我想在python脚本中获取可执行文件的elf信息
from pwn import *
p = process("./rtl")
e = ELF("./rtl")
def slog(name, addr): return success(": ".join([name, hex(addr)]))
buf = b'A'*0x39
p.sendafter("Buf: ", buf)
p.recvuntil(buf)
cnry = u64(b'x00' + p.recvn(7))
slog('canary', cnry)
然后输入命令
$cat rtl.py
我收到一条信息
Could not allocate dynamic translator buffer
当我使用gdb和pwndbg 进行调试时,也会打印此消息
pwndbg: loaded 157 pwndbg commands and 43 shell commands. Type pwndbg [--shell | --all] [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from rtl...
(No debugging symbols found in rtl)
------- tip of the day (disable with set show-tips off) -------
The $heap_base GDB variable can be used to refer to the starting address of the heap after running the heap command
pwndbg> start
Temporary breakpoint 1 at 0x4011de
Temporary breakpoint 1, 0x00000000004011de in main ()
Could not allocate dynamic translator buffer
我需要使用x86英特尔架构进行调试,但我的笔记本电脑是m1 macbook。所以我使用的是amazon ec2 ubuntu服务器cli免费层。
如何解决分配缓冲区的问题?
我在一个只有512MB内存的小型Digital Ocean液滴上使用ELF命令时遇到了同样的问题。
我认为根本的问题是ELF使用了unicon,其中包括对mmap的1073741824字节的调用。这会出错并打印您在上面收到的错误消息。这个问题记录在一些独角兽GitHub问题中,包括这个问题。
openat(AT_FDCWD, "/usr/local/lib/python3.10/dist-packages/unicorn/lib/libunicorn.so.2", O_RDONLY|O_CLOEXEC) = 6
read(6, "177ELF211���������3�>�1��� 242;�����"..., 832) = 832
newfstatat(6, "", {st_mode=S_IFREG|0755, st_size=24125584, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 22447520, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7fd989a00000
mmap(0x7fd989d9c000, 13496320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x39c000) = 0x7fd989d9c000
mmap(0x7fd98aa7b000, 3039232, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x107b000) = 0x7fd98aa7b000
mmap(0x7fd98ad61000, 1601536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x1360000) = 0x7fd98ad61000
mmap(0x7fd98aee8000, 525728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd98aee8000
close(6) = 0
mprotect(0x7fd98ad61000, 1064960, PROT_READ) = 0
brk(0x560dbea2a000) = 0x560dbea2a000
mmap(NULL, 1073741824, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
write(2, "Could not allocate dynamic trans"..., 45Could not allocate dynamic translator buffer
) = 45
尝试升级RAM或转移到具有更多内存的开发环境。对我来说,升级到4GB数字海洋液滴解决了这个问题。
您还可以通过编译和运行以下脚本进行测试,以确保这是根本原因。如果它完成时没有出现错误,那么您的环境应该足以执行ELF命令。
#include <stdio.h>
#include <sys/mman.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
int main() {
printf("Trying big mmapn");
void* ptr = mmap(NULL, 1073741824, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
if ((MAP_FAILED == ptr) && (errno == ENOMEM)) {
printf("ERROR: check memoryn");
}
return 0;
}