Exemplo n.º 1
0
    def _lookup_build_id(self, lib = None):

        libbase = self.libbase

        if lib is not None:
            libbase = self.lookup(symb = None, lib = lib)

        if not libbase:
            self.status("Couldn't find libc base")
            return None

        for offset in libcdb.get_build_id_offsets():
            address = libbase + offset
            if self.leak.compare(address + 0xC, "GNU\x00"):
                return enhex(''.join(self.leak.raw(address + 0x10, 20)))
            else:
                self.status("Magic did not match")
                pass
Exemplo n.º 2
0
    def _lookup_build_id(self, lib=None):

        libbase = self.libbase
        if not self.link_map:
            self.status("No linkmap found")
            return None

        if lib is not None:
            libbase = self.lookup(symb=None, lib=lib)

        if not libbase:
            self.status("Couldn't find libc base")
            return None

        for offset in libcdb.get_build_id_offsets():
            address = libbase + offset
            if self.leak.compare(address + 0xC, b"GNU\x00"):
                return enhex(b''.join(self.leak.raw(address + 0x10, 20)))
            else:
                self.status("Build ID not found at offset %#x" % offset)
                pass