def libc(self): """libc(self) -> ELF Leak the Build ID of the remote libc.so, download the file, and load an ``ELF`` object with the correct base address. Returns: An ELF object, or None. """ libc = 'libc.so' with self.waitfor('Downloading libc'): dynlib = self._dynamic_load_dynelf(libc) self.status("Trying lookup based on Build ID") build_id = dynlib._lookup_build_id(libc) if not build_id: return None self.status("Trying lookup based on Build ID: %s" % build_id) path = libcdb.search_by_build_id(build_id) if not path: return None libc = ELF(path) libc.address = dynlib.libbase return libc
def libc(self): """libc(self) -> ELF Leak the Build ID of the remote libc.so, download the file, and load an ``ELF`` object with the correct base address. Returns: An ELF object, or None. """ libc = 'libc.so' with self.waitfor('Downloading libc'): dynlib = self._dynamic_load_dynelf(libc) self.status("Trying lookup based on Build ID") build_id = dynlib._lookup_build_id(libc) if not build_id: return None self.status("Trying lookup based on Build ID: %s" % build_id) path = libcdb.search_by_build_id(build_id) if not path: return None libc = ELF(path) libc.address = dynlib.libbase return libc
def lookup(self, symb=None, lib=None): """lookup(symb = None, lib = None) -> int Find the address of ``symbol``, which is found in ``lib``. Arguments: symb(str): Named routine to look up If omitted, the base address of the library will be returned. lib(str): Substring to match for the library name. If omitted, the current library is searched. If set to ``'libc'``, ``'libc.so'`` is assumed. Returns: Address of the named symbol, or :const:`None`. """ result = None if lib == 'libc': lib = 'libc.so' # # Get a pretty name for the symbol to show the user # if symb and lib: pretty = '%r in %r' % (symb, lib) else: pretty = repr(symb or lib) if not pretty: self.failure("Must specify a library or symbol") self.waitfor('Resolving %s' % pretty) # # If we are loading from a different library, create # a DynELF instance for it. # if lib is not None: dynlib = self._dynamic_load_dynelf(lib) else: dynlib = self if dynlib is None: log.failure("Could not find %r" % lib) return None # # If we are resolving a symbol in the library, find it. # if symb and self.libcdb: # Try a quick lookup by build ID self.status("Trying lookup based on Build ID") build_id = dynlib._lookup_build_id(lib=lib) if build_id: log.info("Trying lookup based on Build ID: %s" % build_id) path = libcdb.search_by_build_id(build_id) if path: with context.local(log_level='error'): e = ELF(path) e.address = dynlib.libbase result = e.symbols[symb] if symb and not result: self.status("Trying remote lookup") result = dynlib._lookup(symb) if not symb: result = dynlib.libbase # # Did we win? # if result: self.success("%#x" % result) else: self.failure("Could not find %s" % pretty) return result
def lookup (self, symb = None, lib = None): """lookup(symb = None, lib = None) -> int Find the address of ``symbol``, which is found in ``lib``. Arguments: symb(str): Named routine to look up lib(str): Substring to match for the library name. If omitted, the current library is searched. If set to ``'libc'``, ``'libc.so'`` is assumed. Returns: Address of the named symbol, or :const:`None`. """ result = None if lib == 'libc': lib = 'libc.so' # # Get a pretty name for the symbol to show the user # if symb and lib: pretty = '%r in %r' % (symb, lib) else: pretty = repr(symb or lib) if not pretty: self.failure("Must specify a library or symbol") self.waitfor('Resolving %s' % pretty) # # If we are loading from a different library, create # a DynELF instance for it. # if lib is not None: dynlib = self._dynamic_load_dynelf(lib) else: dynlib = self if dynlib is None: log.failure("Could not find %r" % lib) return None # # If we are resolving a symbol in the library, find it. # if symb and self.libcdb: # Try a quick lookup by build ID self.status("Trying lookup based on Build ID") build_id = dynlib._lookup_build_id(lib=lib) result = None if build_id: log.info("Trying lookup based on Build ID: %s" % build_id) path = libcdb.search_by_build_id(build_id) if path: with context.local(log_level='error'): e = ELF(path) e.address = dynlib.libbase result = e.symbols[symb] if not result: self.status("Trying remote lookup") result = dynlib._lookup(symb) else: result = dynlib.libbase # # Did we win? # if result: self.success("%#x" % result) else: self.failure("Could not find %s" % pretty) return result