逆向时碰到 getopt_long 函数,要进入while循环里调测一下,使用 set args -ac,这里的-不能丢,否则getopt_long返回-1。
80491a2: e8 19 fd ff ff call 8048ec0
char *option = "aAcGhH:npglsuUVZ";
int var_44 = 0;
while ((var_44 = getopt_long(argc, argv, option, buff_d8, NULL) != -1) {
switch (var_44) {
case 'u':
break;
}
}
// je 80493d1
/*80491a7: 83 f8 ff cmp $0xffffffff,%eax // eax=-1 // eax=-1, zf=1
80491aa: 0f 84 21 02 00 00 je 80493d1
80491b0: 83 e8 41 sub $0x41,%eax // eax=eax-0x41
80491b3: 83 f8 34 cmp $0x34,%eax // eax=eax-0x34
80491b6: 0f 87 87 01 00 00 ja 8049343
80491bc: ff 24 85 c0 ba 04 08 jmp *0x804bac0(,%eax,4)
80491c3: c7 05 b0 d1 04 08 01 movl $0x1,0x804d1b0
以上是反汇编代码节选,开始参数设置。
1.在调用 getopt_long 的地方打断点
b *0x80491a2
2.设置参数
set args -ac
3.查看参数
show args
4.执行
run
操作如下:
(gdb) b *0x80491a2
Breakpoint 1 at 0x80491a2
(gdb) set args aA
(gdb) show args
Argument list to give program being debugged when it is started is "aA".
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
(gdb) n
0x080491a7 in main ()
=> 0x080491a7
(gdb) n
0x080491aa in main ()
=> 0x080491aa
(gdb) n
0x080493d1 in main ()
=> 0x080493d1
设置参数失败,因为没有- 。
(gdb) set args -ac
(gdb) show args
Argument list to give program being debugged when it is started is "-ac".
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Breakpoint 1, 0x080491a2 in main ()
=> 0x080491a2
(gdb) n
0x080491a7 in main ()
=> 0x080491a7
(gdb)
0x080491aa in main ()
=> 0x080491aa
(gdb)
0x080491b0 in main ()
=> 0x080491b0
(gdb) p/x $eax
$3 = 0x61
成功进入 while 循环。
还有其他的方式,简单写一下,都差不多。
1. gdb --args ./exe -ac
或
2. gdb ./exe
run -ac