コード例 #1
0
ファイル: rop.py プロジェクト: yudevan/pwntools
 def _load32_migrate(self):
     leave = '\xc9\xc3'
     popebp = '\x5d\xc3'
     ls = []
     ps = []
     for data, addr in self.elf.executable_segments():
         idxs = pwn.findall(data, leave)
         ls += map(lambda i: i + addr, idxs)
         idxs = pwn.findall(data, popebp)
         ps += map(lambda i: i + addr, idxs)
     self._gadgets['leave'] = ls
     self._gadgets['popebp'] = ps
コード例 #2
0
ファイル: rop.py プロジェクト: hellok/pwntools-2013-5-2
 def _load32_migrate(self):
     leave = '\xc9\xc3'
     popebp = '\x5d\xc3'
     ls = []
     ps = []
     for data, addr in self.elf.executable_segments():
         idxs = pwn.findall(data, leave)
         ls += map(lambda i: i + addr, idxs)
         idxs = pwn.findall(data, popebp)
         ps += map(lambda i: i + addr, idxs)
     self._gadgets['leave'] = ls
     self._gadgets['popebp'] = ps
コード例 #3
0
ファイル: elf.py プロジェクト: 7h3rAm/pwntools
 def search(self, s, non_writable = False):
     self._load_data()
     for seg in self.segments:
         if 'W' in seg['flg'] and non_writable: continue
         off = seg['offset']
         siz = seg['filesiz']
         dat = self._data[off : off + siz]
         yield map(lambda i: i + seg['virtaddr'], pwn.findall(dat, list(s)))
コード例 #4
0
ファイル: elf.py プロジェクト: yudevan/pwntools
 def search(self, s, non_writable=False):
     self._load_data()
     for seg in self.segments:
         if 'W' in seg['flg'] and non_writable: continue
         off = seg['offset']
         siz = seg['filesiz']
         dat = self._data[off:off + siz]
         yield map(lambda i: i + seg['virtaddr'], pwn.findall(dat, list(s)))
コード例 #5
0
ファイル: rop.py プロジェクト: hellok/pwntools-2013-5-2
 def _pivot(self, args):
     pivot = None
     rets = self._gadgets['popret']
     for size in sorted(rets.keys()):
         if size >= len(args):
             pivot = rets[size][0]
             break
     if pivot is None:
         for i in pwn.findall(args, None):
             if i in rets.keys():
                 res = self._pivot(args[i + 1:])
                 if res is None: continue
                 pivot, size = res
                 args[i] = pivot
                 pivot = rets[i][0]
                 size += i + 1
                 break
     if pivot is not None:
         return (pivot, size)
コード例 #6
0
ファイル: elf.py プロジェクト: 7h3rAm/pwntools
 def replace(self, s, repl, non_writable = False, padding = '\x90'):
     import types
     self._load_data()
     for seg in self.segments:
         if 'W' in seg['flg'] and non_writable: continue
         off = seg['offset']
         siz = seg['filesiz']
         dat = self._data[off : off + siz]
         for idx in pwn.findall(dat, list(s)):
             addr = idx + seg['virtaddr']
             if isinstance(repl, types.FunctionType):
                 rep = repl(addr, s)
             else:
                 rep = repl
             if rep is None: continue
             rep = rep.ljust(len(s), padding)
             if len(rep) > len(s):
                 pwn.die('Replacement is larger than the replaced')
             self._data[off + idx : off + idx + len(s)] = rep
コード例 #7
0
ファイル: elf.py プロジェクト: yudevan/pwntools
 def replace(self, s, repl, non_writable=False, padding='\x90'):
     import types
     self._load_data()
     for seg in self.segments:
         if 'W' in seg['flg'] and non_writable: continue
         off = seg['offset']
         siz = seg['filesiz']
         dat = self._data[off:off + siz]
         for idx in pwn.findall(dat, list(s)):
             addr = idx + seg['virtaddr']
             if isinstance(repl, types.FunctionType):
                 rep = repl(addr, s)
             else:
                 rep = repl
             if rep is None: continue
             rep = rep.ljust(len(s), padding)
             if len(rep) > len(s):
                 pwn.die('Replacement is larger than the replaced')
             self._data[off + idx:off + idx + len(s)] = rep
コード例 #8
0
ファイル: rop.py プロジェクト: yudevan/pwntools
 def _pivot(self, args):
     pivot = None
     rets = self._gadgets['popret']
     for size in sorted(rets.keys()):
         if size >= len(args):
             pivot = rets[size][0]
             break
     if pivot is None:
         for i in pwn.findall(args, None):
             if i in rets.keys():
                 res = self._pivot(args[i + 1:])
                 if res is None: continue
                 pivot, size = res
                 args[i] = pivot
                 pivot = rets[i][0]
                 size += i + 1
                 break
     if pivot is not None:
         return (pivot, size)