Gallopsled / pwntools / 1

Committed 22 Mar 2023 11:26AM UTC coverage: 1.304% (-70.2%) from 71.53%

Build # 1

Build Type

push

github

Committed by

web-flow

Commit Message

Add search for libc binary by leaked function addresses (#2103)

* libcdb: Add option to search by function offsets

When you're able to leak addresses of the libc library, use `libcdb.search_by_symbol_offsets()` to find and download the matching libc library from https://libc.rip.

If there are multiple matches, the user is prompted to select one interactively. The selection can be saved in the code for future executions of the script.

Fixes #1867

* libcdb: Handle multiple results when looking up by hash

Sometimes the same library appears to be indexed multiple times (see 0b52d2e71). Handle that situation by selecting the first in the list, since they should all be identical given the same hash value.

* Update CHANGELOG

* Fix off-by-one when pre-selecting a libc

* Do .json() only once

---------

Co-authored-by: Arusekk <arek_koz@o2.pl>

Run Details

2 of 5910 branches covered (0.03%)

0 of 52 new or added lines in 1 file covered. (0.0%)

11873 existing lines in 140 files now uncovered.

221 of 16952 relevant lines covered (1.3%)

0.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pwnlib/commandline/elfdiff.py

1	#!/usr/bin/env python2
UNCOV 2	from __future__ import absolute_import	×
UNCOV 3	from __future__ import division	×
4
UNCOV 5	import shutil	×
UNCOV 6	from argparse import ArgumentParser	×
UNCOV 7	from subprocess import CalledProcessError	×
UNCOV 8	from subprocess import check_output	×
UNCOV 9	from tempfile import NamedTemporaryFile	×
10
UNCOV 11	import pwnlib.args	×
UNCOV 12	pwnlib.args.free_form = False	×
13
UNCOV 14	from pwn import *	×
UNCOV 15	from pwnlib.commandline import common	×
16
17
UNCOV 18	def dump(objdump, path):	×
19	n = NamedTemporaryFile(delete=False)	×
20	o = check_output([objdump,'-d','-x','-s',path])	×
21	n.write(o)	×
22	n.flush()	×
23	return n.name	×
24
UNCOV 25	def diff(a,b):	×
26	try: return check_output(['diff',a,b], universal_newlines=True)	×
27	except CalledProcessError as e:	×
28	return e.output	×
29
UNCOV 30	p = common.parser_commands.add_parser(	×
31	'elfdiff',
32	help = 'Compare two ELF files',
33	description = 'Compare two ELF files'
34	)
35
UNCOV 36	p.add_argument('a')	×
UNCOV 37	p.add_argument('b')	×
38
UNCOV 39	def main(a):	×
40	with context.silent:	×
41	x = ELF(a.a)	×
42	y = ELF(a.b)	×
43
44	if x.arch != y.arch:	×
45	log.error("Architectures are not the same: %s vs %s" % (x.arch, y.arch))	×
46
47	context.arch = x.arch	×
48
49	objdump = pwnlib.asm.which_binutils('objdump')	×
50
51	tmp = NamedTemporaryFile()	×
52	name = tmp.name	×
53
54	shutil.copy(x.path, name)	×
55	x = dump(objdump, name)	×
56
57	shutil.copy(y.path, name)	×
58	y = dump(objdump, name)	×
59
60	print(diff(x, y))	×
61
UNCOV 62	if __name__ == '__main__':	×
63	pwnlib.commandline.common.main(__file__)	×

Gallopsled / pwntools / 1

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous