Vulnerability Development: Re: Is the memory map of a process different when executed in GDB?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Is the memory map of a process different when executed in GDB?

From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>
Date: Tue, 23 Sep 2008 14:36:47 -0700

On Tue, Sep 23, 2008 at 3:43 AM, Florencio Cano
<florencio.cano () gmail com> wrote:

run it inside GDB. Does GDB alter the memory map of a process when
executed inside it? In which way? Where I can read info about this?


Yes, your offsets will differ.  Put a break at start of main(),
recompile, and use something like memfetch | hexdump -C to see...
http://lcamtuf.coredump.cx/soft/memfetch.tgz

You must also remember that newer Linux distros include many security
features that randomize offsets and protect against other hackery.
Not that you can't get around them given enough information (like a
memory peek), but you should know about them.  All of this stuff is
well documented on places like milw0rm.  Regards...
-- 
Kristian Erik Hermansen
http://friendfeed.com/khermans

By Date By Thread

Current thread:

Is the memory map of a process different when executed in GDB? Florencio Cano (Sep 23)
- Re: Is the memory map of a process different when executed in GDB? Chris McCulloh (Sep 23)
- Re: Is the memory map of a process different when executed in GDB? Kristian Erik Hermansen (Sep 23)