arm64 pwn分享

环境搭建和例题参考这篇文章:https://www.360zhijia.com/anquan/428622.html(很详细)

但是他调试的方法有点麻烦,我就把他们都写一起了

from pwn import *
from time import sleep

context.binary = 'pwn'
context.log_level = 'debug'
context.terminal = ['gnome-terminal','-x','bash','-c']

def z(a=''):
    gdb.attach(sh,a,exe='./pwn')
    if a == '':
        raw_input()

local = 1
if local:
    server = process(['socat', 'tcp-listen:10002,fork,reuseaddr', 'exec:"qemu-aarch64 -g 1234  -L /usr/aarch64-linux-gnu ./pwn"'])
    sh = remote('0.0.0.0', 10002)
    bin = ELF('./pwn')
else:
    sh = remote('node3.buuoj.cn',27926)
    bin = ELF('./pwn')


z('target remote 0.0.0.0:1234\nb *0x00400818\n')
sh.interactive()

最前面需要context.binary = ‘pwn’,引号内为文件。这样地话pwntools的gdb.attach()就会用gdb-multiarch而不会去调用gdb了。

然后就能愉快地调试了

说点什么

avatar

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

  Subscribe  
提醒