hacktricks/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses
2024-12-12 11:39:29 +01:00
..
aslr Recreating repository history 2024-12-12 11:39:29 +01:00
pie Recreating repository history 2024-12-12 11:39:29 +01:00
stack-canaries Recreating repository history 2024-12-12 11:39:29 +01:00
no-exec-nx.md Recreating repository history 2024-12-12 11:39:29 +01:00
README.md Recreating repository history 2024-12-12 11:39:29 +01:00
relro.md Recreating repository history 2024-12-12 11:39:29 +01:00

Common Binary Protections

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Enable Core files

Core files are a type of file generated by an operating system when a process crashes. These files capture the memory image of the crashed process at the time of its termination, including the process's memory, registers, and program counter state, among other details. This snapshot can be extremely valuable for debugging and understanding why the crash occurred.

Enabling Core Dump Generation

By default, many systems limit the size of core files to 0 (i.e., they do not generate core files) to save disk space. To enable the generation of core files, you can use the ulimit command (in bash or similar shells) or configure system-wide settings.

  • Using ulimit: The command ulimit -c unlimited allows the current shell session to create unlimited-sized core files. This is useful for debugging sessions but is not persistent across reboots or new sessions.
ulimit -c unlimited
  • Persistent Configuration: For a more permanent solution, you can edit the /etc/security/limits.conf file to include a line like * soft core unlimited, which allows all users to generate unlimited size core files without having to set ulimit manually in their sessions.
* soft core unlimited

Analyzing Core Files with GDB

To analyze a core file, you can use debugging tools like GDB (the GNU Debugger). Assuming you have an executable that produced a core dump and the core file is named core_file, you can start the analysis with:

gdb /path/to/executable /path/to/core_file

This command loads the executable and the core file into GDB, allowing you to inspect the state of the program at the time of the crash. You can use GDB commands to explore the stack, examine variables, and understand the cause of the crash.

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}