def libc(self):
"""libc(self) -> ELF
Leak the Build ID of the remote libc.so, download the file,
and load an ``ELF`` object with the correct base address.
Returns:
An ELF object, or None.
"""
libc = 'libc.so'
with self.waitfor('Downloading libc'):
dynlib = self._dynamic_load_dynelf(libc)
self.status("Trying lookup based on Build ID")
build_id = dynlib._lookup_build_id(libc)
if not build_id:
return None
self.status("Trying lookup based on Build ID: %s" % build_id)
path = libcdb.search_by_build_id(build_id)
if not path:
return None
libc = ELF(path)
libc.address = dynlib.libbase
return libc
def libc(self):
"""libc(self) -> ELF
Leak the Build ID of the remote libc.so, download the file,
and load an ``ELF`` object with the correct base address.
Returns:
An ELF object, or None.
"""
libc = 'libc.so'
with self.waitfor('Downloading libc'):
dynlib = self._dynamic_load_dynelf(libc)
self.status("Trying lookup based on Build ID")
build_id = dynlib._lookup_build_id(libc)
if not build_id:
return None
self.status("Trying lookup based on Build ID: %s" % build_id)
path = libcdb.search_by_build_id(build_id)
if not path:
return None
libc = ELF(path)
libc.address = dynlib.libbase
return libc
def lookup(self, symb=None, lib=None):
"""lookup(symb = None, lib = None) -> int
Find the address of ``symbol``, which is found in ``lib``.
Arguments:
symb(str): Named routine to look up
If omitted, the base address of the library will be returned.
lib(str): Substring to match for the library name.
If omitted, the current library is searched.
If set to ``'libc'``, ``'libc.so'`` is assumed.
Returns:
Address of the named symbol, or :const:`None`.
"""
result = None
if lib == 'libc':
lib = 'libc.so'
#
# Get a pretty name for the symbol to show the user
#
if symb and lib:
pretty = '%r in %r' % (symb, lib)
else:
pretty = repr(symb or lib)
if not pretty:
self.failure("Must specify a library or symbol")
self.waitfor('Resolving %s' % pretty)
#
# If we are loading from a different library, create
# a DynELF instance for it.
#
if lib is not None: dynlib = self._dynamic_load_dynelf(lib)
else: dynlib = self
if dynlib is None:
log.failure("Could not find %r" % lib)
return None
#
# If we are resolving a symbol in the library, find it.
#
if symb and self.libcdb:
# Try a quick lookup by build ID
self.status("Trying lookup based on Build ID")
build_id = dynlib._lookup_build_id(lib=lib)
if build_id:
log.info("Trying lookup based on Build ID: %s" % build_id)
path = libcdb.search_by_build_id(build_id)
if path:
with context.local(log_level='error'):
e = ELF(path)
e.address = dynlib.libbase
result = e.symbols[symb]
if symb and not result:
self.status("Trying remote lookup")
result = dynlib._lookup(symb)
if not symb:
result = dynlib.libbase
#
# Did we win?
#
if result: self.success("%#x" % result)
else: self.failure("Could not find %s" % pretty)
return result
def lookup (self, symb = None, lib = None):
"""lookup(symb = None, lib = None) -> int
Find the address of ``symbol``, which is found in ``lib``.
Arguments:
symb(str): Named routine to look up
lib(str): Substring to match for the library name.
If omitted, the current library is searched.
If set to ``'libc'``, ``'libc.so'`` is assumed.
Returns:
Address of the named symbol, or :const:`None`.
"""
result = None
if lib == 'libc':
lib = 'libc.so'
#
# Get a pretty name for the symbol to show the user
#
if symb and lib:
pretty = '%r in %r' % (symb, lib)
else:
pretty = repr(symb or lib)
if not pretty:
self.failure("Must specify a library or symbol")
self.waitfor('Resolving %s' % pretty)
#
# If we are loading from a different library, create
# a DynELF instance for it.
#
if lib is not None: dynlib = self._dynamic_load_dynelf(lib)
else: dynlib = self
if dynlib is None:
log.failure("Could not find %r" % lib)
return None
#
# If we are resolving a symbol in the library, find it.
#
if symb and self.libcdb:
# Try a quick lookup by build ID
self.status("Trying lookup based on Build ID")
build_id = dynlib._lookup_build_id(lib=lib)
result = None
if build_id:
log.info("Trying lookup based on Build ID: %s" % build_id)
path = libcdb.search_by_build_id(build_id)
if path:
with context.local(log_level='error'):
e = ELF(path)
e.address = dynlib.libbase
result = e.symbols[symb]
if not result:
self.status("Trying remote lookup")
result = dynlib._lookup(symb)
else:
result = dynlib.libbase
#
# Did we win?
#
if result: self.success("%#x" % result)
else: self.failure("Could not find %s" % pretty)
return result
