아주 많은 방법이 있지만 간단하고 빠른 포너블을 위해 편한거로 작성합니다.
NO-PIE일 경우 : objdump -h {binary}
더보기
objdump -h binary
main: file format elf64-x86-64
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001c 00000000000002e0 00000000000002e0 000002e0 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.gnu.property 00000030 0000000000000300 0000000000000300 00000300 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 0000000000000330 0000000000000330 00000330 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .note.ABI-tag 00000020 0000000000000354 0000000000000354 00000354 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.hash 00000030 0000000000000378 0000000000000378 00000378 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynsym 00000150 00000000000003a8 00000000000003a8 000003a8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .dynstr 000000e4 00000000000004f8 00000000000004f8 000004f8 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version 0000001c 00000000000005dc 00000000000005dc 000005dc 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .gnu.version_r 00000050 00000000000005f8 00000000000005f8 000005f8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.dyn 000000f0 0000000000000648 0000000000000648 00000648 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .rela.plt 00000090 0000000000000738 0000000000000738 00000738 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
11 .init 0000001b 0000000000001000 0000000000001000 00001000 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .plt 00000070 0000000000001020 0000000000001020 00001020 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .plt.got 00000010 0000000000001090 0000000000001090 00001090 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .plt.sec 00000060 00000000000010a0 00000000000010a0 000010a0 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .text 00000395 0000000000001100 0000000000001100 00001100 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
16 .fini 0000000d 0000000000001498 0000000000001498 00001498 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
17 .rodata 00000062 0000000000002000 0000000000002000 00002000 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
18 .eh_frame_hdr 0000005c 0000000000002064 0000000000002064 00002064 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
19 .eh_frame 0000014c 00000000000020c0 00000000000020c0 000020c0 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
20 .init_array 00000008 0000000000003210 0000000000003210 00002210 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .fini_array 00000008 0000000000003218 0000000000003218 00002218 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .dynamic 000001f0 0000000000003220 0000000000003220 00002220 2**3
CONTENTS, ALLOC, LOAD, DATA
23 .got 00000070 0000000000003410 0000000000003410 00002410 2**3
CONTENTS, ALLOC, LOAD, DATA
24 .data 00000010 0000000000003480 0000000000003480 00002480 2**3
CONTENTS, ALLOC, LOAD, DATA
25 .bss 00000220 00000000000034a0 00000000000034a0 00002490 2**5
ALLOC
26 .comment 0000002b 0000000000000000 0000000000000000 00002490 2**0
CONTENTS, READONLYPIE일 경우 : gdb> info files (또는 info target)
더보기
pwndbg> info files
Symbols from "".
Native process:
Using the running image of child Thread 0x7ffff7d86740 (LWP 28381).
While running this, GDB does not access memory from...
Local exec file:
``', file type elf64-x86-64.
Entry point: 0x555555555100
0x00005555555542e0 - 0x00005555555542fc is .interp
0x0000555555554300 - 0x0000555555554330 is .note.gnu.property
0x0000555555554330 - 0x0000555555554354 is .note.gnu.build-id
0x0000555555554354 - 0x0000555555554374 is .note.ABI-tag
0x0000555555554378 - 0x00005555555543a8 is .gnu.hash
0x00005555555543a8 - 0x00005555555544f8 is .dynsym
0x00005555555544f8 - 0x00005555555545dc is .dynstr
0x00005555555545dc - 0x00005555555545f8 is .gnu.version
0x00005555555545f8 - 0x0000555555554648 is .gnu.version_r
0x0000555555554648 - 0x0000555555554738 is .rela.dyn
0x0000555555554738 - 0x00005555555547c8 is .rela.plt
0x0000555555555000 - 0x000055555555501b is .init
0x0000555555555020 - 0x0000555555555090 is .plt
0x0000555555555090 - 0x00005555555550a0 is .plt.got
0x00005555555550a0 - 0x0000555555555100 is .plt.sec
0x0000555555555100 - 0x0000555555555495 is .text
0x0000555555555498 - 0x00005555555554a5 is .fini
0x0000555555556000 - 0x0000555555556062 is .rodata
0x0000555555556064 - 0x00005555555560c0 is .eh_frame_hdr
0x00005555555560c0 - 0x000055555555620c is .eh_frame
0x0000555555557210 - 0x0000555555557218 is .init_array
0x0000555555557218 - 0x0000555555557220 is .fini_array
0x0000555555557220 - 0x0000555555557410 is .dynamic
0x0000555555557410 - 0x0000555555557480 is .got
0x0000555555557480 - 0x0000555555557490 is .data
0x00005555555574a0 - 0x00005555555576c0 is .bss
0x00007ffff7fc32a8 - 0x00007ffff7fc32c8 is .note.gnu.property in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc32c8 - 0x00007ffff7fc32ec is .note.gnu.build-id in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc32f0 - 0x00007ffff7fc342c is .hash in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3430 - 0x00007ffff7fc3590 is .gnu.hash in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3590 - 0x00007ffff7fc3950 is .dynsym in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3950 - 0x00007ffff7fc3c11 is .dynstr in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3c12 - 0x00007ffff7fc3c62 is .gnu.version in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3c68 - 0x00007ffff7fc3d54 is .gnu.version_d in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc3d58 - 0x00007ffff7fc4af0 is .rela.dyn in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc4af0 - 0x00007ffff7fc4b50 is .rela.plt in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc5000 - 0x00007ffff7fc5050 is .plt in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc5050 - 0x00007ffff7fc5090 is .plt.sec in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc5090 - 0x00007ffff7fee315 is .text in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fef000 - 0x00007ffff7ff5fc0 is .rodata in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ff5fc0 - 0x00007ffff7ff5fc1 is .stapsdt.base in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ff5fc4 - 0x00007ffff7ff6908 is .eh_frame_hdr in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ff6908 - 0x00007ffff7ff9f34 is .eh_frame in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffb620 - 0x00007ffff7ffce80 is .data.rel.ro in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffce80 - 0x00007ffff7ffcff0 is .dynamic in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffcff0 - 0x00007ffff7ffd000 is .got in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffd000 - 0x00007ffff7ffd038 is .got.plt in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffd040 - 0x00007ffff7ffe110 is .data in /lib64/ld-linux-x86-64.so.2
0x00007ffff7ffe110 - 0x00007ffff7ffe2d8 is .bss in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc1120 - 0x00007ffff7fc1164 is .hash in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1168 - 0x00007ffff7fc11b8 is .gnu.hash in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc11b8 - 0x00007ffff7fc12d8 is .dynsym in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc12d8 - 0x00007ffff7fc134a is .dynstr in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc134a - 0x00007ffff7fc1362 is .gnu.version in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1368 - 0x00007ffff7fc13a0 is .gnu.version_d in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc13a0 - 0x00007ffff7fc14b0 is .dynamic in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc14b0 - 0x00007ffff7fc1504 is .note in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1504 - 0x00007ffff7fc1540 is .eh_frame_hdr in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1540 - 0x00007ffff7fc161c is .eh_frame in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1620 - 0x00007ffff7fc1c15 is .text in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1c15 - 0x00007ffff7fc1cb1 is .altinstructions in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7fc1cb1 - 0x00007ffff7fc1ce5 is .altinstr_replacement in system-supplied DSO at 0x7ffff7fc1000
0x00007ffff7d89350 - 0x00007ffff7d89380 is .note.gnu.property in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7d89380 - 0x00007ffff7d893a4 is .note.gnu.build-id in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7d893a4 - 0x00007ffff7d893c4 is .note.ABI-tag in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7d893c8 - 0x00007ffff7d8dacc is .gnu.hash in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7d8dad0 - 0x00007ffff7d9f650 is .dynsym in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7d9f650 - 0x00007ffff7da7565 is .dynstr in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7da7566 - 0x00007ffff7da8d06 is .gnu.version in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7da8d08 - 0x00007ffff7da922c is .gnu.version_d in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7da9230 - 0x00007ffff7da9270 is .gnu.version_r in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7da9270 - 0x00007ffff7db0ad0 is .rela.dyn in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7db0ad0 - 0x00007ffff7db0fe0 is .rela.plt in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7db1000 - 0x00007ffff7db1370 is .plt in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7db1370 - 0x00007ffff7db1390 is .plt.got in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7db1390 - 0x00007ffff7db16f0 is .plt.sec in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7db1700 - 0x00007ffff7f4393d is .text in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f43940 - 0x00007ffff7f45341 is __libc_freeres_fn in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f46000 - 0x00007ffff7f6ce28 is .rodata in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f6ce28 - 0x00007ffff7f6ce29 is .stapsdt.base in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f6ce30 - 0x00007ffff7f6ce4c is .interp in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f6ce4c - 0x00007ffff7f73f20 is .eh_frame_hdr in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f73f20 - 0x00007ffff7f993e8 is .eh_frame in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f993e8 - 0x00007ffff7f999f2 is .gcc_except_table in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f999f8 - 0x00007ffff7f9d924 is .hash in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9f8f0 - 0x00007ffff7f9f900 is .tdata in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9f900 - 0x00007ffff7f9f980 is .tbss in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9f900 - 0x00007ffff7f9f910 is .init_array in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9f910 - 0x00007ffff7f9f9f8 is __libc_subfreeres in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9f9f8 - 0x00007ffff7f9fa00 is __libc_atexit in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7f9fa00 - 0x00007ffff7fa0768 is __libc_IO_vtables in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa0780 - 0x00007ffff7fa2bc0 is .data.rel.ro in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa2bc0 - 0x00007ffff7fa2d90 is .dynamic in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa2d90 - 0x00007ffff7fa3000 is .got in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa3000 - 0x00007ffff7fa31c8 is .got.plt in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa31e0 - 0x00007ffff7fa4888 is .data in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7fa48a0 - 0x00007ffff7fb1e50 is .bss in /lib/x86_64-linux-gnu/libc.so.6
'Computer Security > System Hacking' 카테고리의 다른 글
| [ptmalloc] 리눅스 동적할당 heap 하게 공부하자 (1) : chunk편 (0) | 2024.07.03 |
|---|---|
| [Sandbox] 샌드박스 보안 이해하기 : 보호 기법과 우회 방법 + Linux (0) | 2024.06.30 |
| [Privilege Escalation] pwnable 관점에서 chroot jail 탈옥하기 (0) | 2024.06.29 |
| 재밌게 하는 시스템해킹 학습 방법 (0) | 2024.06.25 |
| GCC 보호기법 해제 (0) | 2024.06.01 |