Exemplo n.º 1
0
    def invoke(self, argstr, from_tty):
        '''
        Called when this Command is invoked from GDB. Prints classification of
        Inferior to GDB's STDOUT.

        Note that sys.stdout is automatically redirected to GDB's STDOUT.
        See GDB Python API documentation for details
        '''
        check_version()

        op = NiceArgParser(prog=self._cmdstr, description=self.__doc__)
        op.add_argument("-v", "--verbose", action="store_true",
                        help="print analysis info from the Inferior")
        op.add_argument("-m", "--machine", action="store_true",
                        help="Print output in a machine parsable format")
        op.add_argument("-p", "--pkl-file", type=argparse.FileType("wb"),
                        help="pickle exploitability classification object and store to PKL_FILE")
        op.add_argument("-a", "--asan-log", type=argparse.FileType(),
                        help="Symbolize and analyze AddressSanitizer output (assumes "
                        "executable is loaded) (WARNING: untested).")
        op.add_argument("-b", "--backtrace-limit", type=int,
                        help="Limit number of stack frames in backtrace to supplied value. "
                        "0 means no limit.", default=1000)

        try:
            args = op.parse_args(gdb.string_to_argv(argstr))
        except NiceArgParserExit:
            return

        import logging
        try:
            target = arch.getTarget(args.asan_log, args.backtrace_limit)
            c = classifier.Classifier().getClassification(target)
        except Exception as e:
            logging.exception(e)
            raise e

        if args.pkl_file:
            import pickle as pickle
            pickle.dump(c, args.pkl_file, 2)
            return

        if args.verbose:
            print("'exploitable' version {}".format(version))
            print(" ".join([str(i) for i in os.uname()]))
            print("Signal si_signo: {} Signal si_addr: {}".format(
                target.si_signo(), target.si_addr()))
            print("Nearby code:")
            self.print_disassembly()
            print("Stack trace:")
            print(str(target.backtrace()))
            print("Faulting frame: {}".format(target.faulting_frame()))

        if args.machine:
            print_machine_string(c, target)
        else:
            gdb.write(str(c))
        gdb.flush()
Exemplo n.º 2
0
    def invoke(self, argstr, from_tty):
        '''
        Called when this Command is invoked from GDB. Prints classification of
        Inferior to GDB's STDOUT.

        Note that sys.stdout is automatically redirected to GDB's STDOUT.
        See GDB Python API documentation for details
        '''
        check_version()

        op = NiceArgParser(prog=self._cmdstr, description=self.__doc__)
        op.add_argument("-v",
                        "--verbose",
                        action="store_true",
                        help="print analysis info from the Inferior")
        op.add_argument("-m",
                        "--machine",
                        action="store_true",
                        help="Print output in a machine parsable format")
        op.add_argument(
            "-p",
            "--pkl-file",
            type=argparse.FileType("wb"),
            help=
            "pickle exploitability classification object and store to PKL_FILE"
        )
        op.add_argument(
            "-a",
            "--asan-log",
            type=argparse.FileType(),
            help="Symbolize and analyze AddressSanitizer output (assumes "
            "executable is loaded) (WARNING: untested).")
        op.add_argument(
            "-b",
            "--backtrace-limit",
            type=int,
            help="Limit number of stack frames in backtrace to supplied value. "
            "0 means no limit.",
            default=1000)

        try:
            args = op.parse_args(gdb.string_to_argv(argstr))
        except NiceArgParserExit:
            return

        import logging
        import lib.gdb_wrapper.x86 as gdb_wrapper
        try:
            target = arch.getTarget(args.asan_log, args.backtrace_limit)
            c = classifier.Classifier().getClassification(target)
        except gdb_wrapper.NoThreadRunningError:
            # Prevent exploitable.py from raising an exception if no threads
            # are running (our target exited gracefully). These exceptions
            # would interrupt the automatic crash classification process in gdb
            # scripts that analyze many crash samples.
            c = classifier.Classification(arch.x86Target)
            dummy_tag = dict(ranking=(0, 0),
                             category="NOT_EXPLOITABLE",
                             desc="The target process exited normally.",
                             short_desc="GracefulExit",
                             explanation="The target process exited normally.",
                             hash=classifier.AttrDict(major=0, minor=0))
            c.__add__(classifier.Tag(dummy_tag))
        except gdb_wrapper.MultipleInferiorsError:
            # This is another hack to prevent exploitable from crashing
            # when the target has more than one inferior (this occurs f.e.
            # when the target spawns a shell and crashes).
            # Again we'll create a dummy classification that will hint
            # the user what happened.
            c = classifier.Classification(arch.x86Target)
            dummy_tag = dict(ranking=(0, 1),
                             category="UNKNOWN",
                             desc="The target has more than one inferior!",
                             short_desc="MultipleInferiors",
                             explanation="The target has multiple inferiors.",
                             hash=classifier.AttrDict(major=0, minor=0))
            c.__add__(classifier.Tag(dummy_tag))
        except Exception as e:
            logging.exception(e)
            raise e

        if args.pkl_file:
            import pickle as pickle
            pickle.dump(c, args.pkl_file, 2)
            return

        if args.verbose:
            print("'exploitable' version {}".format(version))
            print(" ".join([str(i) for i in os.uname()]))
            print("Signal si_signo: {} Signal si_addr: {}".format(
                target.si_signo(), target.si_addr()))
            print("Nearby code:")
            self.print_disassembly()
            print("Stack trace:")
            print(str(target.backtrace()))
            print("Faulting frame: {}".format(target.faulting_frame()))

        if args.machine:
            print_machine_string(c, target)
        else:
            gdb.write(str(c))
        gdb.flush()
Exemplo n.º 3
0
    def invoke(self, argstr, from_tty):
        '''
        Called when this Command is invoked from GDB. Prints classification of
        Inferior to GDB's STDOUT.

        Note that sys.stdout is automatically redirected to GDB's STDOUT.
        See GDB Python API documentation for details
        '''
        check_version()

        op = NiceArgParser(prog=self._cmdstr, description=self.__doc__)
        op.add_argument("-v", "--verbose", action="store_true",
            help="print analysis info from the Inferior")
        op.add_argument("-m", "--machine", action="store_true",
            help="Print output in a machine parsable format")
        op.add_argument("-p", "--pkl-file", type=argparse.FileType("wb"),
            help="pickle exploitability classification object and store to PKL_FILE")
        op.add_argument("-a", "--asan-log", type=argparse.FileType(),
            help="Symbolize and analyze AddressSanitizer output (assumes "
            "executable is loaded) (WARNING: untested).")
        op.add_argument("-b", "--backtrace-limit", type=int,
            help="Limit number of stack frames in backtrace to supplied value. "
            "0 means no limit.", default=1000)

        try:
            args = op.parse_args(gdb.string_to_argv(argstr))
        except NiceArgParserExit:
            return

        import logging
        import lib.gdb_wrapper.x86 as gdb_wrapper
        try:
            target = arch.getTarget(args.asan_log, args.backtrace_limit)
            c = classifier.Classifier().getClassification(target)
        except gdb_wrapper.NoThreadRunningError:
            # Prevent exploitable.py from raising an exception if no threads
            # are running (our target exited gracefully). These exceptions
            # would interrupt the automatic crash classification process in gdb
            # scripts that analyze many crash samples.
            c = classifier.Classification(arch.x86Target)
            dummy_tag = dict(ranking=(0, 0),
                    category="NOT_EXPLOITABLE",
                    desc="The target process exited normally.",
                    short_desc="GracefulExit",
                    explanation="The target process exited normally.",
                    hash=classifier.AttrDict(major=0, minor=0))
            c.__add__(classifier.Tag(dummy_tag))
        except gdb_wrapper.MultipleInferiorsError:
            # This is another hack to prevent exploitable from crashing
            # when the target has more than one inferior (this occurs f.e.
            # when the target spawns a shell and crashes).
            # Again we'll create a dummy classification that will hint
            # the user what happened.
            c = classifier.Classification(arch.x86Target)
            dummy_tag = dict(ranking=(0, 1),
                    category="UNKNOWN",
                    desc="The target has more than one inferior!",
                    short_desc="MultipleInferiors",
                    explanation="The target has multiple inferiors.",
                    hash=classifier.AttrDict(major=0, minor=0))
            c.__add__(classifier.Tag(dummy_tag))
        except Exception as e:
            logging.exception(e)
            raise e

        if args.pkl_file:
            import pickle as pickle
            pickle.dump(c, args.pkl_file, 2)
            return

        if args.verbose:
            print("'exploitable' version {}".format(version))
            print(" ".join([str(i) for i in os.uname()]))
            print("Signal si_signo: {} Signal si_addr: {}".format(target.si_signo(), target.si_addr()))
            print("Nearby code:")
            self.print_disassembly()
            print("Stack trace:")
            print(str(target.backtrace()))
            print("Faulting frame: {}".format(target.faulting_frame()))

        if args.machine:
            print_machine_string(c, target)
        else:
            gdb.write(str(c))
        gdb.flush()