 ^ y2, x3 ^ y3, x4 ^ y4); }
return 0;
}
I know I can print out the flag by changing the value of c. But I want to do it by assembling/executing. How can I print out the flag without changing the value of boolean but with gcc and gdb?
Upvotes: 5
Views: 13261
Answers (2)
Reputation: 325
You can do it via gdb. The first thing you have to know is that c is a local variable, that means that it will be placed on the stack in an un-optimized build that doesn't optimize it away entirely and remove dead code.
At this point you have two options: you can either modify the memory location where the variable is (so somewhere on the stack) or you can use gdb assignment.
To set the memory you can use something like set *((char *) address_of_c) = 1. (bool and char have the same size on most architectures, and bool uses 0 or non-0 as false/true.) You could probably just use bool*.
With gdb assignment the same memory zone will be modified, but that depends on GDB being able to use debug symbols (created by gcc -g) to find the name and location of a local variable within this function's stack frame. That's nice if it's available: you don't have to find the address of your variable manually.
Upvotes: 4
Reputation: 655
It was pretty easy one so I could do myself:) We have exploit.c file where I need to debug it in order to get the flag with 'gcc'. I run the program with:
gcc -g exploit.c -o exploit and got 'exploit' which is executable exploit.c file.
Then: gdb exploit
We have bool c = false; on line 21, so put the break line on it:
break 21
Then: I changed the value of c by this command: set variable c = “true”
However, when I went to the next line by “next” it become false again.
So I reset the value again: set variable c = “true” and then next button:
Yay, it printed out the flag:
(gdb) next
The flag is: flaggy-flag
23 return 0;
Upvotes: 1
Related Questions
- how to switch from assembly code to c code in gdb
- Program wont run after modification in Assembly with GDB
- Find the variable change in GDB
- Reading variables while debugging with GDB (C)
- Assembly - How to see the value in a particular variable with gdb
- Print value of variable in GDB while debugging msp430
- How do I change values in gdb
- GDB Scripting Issue
- Printing Assembly Variable in GDB
- GDB : changing the assembly code of a running program