加载指定libc

发表于 | 分类于 
1
2
3
4
user@ubuntu:~/workspace/pwn$ ldd b00ks 
	linux-vdso.so.1 =>  (0x00007fff593ea000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7856f38000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f7857505000)

elf文件运行加载指定libc,执行以下命令:

1
LD_PRELOAD=/path/to/libc.so ./binary

1
2
3
user@ubuntu:~/workspace/pwn$ LD_PRELOAD=/home/user/workspace/pwn/libc.so.6 ./b00ks
Welcome to ASISCTF book library
Enter author name:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
user@ubuntu:~$ cat /proc/4000/maps
55984bab5000-55984bab7000 r-xp 00000000 08:01 450826                     /home/user/workspace/pwn/b00ks
55984bcb6000-55984bcb7000 r--p 00001000 08:01 450826                     /home/user/workspace/pwn/b00ks
55984bcb7000-55984bcb8000 rw-p 00002000 08:01 450826                     /home/user/workspace/pwn/b00ks
7fef0e0ec000-7fef0e2ac000 r-xp 00000000 08:01 412441                     /home/user/workspace/pwn/libc.so.6
7fef0e2ac000-7fef0e4ac000 ---p 001c0000 08:01 412441                     /home/user/workspace/pwn/libc.so.6
7fef0e4ac000-7fef0e4b0000 r--p 001c0000 08:01 412441                     /home/user/workspace/pwn/libc.so.6
7fef0e4b0000-7fef0e4b2000 rw-p 001c4000 08:01 412441                     /home/user/workspace/pwn/libc.so.6
7fef0e4b2000-7fef0e4b6000 rw-p 00000000 00:00 0 
7fef0e4b6000-7fef0e4dc000 r-xp 00000000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7fef0e6d8000-7fef0e6db000 rw-p 00000000 00:00 0 
7fef0e6db000-7fef0e6dc000 r--p 00025000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7fef0e6dc000-7fef0e6dd000 rw-p 00026000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7fef0e6dd000-7fef0e6de000 rw-p 00000000 00:00 0 
7ffd24df6000-7ffd24e17000 rw-p 00000000 00:00 0                          [stack]
7ffd24e6c000-7ffd24e6f000 r--p 00000000 00:00 0                          [vvar]
7ffd24e6f000-7ffd24e71000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

可以看得出来,确实加载了指定的libc

1
2
3
user@ubuntu:~/workspace/pwn$ ./b00ks
Welcome to ASISCTF book library
Enter author name:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
user@ubuntu:~$ cat /proc/4017/maps
55ebdcb5e000-55ebdcb60000 r-xp 00000000 08:01 450826                     /home/user/workspace/pwn/b00ks
55ebdcd5f000-55ebdcd60000 r--p 00001000 08:01 450826                     /home/user/workspace/pwn/b00ks
55ebdcd60000-55ebdcd61000 rw-p 00002000 08:01 450826                     /home/user/workspace/pwn/b00ks
7f5f2f386000-7f5f2f546000 r-xp 00000000 08:01 1075242                    /lib/x86_64-linux-gnu/libc-2.23.so
7f5f2f546000-7f5f2f746000 ---p 001c0000 08:01 1075242                    /lib/x86_64-linux-gnu/libc-2.23.so
7f5f2f746000-7f5f2f74a000 r--p 001c0000 08:01 1075242                    /lib/x86_64-linux-gnu/libc-2.23.so
7f5f2f74a000-7f5f2f74c000 rw-p 001c4000 08:01 1075242                    /lib/x86_64-linux-gnu/libc-2.23.so
7f5f2f74c000-7f5f2f750000 rw-p 00000000 00:00 0 
7f5f2f750000-7f5f2f776000 r-xp 00000000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7f5f2f956000-7f5f2f959000 rw-p 00000000 00:00 0 
7f5f2f975000-7f5f2f976000 r--p 00025000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7f5f2f976000-7f5f2f977000 rw-p 00026000 08:01 1075240                    /lib/x86_64-linux-gnu/ld-2.23.so
7f5f2f977000-7f5f2f978000 rw-p 00000000 00:00 0 
7ffc3bcc1000-7ffc3bce2000 rw-p 00000000 00:00 0                          [stack]
7ffc3bcf1000-7ffc3bcf4000 r--p 00000000 00:00 0                          [vvar]
7ffc3bcf4000-7ffc3bcf6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]