def main(args):
if len(args.hex) > 0:
dat = ''.join(args.hex)
dat = dat.translate(None, string.whitespace)
if not set(string.hexdigits) >= set(dat):
print "This is not a hex string"
exit(-1)
dat = dat.decode('hex')
else:
dat = sys.stdin.read()
if args.color:
from pygments import highlight
from pygments.formatters import TerminalFormatter
from pwnlib.lexer import PwntoolsLexer
offsets = disasm(dat, vma=safeeval.const(args.address), instructions=False, byte=False)
bytes = disasm(dat, vma=safeeval.const(args.address), instructions=False, offset=False)
instrs = disasm(dat, vma=safeeval.const(args.address), byte=False, offset=False)
# instrs = highlight(instrs, PwntoolsLexer(), TerminalFormatter())
split = lambda x: x.splitlines()
for o,b,i in zip(*list(map(split, (offsets, bytes, instrs)))):
b = b.replace('00', text.red('00'))
b = b.replace('0a', text.red('0a'))
i = highlight(i.strip(), PwntoolsLexer(), TerminalFormatter()).strip()
i = i.replace(',',', ')
print o,b,i
return
print disasm(dat, vma=safeeval.const(args.address))
def main(args):
if len(args.hex) > 0:
dat = ''.join(args.hex).encode('utf-8', 'surrogateescape')
dat = dat.translate(None, string.whitespace.encode('ascii'))
if not set(string.hexdigits.encode('ascii')) >= set(dat):
print("This is not a hex string")
exit(-1)
dat = unhex(dat)
else:
dat = getattr(sys.stdin, 'buffer', sys.stdin).read()
if args.color:
from pygments import highlight
from pygments.formatters import TerminalFormatter
from pwnlib.lexer import PwntoolsLexer
offsets = disasm(dat, vma=safeeval.const(args.address), instructions=False, byte=False)
bytes = disasm(dat, vma=safeeval.const(args.address), instructions=False, offset=False)
instrs = disasm(dat, vma=safeeval.const(args.address), byte=False, offset=False)
# instrs = highlight(instrs, PwntoolsLexer(), TerminalFormatter())
for o,b,i in zip(*map(str.splitlines, (offsets, bytes, instrs))):
b = b.replace('00', text.red('00'))
b = b.replace('0a', text.red('0a'))
i = highlight(i.strip(), PwntoolsLexer(), TerminalFormatter()).strip()
i = i.replace(',',', ')
print(o,b,i)
return
print(disasm(dat, vma=safeeval.const(args.address)))
def main():
args = parser.parse_args()
if len(args.hex) > 0:
dat = ''.join(args.hex)
dat = re.sub(r'\s', '', dat)
if not set(string.hexdigits) >= set(dat):
print("This is not a hex string")
exit(-1)
dat = codecs.decode(dat, 'hex_codec')
else:
dat = sys.stdin.buffer.read()
if args.color:
from pygments import highlight
from pygments.formatters import TerminalFormatter
from pwnlib.lexer import PwntoolsLexer
offsets = disasm(dat,
vma=safeeval.const(args.address),
instructions=False,
byte=False)
bytes = disasm(dat,
vma=safeeval.const(args.address),
instructions=False,
offset=False)
instrs = disasm(dat,
vma=safeeval.const(args.address),
byte=False,
offset=False)
# instrs = highlight(instrs, PwntoolsLexer(), TerminalFormatter())
split = lambda x: x.splitlines()
for o, b, i in zip(*list(map(split, (offsets, bytes, instrs)))):
b = b.replace('00', text.red('00'))
b = b.replace('0a', text.red('0a'))
i = highlight(i.strip(), PwntoolsLexer(),
TerminalFormatter()).strip()
i = i.replace(',', ', ')
print(o, b, i)
return
print(disasm(dat, vma=safeeval.const(args.address)))
def main(args):
if args.list:
templates = shellcraft.templates
if args.shellcode:
templates = filter(lambda a: args.shellcode in a, templates)
elif not args.syscalls:
templates = filter(is_not_a_syscall_template, templates)
print '\n'.join(templates)
exit()
if not args.shellcode:
common.parser.print_usage()
exit()
if args.shellcode not in shellcraft.templates:
log.error(
"Unknown shellcraft template %r. Use --list to see available shellcodes."
% args.shellcode)
func = get_template(args.shellcode)
if args.show:
# remove doctests
doc = []
in_doctest = False
block_indent = None
caption = None
lines = func.__doc__.splitlines()
i = 0
while i < len(lines):
line = lines[i]
if line.lstrip().startswith('>>>'):
# this line starts a doctest
in_doctest = True
block_indent = None
if caption:
# delete back up to the caption
doc = doc[:caption - i]
caption = None
elif line == '':
# skip blank lines
pass
elif in_doctest:
# indentation marks the end of a doctest
indent = len(line) - len(line.lstrip())
if block_indent is None:
if not line.lstrip().startswith('...'):
block_indent = indent
elif indent < block_indent:
in_doctest = False
block_indent = None
# re-evalutate this line
continue
elif line.endswith(':'):
# save index of caption
caption = i
else:
# this is not blank space and we're not in a doctest, so the
# previous caption (if any) was not for a doctest
caption = None
if not in_doctest:
doc.append(line)
i += 1
print '\n'.join(doc).rstrip()
exit()
defargs = len(func.func_defaults or ())
reqargs = func.func_code.co_argcount - defargs
if len(args.args) < reqargs:
if defargs > 0:
log.critical('%s takes at least %d arguments' %
(args.shellcode, reqargs))
sys.exit(1)
else:
log.critical('%s takes exactly %d arguments' %
(args.shellcode, reqargs))
sys.exit(1)
# Captain uglyness saves the day!
for i, val in enumerate(args.args):
try:
args.args[i] = util.safeeval.expr(val)
except ValueError:
pass
# And he strikes again!
map(common.context_arg, args.shellcode.split('.'))
code = func(*args.args)
if args.before:
code = shellcraft.trap() + code
if args.after:
code = code + shellcraft.trap()
if args.format in ['a', 'asm', 'assembly']:
if args.color:
from pygments import highlight
from pygments.formatters import TerminalFormatter
from pwnlib.lexer import PwntoolsLexer
code = highlight(code, PwntoolsLexer(), TerminalFormatter())
print code
exit()
if args.format == 'p':
print cpp(code)
exit()
assembly = code
vma = args.address
if vma:
vma = eval(vma)
if args.format in ['e', 'elf']:
args.format = 'default'
try:
os.fchmod(args.out.fileno(), 0700)
except OSError:
pass
if not args.avoid:
code = read(make_elf_from_assembly(assembly, vma=vma))
else:
code = asm(assembly)
code = encode(code, args.avoid)
code = make_elf(code, vma=vma)
# code = read(make_elf(encode(asm(code), args.avoid)))
else:
code = encode(asm(assembly), args.avoid)
if args.format == 'default':
if args.out.isatty():
args.format = 'hex'
else:
args.format = 'raw'
arch = args.shellcode.split('.')[0]
if args.debug:
if not args.avoid:
proc = gdb.debug_assembly(assembly, arch=arch, vma=vma)
else:
proc = gdb.debug_shellcode(code, arch=arch, vma=vma)
proc.interactive()
sys.exit(0)
if args.run:
proc = run_shellcode(code, arch=arch)
proc.interactive()
sys.exit(0)
if args.format in ['s', 'str', 'string']:
code = _string(code)
elif args.format == 'c':
code = '{' + ', '.join(map(hex, bytearray(code))) + '}' + '\n'
elif args.format in ['h', 'hex']:
code = pwnlib.util.fiddling.enhex(code) + '\n'
elif args.format in ['i', 'hexii']:
code = hexii(code) + '\n'
elif args.format in ['d', 'escaped']:
code = ''.join('\\x%02x' % ord(c) for c in code) + '\n'
if not sys.stdin.isatty():
args.out.write(sys.stdin.read())
args.out.write(code)
def main():
# Banner must be added here so that it doesn't appear in the autodoc
# generation for command line tools
p.description = banner + p.description
args = p.parse_args()
if not args.shellcode:
print '\n'.join(shellcraft.templates)
exit()
func = shellcraft
for attr in args.shellcode.split('.'):
func = getattr(func, attr)
if args.show:
# remove doctests
doc = []
in_doctest = False
block_indent = None
caption = None
lines = func.__doc__.splitlines()
i = 0
while i < len(lines):
line = lines[i]
if line.lstrip().startswith('>>>'):
# this line starts a doctest
in_doctest = True
block_indent = None
if caption:
# delete back up to the caption
doc = doc[:caption - i]
caption = None
elif line == '':
# skip blank lines
pass
elif in_doctest:
# indentation marks the end of a doctest
indent = len(line) - len(line.lstrip())
if block_indent is None:
if not line.lstrip().startswith('...'):
block_indent = indent
elif indent < block_indent:
in_doctest = False
block_indent = None
# re-evalutate this line
continue
elif line.endswith(':'):
# save index of caption
caption = i
else:
# this is not blank space and we're not in a doctest, so the
# previous caption (if any) was not for a doctest
caption = None
if not in_doctest:
doc.append(line)
i += 1
print '\n'.join(doc).rstrip()
exit()
defargs = len(func.func_defaults or ())
reqargs = func.func_code.co_argcount - defargs
if len(args.args) < reqargs:
if defargs > 0:
log.critical('%s takes at least %d arguments' %
(args.shellcode, reqargs))
sys.exit(1)
else:
log.critical('%s takes exactly %d arguments' %
(args.shellcode, reqargs))
sys.exit(1)
# Captain uglyness saves the day!
for i, val in enumerate(args.args):
try:
args.args[i] = util.safeeval.expr(val)
except ValueError:
pass
# And he strikes again!
map(common.context_arg, args.shellcode.split('.'))
code = func(*args.args)
if args.before:
code = shellcraft.trap() + code
if args.after:
code = code + shellcraft.trap()
if args.format in ['a', 'asm', 'assembly']:
if args.color:
from pygments import highlight
from pygments.formatters import TerminalFormatter
from pwnlib.lexer import PwntoolsLexer
code = highlight(code, PwntoolsLexer(), TerminalFormatter())
print code
exit()
if args.format == 'p':
print cpp(code)
exit()
if args.format in ['e', 'elf']:
args.format = 'default'
code = read(make_elf_from_assembly(code, vma=None))
os.fchmod(args.out.fileno(), 0700)
else:
code = asm(code)
if args.format == 'default':
if args.out.isatty():
args.format = 'hex'
else:
args.format = 'raw'
arch = args.shellcode.split('.')[0]
if args.debug:
proc = gdb.debug_shellcode(code, arch=arch)
proc.interactive()
sys.exit(0)
if args.run:
proc = run_shellcode(code, arch=arch)
proc.interactive()
sys.exit(0)
if args.format in ['s', 'str', 'string']:
code = _string(code) + '"\n'
elif args.format == 'c':
code = '{' + ', '.join(map(hex, bytearray(code))) + '}' + '\n'
elif args.format in ['h', 'hex']:
code = pwnlib.util.fiddling.enhex(code) + '\n'
elif args.format in ['i', 'hexii']:
code = hexii(code) + '\n'
if not sys.stdin.isatty():
args.out.write(sys.stdin.read())
args.out.write(code)