0

I'm solving "Attacklab touch2". Before running the code, I checked the address of "touch2" by 'info addr touch2'.

"touch2" is a function at address 0x19f9.

addr of "main" is 0x1341. Then, make the breakpoint at "getbuf" by 'b getbuf' and run the code. Now, it said.

"touch2" is a function at address 0x5555555559f9.

"main" is a function at address 0x555555555341.

If I made file named answer2.s like

pushq $0x19f9
movq $0x65d471b5, %rdi
retq

it said this is not correct answer.

Then if I tried

pushq $0x5555555559f9
movq $0x65d471b5, %rdi
retq

gcc -c answer2.s error code : answer2.s: Assembler messages: answer2.s:1: Error: operand type mismatch for `push'

How can I solve this problem?

donggeon lee
  • 1
  • 1
  • You asked for the address before the program was run and thus relocated. This is normal behavior. An address so low as 0x19f9 should raise a few flags. – Margaret Bloom Oct 12 '22 at 08:01
  • `pushq` can only take a 32-bit immediate, to be sign-extended to 64. Unfortunately GAS error messages often don't explain the real reason why an instruction couldn't be encoded; NASM tends to be better, and would warn "signed dword immediate exceeds bounds". Best bet is to use a register, like `mov $0x5555555559f9, %r11` / `jmp *%r11`. (If you're using a register, you don't need push reg/ret anymore.) – Peter Cordes Oct 12 '22 at 21:07

0 Answers0