def dump_binary(self, filename=None):
c_code = self.dump_c()
compiled_result = compilerex.compile_from_string(c_code,
filename=filename)
if filename:
return None
return compiled_result
def dump_binary(self, filename=None):
c_code = self.dump_c()
compiled_result = compilerex.compile_from_string(c_code)
if filename is not None:
with open(filename, 'w') as f:
f.write(compiled_result)
os.chmod(filename, 0755)
return None
return compiled_result
def _fixup_exploit(exploit, register):
"""
:param exploit: the peewee exploit object (should be type 1 only)
:param register: the register we are actually setting
:return: the new exploit object or None if we shouldn't create one
"""
# make compilerex executable
bin_path = os.path.join(os.path.dirname(compilerex.__file__), "../bin")
for f in os.listdir(bin_path):
os.chmod(os.path.join(bin_path, f), 0777)
os.chmod(os.path.join(bin_path, f), 0777)
c_code = str(exploit.c_code)
if c_code.startswith("//FIXED"):
return None
fixed_lines = ["//FIXED"]
for line in c_code.split("\n"):
# fix the line which sets the regnum
if "enum register_t regnum" in line:
fixed_lines.append(" enum register_t regnum = %s;" % register)
else:
fixed_lines.append(line)
new_c = "\n".join(fixed_lines)
compiled_blob = compilerex.compile_from_string(new_c)
# we keep the reliability at 0.0, however the tester needs to make sure to mark
# this exploit good for this fielding
e = Exploit.create(cs=exploit.cs,
job=exploit.job,
pov_type='type1',
method=exploit.method,
c_code=new_c,
blob=compiled_blob,
crash=exploit.crash)
e.save()
return e
