def free(everything):
global low,high
#print "FREE " + hex(everything['arg_0'])
addr = everything['arg_0']
if addr == 0:
return
size = pin.get_pointer(pin.get_pointer(everything['reg_gdi'])-guard_size)
free_list.append((addr,size+guard_size))
if low == -1:
low = addr
high = addr+size+guard_size
pin.set_pointer(everything['reg_gdi'], 0)
def realloc_after(everything):
global real
if real == 1:
pin.set_pointer((pin.get_pointer(everything['reg_gax'])), last_allocated_size)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+16+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+24+8, canary)
pin.set_pointer((pin.get_pointer(everything['reg_gax'])+last_allocated_size+32+8), canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8+last_allocated_size+32+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+16+last_allocated_size+32+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+24+last_allocated_size+32+8, canary)
pin.set_pointer(everything['reg_gax'], pin.get_pointer(everything['reg_gax'])+40)
real = 0
def malloc_after(everything):
global last_allocated_size
address = everything['return']
#print "MALLOC " + hex((pin.get_pointer(everything['reg_gax'])))
pin.set_pointer((pin.get_pointer(everything['reg_gax'])), last_allocated_size)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+16+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+24+8, canary)
pin.set_pointer((pin.get_pointer(everything['reg_gax'])+last_allocated_size+32+8), canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+8+last_allocated_size+32+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+16+last_allocated_size+32+8, canary)
pin.set_pointer(pin.get_pointer(everything['reg_gax'])+24+last_allocated_size+32+8, canary)
pin.set_pointer(everything['reg_gax'], pin.get_pointer(everything['reg_gax'])+guard_size)
def free(everything):
rdi = pin.get_pointer(everything['reg_gdi'])
f.write("free({})\n".format(hex(rdi)))
if free_list.has_key(rdi):
print "\n[+][+]Chunk {} freed more than once".format(hex(rdi))
if in_use.has_key(rdi):
size = in_use[rdi]
del in_use[rdi]
free_list[rdi] = size
def malloc_after(everything):
global size
addr = pin.get_pointer(everything['reg_gax'])
f.write("malloc({}) returns {}\n".format(size, hex(addr)))
if in_use.has_key(addr):
print "\n[+][+]Chunk {} allocated more than once".format(hex(addr))
if free_list.has_key(addr):
del free_list[addr]
in_use[addr] = size
def realloc_before(everything):
global last_allocated_size
global hit, real
if hit == 1:
hit = 0
else:
name = pin.get_pointer(everything["reg_gdi"])
size = pin.get_pointer(everything["reg_gsi"])
if((size) == 0):
pin.set_pointer(everything['reg_gdi'], 0)
pin.set_pointer(everything['reg_gsi'], 0)
elif(int(name) == 0):
return
else:
last_allocated_size = everything['arg_1']
pin.set_pointer(everything['reg_gsi'], pin.get_pointer(everything['reg_gsi'])+guard_size*2)
pin.set_pointer(everything['reg_gdi'], pin.get_pointer(everything['reg_gdi'])-(guard_size))
real = 1
hit = 1
def malloc_before(everything):
global last_allocated_size
last_allocated_size = everything['arg_0']
# print "MALLOCING: " + hex(everything['arg_0'])
new_size = guard_size*2+last_allocated_size
pin.set_pointer(everything['reg_gdi'], pin.get_pointer(everything['reg_gdi'])+guard_size*2)
def malloc_before(everything):
global size
size = pin.get_pointer(everything['reg_gdi'])
def malloc_after(x): ret = pin.get_pointer(pin.get_pointer(x['reg_gsp'])) if isMain(ret):