c - Mac 上的 lldb 内存读取错误

Question

我正在试验 lldb 并编写了一个简单的 C 应用程序。我想使用 lldb 在终端中调试它。当我想查看堆栈帧时，出现内存读取错误:

(lldb) target create "./auth_overflow"
Current executable set to './auth_overflow' (x86_64).
(lldb) br s -l 25
Breakpoint 1: where = auth_overflow`main + 69 at auth_overflow.c:25, address = 0x0000000100000e25
(lldb) br s -l 9
Breakpoint 2: where = auth_overflow`check_authentication + 47 at auth_overflow.c:9, address = 0x0000000100000d5f
(lldb) br s -l 16
Breakpoint 3: where = auth_overflow`check_authentication + 138 at auth_overflow.c:16, address = 0x0000000100000dba
(lldb) run AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Process 413 launched: './auth_overflow' (x86_64)
Process 413 stopped
* thread #1: tid = 0x33d2, 0x0000000100000e25 auth_overflow`main(argc=2, argv=0x00007fff5fbffcc0) + 69 at auth_overflow.c:25, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
    frame #0: 0x0000000100000e25 auth_overflow`main(argc=2, argv=0x00007fff5fbffcc0) + 69 at auth_overflow.c:25
   22               exit(0);
   23           }
   24       
-> 25       if(check_authentication(argv[1])) {
   26               printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
   27               printf(" Access Granted.\n");
   28               printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
(lldb) re r esp
     esp = 0x5fbffc70
(lldb) x/16xw $esp
error: memory read failed for 0x5fbffc00
(lldb) 

你有什么建议，我应该怎么做？

编辑:实际上我不想调试应用程序，只是想看看它在较低级别上是如何工作的。因此，我想查看当前堆栈帧的内容，如下所示:

(lldb) x/16xw $esp
0xbffff7e0: 0xb8000ce0 0x00000002 0x00000000 0xb7fd6ff4
0xbffff7f0: 0x40f5f7f0 0x00000000 0x00000002 0x08048474
0xbffff800: 0x08048510 0xbffff874 0x00000001 0x00000001
0xbffff810: 0xbffff848 0x00000000 0xb8000ff4 0x08048371
(lldb)

Answer 1

这个:

Current executable set to './auth_overflow' (x86_64).

显示您使用的是 64 位计算机。既然如此，你想要 64 位 rsp注册，不是 32 位 esp登记。 esp将为您提供 rsp 内容的最低 32 位，在这种情况下显然不会为您提供有效地址。

x/16xw $rsp

是你要找的。

示例 LLDB session :

paul@horus:~/Documents/src/sandbox$ lldb ./testldb
(lldb) target create "./testldb"
Current executable set to './testldb' (x86_64).
(lldb) list testldb.c
   1    #include <stdio.h>
   2    
   3    void func(int i) {
   4        printf("In func() with value %d\n", i);
   5    }
   6    
   7    int main(void) {
   8        func(3);
   9        return 0;
   10   }
   11   
(lldb) b testldb.c:4
Breakpoint 1: where = testldb`func + 18 at testldb.c:4, address = 0x0000000100000f22
(lldb) run
Process 48270 launched: './testldb' (x86_64)
Process 48270 stopped
* thread #1: tid = 0xb8dbca, 0x0000000100000f22 testldb`func(i=3) + 18 at testldb.c:4, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
    frame #0: 0x0000000100000f22 testldb`func(i=3) + 18 at testldb.c:4
   1    #include <stdio.h>
   2    
   3    void func(int i) {
-> 4        printf("In func() with value %d\n", i);
   5    }
   6    
   7    int main(void) {
(lldb) frame variable
(int) i = 3
(lldb) print &i
(int *) $0 = 0x00007fff5fbff9dc
(lldb) register read $rsp
     rsp = 0x00007fff5fbff9d0
(lldb) x/16xw $rsp
0x7fff5fbff9d0: 0x00000000 0x00000000 0x00000000 0x00000003
0x7fff5fbff9e0: 0x5fbffa00 0x00007fff 0x00000f59 0x00000001
0x7fff5fbff9f0: 0x5fbffa18 0x00007fff 0x5fc0105e 0x00000000
0x7fff5fbffa00: 0x5fbffa18 0x00007fff 0x8fdc25fd 0x00007fff
(lldb)