intflags = DL_LOOKUP_ADD_DEPENDENCY;//156if(!RTLD_SINGLE_THREAD_P)//171{THREAD_GSCOPE_SET_FLAG();flags |= DL_LOOKUP_GSCOPE_LOCK;}#ifdef RTLD_ENABLE_FOREIGN_CALLRTLD_ENABLE_FOREIGN_CALL;#endifresult = _dl_lookup_symbol_x(strtab + sym->st_name, ...
.plt:00000000004003E6 jmp cs:_dl_runtime_resolve plt_0 endp 在push cs:linkMap后跳转至_dl_runtime_resolve函数,加上read@plt中push 0,此处即调用_dl_runtime_resolve(linkMap,0) _dl_runtime_resolve_xsavec函数分析 ;↓↓↓保存调用参数环境↓↓↓ 0x00007ffff7c17750 <+0>: push rbx 0x00007fff...
(_IO_2_1_stdout_) ◂— 0xfbad2887 17:005c│ 0xffffcf7c ◂— 0x2d /* '-' */ 18:0060│ 0xffffcf80—▸ 0xffffcfb8 ◂— 0x0 19:0064│ 0xffffcf84—▸ 0xf7fdb8d0 (_dl_runtime_resolve+16) ◂— pop edx 1a:0068│ 0xffffcf88—▸ 0xf7e1e9ac (_IO_stdfile_2_...
./pwn: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=4ee12047b4e43af214307fb515bc2ee20ed317aa, not stripped ┌──(tyd㉿kali-linux)-[~/ctf/pwn/ctfhub/leak canary] └─$ checkse...