MCPcopy
hub / github.com/Gallopsled/pwntools / __init__

Method __init__

pwnlib/dynelf.py:149–200  ·  view source on GitHub ↗

Instantiates an object which can resolve symbols in a running binary given a :class:`pwnlib.memleak.MemLeak` leaker and a pointer inside the binary. Arguments: leak(MemLeak): Instance of pwnlib.memleak.MemLeak for leaking memory pointer(int):

(self, leak, pointer=None, elf=None, libcdb=True)

Source from the content-addressed store, hash-verified

147 '''
148
149 def __init__(self, leak, pointer=None, elf=None, libcdb=True):
150 '''
151 Instantiates an object which can resolve symbols in a running binary
152 given a :class:`pwnlib.memleak.MemLeak` leaker and a pointer inside
153 the binary.
154
155 Arguments:
156 leak(MemLeak): Instance of pwnlib.memleak.MemLeak for leaking memory
157 pointer(int): A pointer into a loaded ELF file
158 elf(str,ELF): Path to the ELF file on disk, or a loaded :class:`pwnlib.elf.ELF`.
159 libcdb(bool): Attempt to use libcdb to speed up libc lookups
160 '''
161 self.libcdb = libcdb
162 self._elfclass = None
163 self._elftype = None
164 self._link_map = None
165 self._waitfor = None
166 self._bases = {}
167 self._dynamic = None
168 self.elf = None
169
170 if elf:
171 path = elf
172 if isinstance(elf, ELF):
173 path = elf.path
174
175 # Load a fresh copy of the ELF
176 with context.local(log_level='error'):
177 w = self.waitfor("Loading from %r" % path)
178 self.elf = ELF(path)
179 w.success("[LOADED]")
180
181 if not (pointer or (elf and elf.address)):
182 log.error("Must specify either a pointer into a module and/or an ELF file with a valid base address")
183
184 pointer = pointer or elf.address
185
186 if not isinstance(leak, MemLeak):
187 leak = MemLeak(leak)
188
189 if not elf:
190 log.warn_once("No ELF provided. Leaking is much faster if you have a copy of the ELF being leaked.")
191
192 self.leak = leak
193 self.libbase = self._find_base(pointer or elf.address)
194
195 if elf:
196 self._elftype = self.elf.elftype
197 self._elfclass = self.elf.elfclass
198 self.elf.address = self.libbase
199 self._dynamic = self.elf.get_section_by_name('.dynamic').header.sh_addr
200 self._dynamic = self._make_absolute_ptr(self._dynamic)
201
202 @classmethod
203 def for_one_lib_only(cls, leak, ptr):

Callers

nothing calls this directly

Calls 9

waitforMethod · 0.95
_find_baseMethod · 0.95
_make_absolute_ptrMethod · 0.95
ELFClass · 0.90
MemLeakClass · 0.90
errorMethod · 0.80
warn_onceMethod · 0.80
localMethod · 0.45
successMethod · 0.45

Tested by

no test coverage detected