概述
可能为时已晚在这里,但我却能从process_vm_readv here
我们需要传递一个有效可读的远程地址,用于测试目的,我编一个简单的Hello World和使用gdb来的人复制的例子读一个有效的地址
(gdb) break main
Breakpoint 1 at 0x5a9: file hello.c, line 4.
(gdb) run
Starting program: /user/Desktop/hello
=> 0x800005a9 : sub esp,0xc
0x800005ac : lea edx,[eax-0x19b0]
0x800005b2 : push edx
0x800005b3 : mov ebx,eax
0x800005b5 : call 0x800003f0
0x800005ba : add esp,0x10
0x800005bd : nop
0x800005be : lea esp,[ebp-0x8]
0x800005c1 : pop ecx
0x800005c2 : pop ebx
(gdb) x/20b 0x800005a9
0x800005a9 : 0x83 0xec 0x0c 0x8d 0x90 0x50 0xe6 0xff
0x800005b1 : 0xff 0x52 0x89 0xc3 0xe8 0x36 0xfe 0xff
0x800005b9 : 0xff 0x83 0xc4 0x10
下面是Python代码来获取相同的结果
from ctypes import *
class iovec(Structure):
_fields_ = [("iov_base",c_void_p),("iov_len",c_size_t)]
local = (iovec*2)() #create local iovec array
remote = (iovec*1)()[0] #create remote iovec
buf1 = (c_char*10)()
buf2 = (c_char*10)()
pid = 25117
local[0].iov_base = cast(byref(buf1),c_void_p)
local[0].iov_len = 10
local[1].iov_base = cast(byref(buf2),c_void_p)
local[1].iov_len = 10
remote.iov_base = c_void_p(0x800005a9) #pass valid readable address
remote.iov_len = 20
libc = CDLL("libc.so.6")
vm = libc.process_vm_readv
vm.argtypes = [c_int, POINTER(iovec), c_ulong, POINTER(iovec), c_ulong, c_ulong]
nread = vm(pid,local,2,remote,1,0)
if nread != -1:
bytes = "[+] "
print "[+] received %s bytes" % (nread)
for i in buf1: bytes += hex(ord(i)) + " "
for i in buf2: bytes += hex(ord(i)) + " "
print bytes
输出
[email protected]:~/Desktop# python process_vm_readv.py
[+] received 20 bytes
[+] 0x83 0xec 0xc 0x8d 0x90 0x50 0xe6 0xff 0xff 0x52 0x89 0xc3 0xe8 0x36 0xfe 0xff 0xff 0x83 0xc4 0x10
最后
以上就是殷勤大山为你收集整理的linux怎么调用vm,如何在Python中调用linux系统调用PROCESS_VM_READV?的全部内容,希望文章能够帮你解决linux怎么调用vm,如何在Python中调用linux系统调用PROCESS_VM_READV?所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复