def main(args):
if len(args) != 1 and len(args) != 2:
print "usage: moneyshot dumpsym <filename> [filter]"
return
myelf = elf.fromfile(args[0])
sym_filter = ""
if len(args) == 2:
sym_filter = args[1]
if myelf.data[0:4] != "\x7F" + "ELF":
print "[!] '%s' is not a valid ELF file :(" % (file)
sys.exit(-1)
if myelf.elfwidth == 64:
sixtyfour = True
else:
sixtyfour = False
dynsym = myelf.section(".dynsym")
if dynsym == False:
print "ERROR: could not retrieve .dynsym section"
exit()
dynstr = myelf.section(".dynstr")
if dynstr == False:
print "ERROR: could not retrieve .dynstr section"
exit()
symbol_names = dynstr['data'].split("\x00")
symbol_info = {}
i = 0
while i < len(dynsym['data']):
if sixtyfour == True:
sym_entry = struct.unpack("<LQQBBH", dynsym['data'][i:(i + 24)])
i = i + 24
else:
sym_entry = struct.unpack("<LLLBBH", dynsym['data'][i:(i + 16)])
i = i + 16
name_len = dynstr['data'][(sym_entry[0] + 1):].find("\x00")
name = dynstr['data'][(sym_entry[0]):(sym_entry[0] + name_len + 1)]
if sym_filter != "" and name.find(sym_filter) == -1:
continue
fstr = colors.fg("green") + "[" + colors.bold() + "%08x" + colors.end(
) + colors.fg("green") + "]" + colors.end()
fstr += " '" + colors.fg(
"red") + colors.bold() + "%s" + colors.end() + "'"
print fstr % (sym_entry[1], name)
def do_ropfind(file, match_string):
gadgets = []
myelf = elf.fromfile(file)
if myelf.data[0:4] != "\x7F"+"ELF":
print "[!] '%s' is not a valid ELF file :(" % (file)
sys.exit(-1)
# figure out parameter
if re.search("^[0-9a-f\?]+$", match_string) != None:
pattern = match_string
else:
pattern = assemble_str(match_string)
print "[!] pattern: '%s'" % pattern
for section_name in myelf.strtable:
if section_name == "":
continue
section = myelf.section(section_name)
# check for PROGBITS type
if section['type'] != 1:
continue
matches = findstr(section['data'], pattern)
if len(matches) == 0:
continue
pstr = colors.fg('cyan') + ">> section '" + colors.bold() + section_name + colors.end()
pstr += colors.fg('cyan') + "' [" + colors.bold() + str(len(matches)) + colors.end()
pstr += colors.fg('cyan') + " hits]"
m = 0
for match in matches:
if match[1] in gadgets:
continue
if m == 0:
print pstr
m = 1
disas = disas_str(section['addr'] + match[0], binascii.unhexlify(match[1]))
fstr = colors.fg('cyan') + " \_ " + colors.fg('green') + "%08x [" + colors.bold() + match[1] + colors.end()
fstr += colors.fg('green') + "] "+ colors.bold() + "-> " + colors.end()
fstr += colors.fg('red') + ' ; '.join(disas).lower() + colors.end()
print fstr % (section['addr'] + match[0])
gadgets.append(match[1])
if m == 1:
print ""
def main(args):
if len(args) != 1 and len(args) != 2:
print "usage: moneyshot dumpsym <filename> [filter]"
return
myelf = elf.fromfile(args[0])
sym_filter = ""
if len(args) == 2:
sym_filter = args[1]
if myelf.data[0:4] != "\x7F"+"ELF":
print "[!] '%s' is not a valid ELF file :(" % (file)
sys.exit(-1)
if myelf.elfwidth == 64:
sixtyfour = True
else:
sixtyfour = False
dynsym = myelf.section(".dynsym")
if dynsym == False:
print "ERROR: could not retrieve .dynsym section"
exit()
dynstr = myelf.section(".dynstr")
if dynstr == False:
print "ERROR: could not retrieve .dynstr section"
exit()
symbol_names = dynstr['data'].split("\x00")
symbol_info = {}
i = 0
while i < len(dynsym['data']):
if sixtyfour == True:
sym_entry = struct.unpack("<LQQBBH", dynsym['data'][i:(i+24)])
i = i+24
else:
sym_entry = struct.unpack("<LLLBBH", dynsym['data'][i:(i+16)])
i = i+16
name_len = dynstr['data'][(sym_entry[0]+1):].find("\x00")
name = dynstr['data'][ (sym_entry[0]) : (sym_entry[0]+name_len+1) ]
if sym_filter != "" and name.find(sym_filter) == -1:
continue
fstr = colors.fg("green") + "[" + colors.bold() + "%08x" + colors.end() + colors.fg("green") + "]" + colors.end()
fstr += " '" + colors.fg("red") + colors.bold() + "%s" + colors.end() + "'"
print fstr % (sym_entry[1], name)
def main(args):
if len(args) != 1 and len(args) != 2:
print "usage: moneyshot dumpelf <filename> [filter]"
return
section_filter = ""
if len(args) == 2:
section_filter = args[1]
myelf = elf.fromfile(args[0])
if section_filter == "":
myelf.print_header()
myelf.print_section_headers(section_filter)
def main(args):
if len(args) != 1 and len(args) != 2:
print "usage: moneyshot dumpelf <filename> [filter]"
return
section_filter = ""
if len(args) == 2:
section_filter = args[1]
myelf = elf.fromfile(args[0])
if section_filter == "":
myelf.print_header()
myelf.print_section_headers(section_filter)
def do_ropfind(file, match_string):
gadgets = []
myelf = elf.fromfile(file)
if myelf.data[0:4] != "\x7F" + "ELF":
print "[!] '%s' is not a valid ELF file :(" % (file)
sys.exit(-1)
# figure out parameter
if re.search("^[0-9a-f\?]+$", match_string) != None:
pattern = match_string
else:
pattern = assemble_str(match_string)
print "[!] pattern: '%s'" % pattern
for section_name in myelf.strtable:
if section_name == "":
continue
section = myelf.section(section_name)
# check for PROGBITS type
if section["type"] != 1:
continue
matches = findstr(section["data"], pattern)
if len(matches) == 0:
continue
pstr = colors.fg("cyan") + ">> section '" + colors.bold() + section_name + colors.end()
pstr += colors.fg("cyan") + "' [" + colors.bold() + str(len(matches)) + colors.end()
pstr += colors.fg("cyan") + " hits]"
m = 0
for match in matches:
if match[1] in gadgets:
continue
if m == 0:
print pstr
m = 1
disas = disas_str(section["addr"] + match[0], binascii.unhexlify(match[1]), True)
fstr = colors.fg("cyan") + " \_ " + colors.fg("green") + "%08x [" + colors.bold() + match[1] + colors.end()
fstr += colors.fg("green") + "] " + colors.bold() + "-> " + colors.end()
fstr += (
colors.fg("red")
+ "("
+ colors.bold()
+ "Thumb"
+ colors.end()
+ colors.fg("red")
+ ") "
+ " ; ".join(disas).lower()
+ colors.end()
)
print fstr % (section["addr"] + match[0] + 1)
gadgets.append(match[1])
if (len(binascii.unhexlify(match[1])) % 4) == 0:
disas = disas_str(section["addr"] + match[0], binascii.unhexlify(match[1]), False)
fstr = (
colors.fg("cyan") + " \_ " + colors.fg("green") + "%08x [" + colors.bold() + match[1] + colors.end()
)
fstr += colors.fg("green") + "] " + colors.bold() + "-> " + colors.end()
fstr += (
colors.fg("red")
+ "("
+ colors.bold()
+ "ARM"
+ colors.end()
+ colors.fg("red")
+ " ) "
+ " ; ".join(disas).lower()
+ colors.end()
)
if not (len(disas) == 1 and (disas[0] == "" or disas[0] == "None")):
print fstr % (section["addr"] + match[0])
gadgets.append(match[1])
if m == 1:
print ""
