Results 1 to 13 of 13

Thread: Finding the address of an environment variable

  1. #1

    Finding the address of an environment variable

    Hello all,

    How can I find the address of an environment variable in Linux?
    For example $test=/bin/sh I want to get this address.


  2. #2
    It would appear that, like many others, you have just popped in here without actually READING THE FAQ. In that document, you will find that we expect posters on these Forums to do their own basic homework by searching on the net and then telling us they have done so and what they may have done to help themsleves.

    For example, did YOU do ANY searching for the answer to YOUR question before you posted it here?? Did you just discover something you didn't know and do nothing except post your question here?

    What search terms did you try to find the answer to your question on the net?? Any???

    Are you willing to do any of your own work or do you just want someone to GIVE you what you want???

    How about you try putting some, such a:

    how to find the $test=/bin/sh varible in Linux

    in YOUR favorite search engine and see what YOU come up with?? Then report back with your results and ask a question that shows you are actually trying to help yourself. That's all we ask.


  3. #3
    Hello JMI,

    First thank you for the response,
    I'm very sorry that this is the impression that I've showed but please let me explain. I'm reading the forums for few months now and today i decided to register myself. I've googled for about 3 hours and did some searches here before asking but still couldn't find my answer. I'm trying to understand the ret2lib attack but i need some help in it. I would be happy if you could give me some help.

    Thanks man

  4. #4

    It would appear that you have still missed the point of my comments, which was directed not just for you, but for all newcomers to these forums. The comments are not a reflection on you as a person, but on your "post" and what it shows about whether or not you have actually read our FAQ and followed its directions.

    If you say you have searched in you post, as you were directed in the FAQ to do, there would have been no reason for comment on whether or not you had done so. Since you didn't say you had searched, I reminded you, and those who will come later of our expectation that you do so.

    Second, if you have been searching for three hours and have found nothing, then perhaps you should provide information on what search terms you have been attempting and maybe someone who works with Linux can provide you with a hint.

    For example, I know very little about Linux, but I just tried the ovbious from your post:

    finding the address of an environment variable in Linux and got 713,000 hits. The second one had a rather intreging title:

    Tips For Linux - How to set Shell Environment Variables (bash shell)

    but it's only one of many.

    I just tried a second, and keep in mind I know almost nothing about now linux works, except how to give a few commands to the server.

    debugging linux environment variable

    The first on the list of 2,110,000 hits says:

    Environment Variables - Linux Commands
    LINUX BASICS. How Do I Set and Use Linux Environment Variables? Environment Variables. Environment variables in the bash shell help you in several ways. ...

    Maybe that would be of some help. So..... what have YOU been searching for?? It seems you are debugging something in Linux and want to set a breakpoint of an environmental variable called "test", but I'm just guessing.

    So why don't you explain a little more about what tools you are using and how much you may know about the tools and Linux debugging and maybe someone with those skill sets could point you in the right direction. All we want to do here is point you in a good direction, not have someone spoon feed you an answer which really "teaches" you nothing about how to find what YOU need or want.


  5. #5
    I'm trying to find a way to return to a shell in linux, the /bin/sh command is the shell command and i defined it as a environment variable, now I want to find it's address to use the ret2lib attack (Phrack 58 - ID 4) but I don't know how to find the address.

    Some of the terms I was searching were:
    "environment variable address"
    "linux environment variable address"
    "linux env var address"
    "environment variable"


  6. #6
    Something simple first. Notice what looks like a page with a down arrow on it at the bottom right of the post. That is the "Quick Reply" which gives you a Reply without quoting the post you are responding to.

    Makes your post much shorter.

    Now the second part. Did you take a look at either of the search terms I provided and see what they offered or are you still waiting for someone just to give you the answer??


  7. #7
    I read you post carefully and serached the terms you gave but without a good result, so I'm still waiting for a good answer here.

  8. #8
    So "in other words," rather than working more on your own, you are just sitting and waiting for someone else to do it for you.

    With that attitude you will never make much progress in "reverse code engineering."

    Good luck with that.


  9. #9
    you know man, your are very funny.
    let me explain you why:
    1. Ive Googled for few hours - didn't found my answer.
    2. I've searched the forum - didn't found my answer.
    3. I've read some posts in the forum - didn't found my answer.
    Now, you need to understand that I didn't asked something that is very general like "How can I reverse X or how can i reverse Y",
    my question was very specific, how can I find the address of a Linux environment variable that I defined such as /bin/sh.
    Now I wrote this question in the n00bs forum, because I didn't was to interfere some more important questions. but you that surly do not know the answer nor to guide me to the answer just keep posting. all of that because you are an admin and I'm a new user. Now that I'm a new user does not say that I have less exp. or know. then you, it's just says that I'm new here.
    I think that if you can't help just stop posting and leave the work to the pros.

  10. #10
    Registered User
    Join Date
    Nov 2009
    Hell on Earth

    JMI... JMI.... JMI... JMI...

  11. #11 or run any app under dbg, since AFAIR Linux add all env vars to the process you will have your var somewhere in memory and you can clearly read what you want (i.e. address).

    screw it, it's x-mas time:

    #include <stdio.h>
    #include <stdlib.h>
    int main(int argc, char *argv[])
       printf("%#x\n", getenv(argv[1]));
       return 0;
    and this should work.
    Last edited by cli3nt; December 24th, 2009 at 06:17. Reason: x-mas

  12. #12
    Thanks cli3nt!
    Working great!

  13. #13

    Apparently you just are not too bright. It is the function of an Administrator to administrate. If you don't like the way we administrate, you don't have to post on these Forums.

    I explained to you very carefully what we expect of new posters here and it took you four tries and you still didn't follow the clear directions which I provided. Finally, after four tries, your fifth post actually provides some of the information you should have posted in your first attempt.

    Had your fifth post's relevant information been your first post, there would have been no need for me to "administrate" at all.

    Fortunately for you, cli3nt took the time to try to provide you with code you probably could have found with a little careful searching and study of Linux coding manuals.

    And since it is almost Christmas, I cut you some slack and haven't relegated you to the "goners" category.


Similar Threads

  1. Finding memory address of a .net application at runtime?
    By mr_tex in forum The Newbie Forum
    Replies: 0
    Last Post: November 24th, 2013, 20:43
  2. Setting up a malware analysis environment
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 41
    Last Post: November 20th, 2010, 21:56
  3. Push local variable address
    By Iwarez in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: August 21st, 2010, 06:16
  4. Virtual environment to test CIH (A.K.A Chernobyl) virus?
    By neo85 in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: February 29th, 2008, 21:04


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts