异构pwn运行与调试


每次比赛碰到异构就直接放弃,趁暑假准备学一下异构程序的运行和调试。未完待续…

aarch64

环境构建

#必要环境
sudo apt update && sudo apt install -y make ninja-build pkg-config libglib2.0-dev bison flex
#安装qemu
wget https://download.qemu.org/qemu-9.0.1.tar.xz
tar xvJf qemu-9.0.1.tar.xz
cd qemu-9.0.1
./configure
make -j8
sudo make install

运行程序

-g指定端口,-L指定动态链接库,静态链接的程序无需该参数

qemu-aarch64 -g 1234 -L ./libc/libc/lib ./pwn

调试

gdb-multiarch -q ./pwn
set architecture aarch64
set endian little
add-symbol-file ./libc/libc/lib/libc-2.21.so
#连接到正在运行的pwn,端口为qemu指定的端口
target remote localhost:1234

脚本调试

from pwn import *
context(arch='aarch64', os='linux', log_level='debug')
r = process(["qemu-aarch64", "-g", "1234", "./pwn"])

  目录