candidates = get_numbers(f, section_names, 0xffffffff, use_segment=use_segment, no_null_bytes=True) #candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True) f.close() coins = list(set(candidates.values())) pg = PayloadGenerator() if prologue: python_code += pg.add_prologue() first = True for gap in slice_gaps: # Not elegant, but for first element, remove the initial value of accumulator register if first: first_gap = list(gap) accumulator_value += first_gap[1] - 1 first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value)) print(first_gap[1]) gap = tuple(first_gap) first = False else: accumulator_value += gap[1] print(gap, hex(gap[1])) num_ops, nums = solve_gready(coins, gap[1]) print(num_ops, nums) print_results(candidates, nums) python_code += pg.add_payload(candidates, nums, stack_frame + gap[0]) python_code += '# Accumulator register has a final value of: %d => 0x%08x' % (accumulator_value, accumulator_value) print(python_code)
try:
f = open(args.filename, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
candidates = get_numbers(f, section_names, change, exclude, use_segment,
no_null_bytes)
f.close()
if candidates != None:
unique_values = set(candidates.values())
#oper, results = solve_dp(list(unique_values), change)
oper, results = solve_gready(list(unique_values), change)
if oper != 0:
print("Found a solution using %u operations: %s" % (oper, results))
else:
print("No solution was found. Exiting...", file=stderr)
exit(2)
else:
print("Found no candidate numbers in elf file. Exiting...",
file=stderr)
exit(1)
print_results(candidates, results, duplicates, print_zero)
#print(generate_payload(candidates, results))
exit(0)
#candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True)
f.close()
coins = list(set(candidates.values()))
pg = PayloadGenerator()
if prologue:
python_code += pg.add_prologue()
first = True
for gap in slice_gaps:
# Not elegant, but for first element, remove the initial value of accumulator register
if first:
first_gap = list(gap)
accumulator_value += first_gap[1] - 1
first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value))
print(first_gap[1])
gap = tuple(first_gap)
first = False
else:
accumulator_value += gap[1]
print(gap, hex(gap[1]))
num_ops, nums = solve_gready(coins, gap[1])
print(num_ops, nums)
print_results(candidates, nums)
python_code += pg.add_payload(candidates, nums,
stack_frame + gap[0])
python_code += '# Accumulator register has a final value of: %d => 0x%08x' % (
accumulator_value, accumulator_value)
print(python_code)
section_names = (".text", ".data")
try:
f = open(args.filename, "rb")
except Exception as ex:
print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
exit(1)
candidates = get_numbers(f, section_names, change, exclude, use_segment, no_null_bytes)
f.close()
if candidates != None:
unique_values = set(candidates.values())
#oper, results = solve_dp(list(unique_values), change)
oper, results = solve_gready(list(unique_values), change)
if oper != 0:
print("Found a solution using %u operations: %s" % (oper, results))
else:
print("No solution was found. Exiting...", file=stderr)
exit(2)
else:
print("Found no candidate numbers in elf file. Exiting...", file=stderr)
exit(1)
print_results(candidates, results, duplicates, print_zero)
#print(generate_payload(candidates, results))
exit(0)
