2

[b77d0424] open("etc/shadow",0_RDONLY) = -1 EACCESS (Permission denied)

every time i run [b77d0424] changed to another address

i can not use gdb b *0xb77d0424 and then c to find lib64/libc.so.6

it seems not the same mentioned in a linux programming book

after running ubuntu 13.04 in virtual box

StateBoy
  • 17
  • 5

1 Answers1

4

every time i run [b77d0424] changed to another address

This is happening because of address space layout randomization, which you can disable with setarch -R command.

GDB also disables address randomization by default, but the chance that the same address you'll get in GDB and under strace is quite small, as the execution environment under the two tools is quite different. You don't actually need to find the address under strace, you can find it in GDB:

  • catch syscall open
  • run

You are now looking at one of the open system calls your program does. Use continue until you stop at the one you are interested in. Now use info registers to find the address of the first parameter, and set a watchpoint on that address.

Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • How to use GDB to break at system call: http://stackoverflow.com/questions/8235436/how-can-i-monitor-whats-being-put-into-the-standard-out-buffer-and-break-when-a How to disable ASLR: http://stackoverflow.com/questions/11238457/disable-and-re-enable-address-space-layout-randomization-only-for-mysef – Ciro Santilli OurBigBook.com Jul 28 '15 at 13:30