Gallopsled / pwntools / 1

Committed 22 Mar 2023 11:26AM UTC coverage: 1.304% (-70.2%) from 71.53%

Build # 1

Build Type

push

github

Committed by

web-flow

Commit Message

Add search for libc binary by leaked function addresses (#2103)

* libcdb: Add option to search by function offsets

When you're able to leak addresses of the libc library, use `libcdb.search_by_symbol_offsets()` to find and download the matching libc library from https://libc.rip.

If there are multiple matches, the user is prompted to select one interactively. The selection can be saved in the code for future executions of the script.

Fixes #1867

* libcdb: Handle multiple results when looking up by hash

Sometimes the same library appears to be indexed multiple times (see 0b52d2e71). Handle that situation by selecting the first in the list, since they should all be identical given the same hash value.

* Update CHANGELOG

* Fix off-by-one when pre-selecting a libc

* Do .json() only once

---------

Co-authored-by: Arusekk <arek_koz@o2.pl>

Run Details

2 of 5910 branches covered (0.03%)

0 of 52 new or added lines in 1 file covered. (0.0%)

11873 existing lines in 140 files now uncovered.

221 of 16952 relevant lines covered (1.3%)

0.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pwnlib/commandline/elfpatch.py

1	#!/usr/bin/env python2
UNCOV 2	from __future__ import absolute_import	×
UNCOV 3	from __future__ import division	×
4
UNCOV 5	import sys	×
6
UNCOV 7	import pwnlib.args	×
UNCOV 8	pwnlib.args.free_form = False	×
9
UNCOV 10	from pwn import *	×
UNCOV 11	from pwnlib.commandline import common	×
12
UNCOV 13	p = common.parser_commands.add_parser(	×
14	'elfpatch',
15	help = 'Patch an ELF file',
16	description = 'Patch an ELF file'
17	)
18
UNCOV 19	p.add_argument('elf',help="File to patch")	×
UNCOV 20	p.add_argument('offset',help="Offset to patch in virtual address (hex encoded)")	×
UNCOV 21	p.add_argument('bytes',help='Bytes to patch (hex encoded)')	×
22
23
UNCOV 24	def main(a):	×
25	if not a.offset.startswith('0x'):	×
26	a.offset = '0x' + a.offset	×
27
28	offset = int(a.offset, 16)	×
29	bytes = unhex(a.bytes)	×
30
31	with context.silent:	×
32	elf = ELF(a.elf)	×
33
34	elf.write(offset, bytes)	×
35	getattr(sys.stdout, 'buffer', sys.stdout).write(elf.get_data())	×
36
UNCOV 37	if __name__ == '__main__':	×
38	pwnlib.commandline.common.main(__file__)	×

Gallopsled / pwntools / 1

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous