gdb에서 no debugging symbols found 라고 뜰 때는 간단하다! (물런 peda 에서,,,ㅎㅋㅋㅋㅋㅎㅋㅎㅋㅎ)
info file 이라는 명령어를 사용해서 .text 영역의 주소값을 알아온다!
gdb-peda$ info file
Symbols from "/home/ch4n3/pwn/ropasaurusrex".
Local exec file:
`/home/ch4n3/pwn/ropasaurusrex', file type elf32-i386.
Entry point: 0x8048340
0x08048114 - 0x08048127 is .interp
0x08048128 - 0x08048148 is .note.ABI-tag
0x08048148 - 0x0804816c is .note.gnu.build-id
0x0804816c - 0x08048198 is .hash
0x08048198 - 0x080481b8 is .gnu.hash
0x080481b8 - 0x08048218 is .dynsym
0x08048218 - 0x08048268 is .dynstr
0x08048268 - 0x08048274 is .gnu.version
0x08048274 - 0x08048294 is .gnu.version_r
0x08048294 - 0x0804829c is .rel.dyn
0x0804829c - 0x080482bc is .rel.plt
0x080482bc - 0x080482ec is .init
0x080482ec - 0x0804833c is .plt
0x08048340 - 0x080484ec is .text
0x080484ec - 0x08048508 is .fini
0x08048508 - 0x08048515 is .rodata
0x08048518 - 0x0804851c is .eh_frame
0x0804951c - 0x08049524 is .ctors
0x08049524 - 0x0804952c is .dtors
0x0804952c - 0x08049530 is .jcr
0x08049530 - 0x08049600 is .dynamic
0x08049600 - 0x08049604 is .got
0x08049604 - 0x08049620 is .got.plt
0x08049620 - 0x08049628 is .data
0x08049628 - 0x08049630 is .bss
gdb-peda$ disas 0x08048340, 0x080484ec
Dump of assembler code from 0x8048340 to 0x80484ec:
0x08048340: xor ebp,ebp
0x08048342: pop esi
0x08048343: mov ecx,esp
0x08048345: and esp,0xfffffff0
0x08048348: push eax
0x08048349: push esp
0x0804834a: push edx
0x0804834b: push 0x8048450
0x08048350: push 0x8048460
0x08048355: push ecx
0x08048356: push esi
0x08048357: push 0x804841d
0x0804835c: call 0x804831c <__libc_start_main@plt>
0x08048361: hlt
0x08048362: nop
0x08048363: nop
0x08048364: nop
0x08048365: nop
0x08048366: nop
0x08048367: nop
0x08048368: nop
0x08048369: nop
0x0804836a: nop
0x0804836b: nop
0x0804836c: nop
0x0804836d: nop
0x0804836e: nop
0x0804836f: nop
0x08048370: push ebp
0x08048371: mov ebp,esp
0x08048373: push ebx
0x08048374: sub esp,0x4
0x08048377: cmp BYTE PTR ds:0x8049628,0x0
0x0804837e: jne 0x80483bf
0x08048380: mov eax,ds:0x804962c
0x08048385: mov ebx,0x8049528
0x0804838a: sub ebx,0x8049524
0x08048390: sar ebx,0x2
0x08048393: sub ebx,0x1
0x08048396: cmp eax,ebx
0x08048398: jae 0x80483b8
0x0804839a: lea esi,[esi+0x0]
0x080483a0: add eax,0x1
0x080483a3: mov ds:0x804962c,eax
0x080483a8: call DWORD PTR [eax*4+0x8049524]
0x080483af: mov eax,ds:0x804962c
0x080483b4: cmp eax,ebx
0x080483b6: jb 0x80483a0
0x080483b8: mov BYTE PTR ds:0x8049628,0x1
0x080483bf: add esp,0x4
0x080483c2: pop ebx
0x080483c3: pop ebp
0x080483c4: ret
0x080483c5: lea esi,[esi+eiz*1+0x0]
0x080483c9: lea edi,[edi+eiz*1+0x0]
0x080483d0: push ebp
0x080483d1: mov ebp,esp
0x080483d3: sub esp,0x18
0x080483d6: mov eax,ds:0x804952c
0x080483db: test eax,eax
0x080483dd: je 0x80483f1
0x080483df: mov eax,0x0
0x080483e4: test eax,eax
0x080483e6: je 0x80483f1
0x080483e8: mov DWORD PTR [esp],0x804952c
0x080483ef: call eax
0x080483f1: leave
0x080483f2: ret
0x080483f3: nop
0x080483f4: push ebp
0x080483f5: mov ebp,esp
0x080483f7: sub esp,0x98
0x080483fd: mov DWORD PTR [esp+0x8],0x100
0x08048405: lea eax,[ebp-0x88]
0x0804840b: mov DWORD PTR [esp+0x4],eax
0x0804840f: mov DWORD PTR [esp],0x0
0x08048416: call 0x804832c <read@plt>
0x0804841b: leave
0x0804841c: ret
0x0804841d: push ebp
0x0804841e: mov ebp,esp
0x08048420: and esp,0xfffffff0
0x08048423: sub esp,0x10
0x08048426: call 0x80483f4
0x0804842b: mov DWORD PTR [esp+0x8],0x4
0x08048433: mov DWORD PTR [esp+0x4],0x8048510
0x0804843b: mov DWORD PTR [esp],0x1
0x08048442: call 0x804830c <write@plt>
0x08048447: leave
0x08048448: ret
0x08048449: nop
0x0804844a: nop
0x0804844b: nop
0x0804844c: nop
0x0804844d: nop
0x0804844e: nop
0x0804844f: nop
0x08048450: push ebp
0x08048451: mov ebp,esp
0x08048453: pop ebp
0x08048454: ret
0x08048455: lea esi,[esi+eiz*1+0x0]
0x08048459: lea edi,[edi+eiz*1+0x0]
0x08048460: push ebp
0x08048461: mov ebp,esp
0x08048463: push edi
0x08048464: push esi
0x08048465: push ebx
0x08048466: call 0x80484ba
0x0804846b: add ebx,0x1199
0x08048471: sub esp,0x1c
0x08048474: call 0x80482bc
0x08048479: lea edi,[ebx-0xe8]
0x0804847f: lea eax,[ebx-0xe8]
0x08048485: sub edi,eax
0x08048487: sar edi,0x2
0x0804848a: test edi,edi
0x0804848c: je 0x80484b2
0x0804848e: xor esi,esi
0x08048490: mov eax,DWORD PTR [ebp+0x10]
0x08048493: mov DWORD PTR [esp+0x8],eax
0x08048497: mov eax,DWORD PTR [ebp+0xc]
0x0804849a: mov DWORD PTR [esp+0x4],eax
0x0804849e: mov eax,DWORD PTR [ebp+0x8]
0x080484a1: mov DWORD PTR [esp],eax
0x080484a4: call DWORD PTR [ebx+esi*4-0xe8]
0x080484ab: add esi,0x1
0x080484ae: cmp esi,edi
0x080484b0: jb 0x8048490
0x080484b2: add esp,0x1c
0x080484b5: pop ebx
0x080484b6: pop esi
0x080484b7: pop edi
0x080484b8: pop ebp
0x080484b9: ret
0x080484ba: mov ebx,DWORD PTR [esp]
0x080484bd: ret
0x080484be: nop
0x080484bf: nop
0x080484c0: push ebp
0x080484c1: mov ebp,esp
0x080484c3: push ebx
0x080484c4: sub esp,0x4
0x080484c7: mov eax,ds:0x804951c
0x080484cc: cmp eax,0xffffffff
0x080484cf: je 0x80484e4
0x080484d1: mov ebx,0x804951c
0x080484d6: xchg ax,ax
0x080484d8: sub ebx,0x4
0x080484db: call eax
0x080484dd: mov eax,DWORD PTR [ebx]
0x080484df: cmp eax,0xffffffff
0x080484e2: jne 0x80484d8
0x080484e4: add esp,0x4
0x080484e7: pop ebx
0x080484e8: pop ebp
0x080484e9: ret
0x080484ea: nop
0x080484eb: nop
End of assembler dump.
gdb-peda$
개꿀팁;;;