C语言中二进制比较的错误
我有一个Perl程序,它连接一个套接字,在套接字上接收二进制文件,读取这个二进制文件,并与其他二进制文件进行比较,以便我知道是否有在套接字上接收的二进制文件。看: perlProgram.plC语言中二进制比较的错误,c,perl,sockets,C,Perl,Sockets,我有一个Perl程序,它连接一个套接字,在套接字上接收二进制文件,读取这个二进制文件,并与其他二进制文件进行比较,以便我知道是否有在套接字上接收的二进制文件。看: perlProgram.pl # some code here ... my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 666, Proto => 'tcp'); $sock->sockopt(SO_LINGER,
# some code here ...
my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 666, Proto => 'tcp');
$sock->sockopt(SO_LINGER, pack("ii", 1, 0));
# some code here for another porposes...
# ...
read($sock, $buff, 0xfffff);
close($sock);
if (($v = index $buff, "\xC7\x44\x24\x08\x03\x00\x00\x00\xC7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04") >= 0) {
$offset = $v;
printf "your offset is %08x\n", $offset;
} else {
if (($v = index $buff, "\x89\x44\x24\x10\xA1\xBC\xA5\x0F\x08\x89\x44\x24\x04\xe8") >= 0) {
$offset = $v;
printf "your offset is %08x\n", $offset;
} else {
print "Could not find your binaries\n";
exit;
}
}
# more code here ...
这个Perl程序运行正常,我确信我的二进制文件是在socket上运行的。
所以,我用C编写了相同的代码,但问题是:在C中,我无法验证socket上是否有我的二进制文件,但我确信这些二进制文件来自socket。看:
sameprogramminc.c:
// some code here ...
char binaries_1[]="\xc7\x44\x24\x08\x03\x00\x00\x00\xc7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04";
char binaries_2[]="\x89\x44\x24\x10\xa1\xbc\xa5\x0f\x08\x89\x44\x24\x04\xe8";
int indexOf(const unsigned char *data_buffer, const unsigned int length, const unsigned char *needle, const unsigned int needlelen) {
unsigned int i, j, index=0;
for(i=0; i < length-needlelen; i++) {
if(data_buffer[i] == needle[0]){
index=i;
for(j=1; j < needlelen; j++){
if(data_buffer[i+j] != needle[j]){
index=0;
break;
}
}
if(index == i){
return index;
}
}
}
return index;
}
int main(int argc, char *argv[]) {
int sockfd, buflen;
struct hostent *host_info;
struct sockaddr_in target_addr;
unsigned char read_buffer[0xfffff];
if((host_info = gethostbyname(argv[1])) == NULL)
fatal("looking up hostname");
if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
fatal("in socket");
target_addr.sin_family = AF_INET;
target_addr.sin_port = htons(PORT);
target_addr.sin_addr = *((struct in_addr *)host_info->h_addr);
memset(&(target_addr.sin_zero), '\0', 8); // zero the rest of the struct
if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct sockaddr)) == -1)
fatal("connecting to target server");
// some code here for another porposes...
// ...
printf("\n\t Attempting to read memory of the server...");
bzero(read_buffer, sizeof(read_buffer));
read(sockfd, read_buffer, 0xfffff);
index = indexOf(read_buffer, sizeof(read_buffer), binaries_1, sizeof(binaries_1));
if(index != 0){
printf("\n\t [+] your offset is 0x%08x", index);
} else {
index = indexOf(read_buffer, sizeof(read_buffer), binaries_2, sizeof(binaries_2));
if(index != 0){
printf("\n\t [+] your offset is 0x%08x", index);
} else {
printf("\n\t [-] Fail! Could not find your offset!");
}
}
// more code here
//这里有一些代码。。。
字符二进制文件\u 1[]=“\xc7\x44\x24\x08\x03\x00\x00\x00\xc7\x04\x24\x00\x00\x00\x00\x00\x00\x89\x44\x24\x04”;
字符二进制文件\u 2[]=“\x89\x44\x24\x10\xa1\xbc\xa5\x0f\x08\x89\x44\x24\x04\xe8”;
int indexOf(常量无符号字符*数据缓冲区,常量无符号整数长度,常量无符号字符*指针,常量无符号整数针){
无符号整数i,j,索引=0;
对于(i=0;ih_addr);
memset(&(target_addr.sin_zero),'\0',8);//将结构的其余部分归零
if(connect(sockfd,(struct sockaddr*)和target_addr,sizeof(struct sockaddr))=-1)
致命(“连接到目标服务器”);
//这里有另一个porposes的代码。。。
// ...
printf(“\n\t正在尝试读取服务器的内存…”);
bzero(read_buffer,sizeof(read_buffer));
读取(sockfd,读取缓冲区,0xfffff);
index=indexOf(read_buffer,sizeof(read_buffer),binaries_1,sizeof(binaries_1));
如果(索引!=0){
printf(“\n\t[+]您的偏移量是0x%08x”,索引);
}否则{
index=indexOf(read_buffer,sizeof(read_buffer),binaries_2,sizeof(binaries_2));
如果(索引!=0){
printf(“\n\t[+]您的偏移量是0x%08x”,索引);
}否则{
printf(“\n\t[-]失败!找不到偏移量!”);
}
}
//这里有更多代码
因此,这个C代码的工作方式与我的Perl代码不同。在运行时没有任何错误,只是C代码无法验证我的二进制文件是否存在,比如Perl代码。然后,我尝试使用
memmem
,和memcmp
和strstr
,但也不起作用。为什么不起作用?有什么问题?当您指定sizeof(binaries\u 1)时
作为搜索子字符串长度,它包含尾随的零,将其更改为sizeof(binaries_1)-1
谢谢你!它解决了我的问题。由于一个错误,我没有看到它!谢谢