mof*_*foe 20
现在我如何到达帧的返回地址(RET)?
要获取特定函数的存储返回地址的位置,可以在该函数上放置断点并使用该info frame命令.
这是一个例子:
gdb /path/to/binary
(gdb) br main
(gdb) run
Starting program: /path/to/binary
Breakpoint 1, 0x08048480 in main ()
(gdb) info frame
Stack level 0, frame at 0xffffd700:
eip = 0x8048480 in main; saved eip = 0xf7e3ca63
Arglist at 0xffffd6f8, args:
Locals at 0xffffd6f8, Previous frame's sp is 0xffffd700
Saved registers:
ebp at 0xffffd6f8, eip at 0xffffd6fc
注意saved eip = 0xf7e3ca63和eip at 0xffffd6fc.在这种情况下,您将要覆盖该值,0xffffd6fc以便在函数返回执行时将继续存储在那里的值.