gpt4 book ai didi

c - -fno-builtin 到底在做什么?

转载 作者:行者123 更新时间:2023-11-30 14:42:53 26 4
gpt4 key购买 nike

所以我正在阅读Hacking the Art of Exploitation,在书中,他们在 C 代码中使用了 strcpy() 函数:

1   #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello, world!\n");
8 printf(str_a);
9 }

然后他们继续编译源代码并使用 gdb 进行分析。他在第 6 行、strcpy 函数和第 8 行设置了断点,但在 strcpy 上设置断点时,它读取以下内容:

(gdb) break strcpy
Function "strcpy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

我知道这是因为库尚未加载,所以它询问他是否想将其作为挂起的断点。然后他运行程序并继续执行断点:

image

一切对他来说都很顺利,但是当我尝试在我的计算机上重新创建它时,我得到以下信息:

frinto@kali:~/Documents/theclang/programs/helloworld$ gcc -m32 -g -o char_array char_array.c 
frinto@kali:~/Documents/theclang/programs/helloworld$ gdb -q char_array
Reading symbols from char_array...done.
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello, world!\n");
8 printf(str_a);
9 }
(gdb) break 6
Breakpoint 1 at 0x11b6: file char_array.c, line 6.
(gdb) break strcpy
Function "strcpy" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (strcpy) pending.
(gdb) break 8
Breakpoint 3 at 0x11d7: file char_array.c, line 8.
(gdb) run
Starting program: /home/frinto/Documents/theclang/programs/helloworld/char_array

Breakpoint 1, main () at char_array.c:7
7 strcpy(str_a, "Hello, world!\n");
(gdb) cont
Continuing.

Breakpoint 3, main () at char_array.c:8
8 printf(str_a);
(gdb) cont
Continuing.
Hello, world!
[Inferior 1 (process 4021) exited normally]
(gdb)

注意到它是如何完全跳过 strcpy 断点的吗?好吧,我问我的一个 friend 这里出了什么问题,他告诉我编译时缺少参数 -fno-builtin 。我对这个参数做了一些最小的谷歌搜索,我真正理解的是它可以让你在内置函数上设置断点。因此,我使用 -fno-builtin 参数编译了程序,然后尝试再次重新创建它:

frinto@kali:~/Documents/theclang/programs/helloworld$ gcc -m32 -fno-builtin -g -o char_array char_array.c 
frinto@kali:~/Documents/theclang/programs/helloworld$ gdb -q char_array
Reading symbols from char_array...done.
(gdb) list
1 #include <stdio.h>
2 #include <string.h>
3
4 int main() {
5 char str_a[20];
6
7 strcpy(str_a, "Hello, world!\n");
8 printf(str_a);
9 }
(gdb) break 6
Breakpoint 1 at 0x11c6: file char_array.c, line 6.
(gdb) break strcpy
Breakpoint 2 at 0x1040
(gdb) break 8
Breakpoint 3 at 0x11dc: file char_array.c, line 8.
(gdb) run
Starting program: /home/frinto/Documents/theclang/programs/helloworld/char_array

Breakpoint 1, main () at char_array.c:7
7 strcpy(str_a, "Hello, world!\n");
(gdb) cont
Continuing.

Breakpoint 2, 0xf7e510b0 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) cont
Continuing.

Breakpoint 3, main () at char_array.c:8
8 printf(str_a);
(gdb) cont
Continuing.
Hello, world!
[Inferior 1 (process 3969) exited normally]
(gdb)

现在可以了!我有三个问题:

  1. -fno-builtin 参数到底在做什么?
  2. 为什么显示问号而不是 strcpy 函数

断点 2, 0xf7e510b0 在 ?? () 来自/lib/i386-linux-gnu/libc.so.6

  • 当我使用 -fno-builtin 参数时,为什么它不要求将 strcpy 断点设置为待处理?
  • 抱歉,话题很长,我只是想确保一切都被理解。

    最佳答案

    来自 man gcc

    -fno-builtin
    -fno-builtin-function

    Don't recognize built-in functions that do not begin with
    __builtin_ as prefix. GCC normally generates special code to
    handle certain built-in functions more efficiently; for
    instance, calls to "alloca" may become single instructions
    which adjust the stack directly, and calls to "memcpy" may
    become inline copy loops. The resulting code is often both
    smaller and faster, but since the function calls no longer
    appear as such, you cannot set a breakpoint on those calls, nor
    can you change the behavior of the functions by linking with a
    different library. In addition, when a function is recognized
    as a built-in function, GCC may use information about that
    function to warn about problems with calls to that function, or
    to generate more efficient code, even if the resulting code
    still contains calls to that function. For example, warnings
    are given with -Wformat for bad calls to "printf" when "printf"
    is built in and "strlen" is known not to modify global memory.

    With the -fno-builtin-function option only the built-in
    function function is disabled. function must not begin with
    __builtin_. If a function is named that is not built-in in
    this version of GCC, this option is ignored. There is no
    corresponding -fbuiltin-function option; if you wish to enable
    built-in functions selectively when using -fno-builtin or
    -ffreestanding, you may define macros such as:

    #define abs(n) __builtin_abs ((n))
    #define strcpy(d, s) __builtin_strcpy ((d), (s))

    内置函数允许通过内联函数生成更快的代码,但如手册中所述

    you cannot set a breakpoint on those calls

    内联函数意味着,它的效果被编译器直接插入的代码所取代,而不是生成函数调用。这节省了函数调用,并且可以更有效地优化,并且通常会导致性能的大幅提高。

    但是,代码中不再存在内联函数。调试器断点是通过用一些软件陷阱替换特定地址处的指令或使用特定硬件来识别何时到达断点地址来实现的。但由于该函数已不存在,因此没有与其关联的地址,也无法对其进行断点。

    挂起断点是在某些代码上设置断点的方法,这些代码稍后将由程序动态加载。使用-fno-builtin,可以直接使用strcpy,并且可以通过gdb直接设置bp。

    请注意,调试需要 -g 标志生成的可执行文件中的特定信息。一般像libc这样的系统库没有嵌入调试信息,当进入这些库中的函数时,gdb通过??表示缺少调试信息。

    关于c - -fno-builtin 到底在做什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54281780/

    26 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com