MCPcopy
hub / github.com/Gallopsled/pwntools / _parse_stack

Method _parse_stack

pwnlib/elf/corefile.py:934–1046  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

932 self.at_sysinfo_ehdr = value
933
934 def _parse_stack(self):
935 # Get a copy of the stack mapping
936 stack = self.stack
937
938 if not stack:
939 return
940
941 # If the stack does not end with zeroes, something is very wrong.
942 if not stack.data.endswith(b'\x00' * context.bytes):
943 log.warn_once("End of the stack is corrupted, skipping stack parsing (got: %s)",
944 enhex(self.data[-context.bytes:]))
945 return
946
947 # AT_EXECFN is the start of the filename, e.g. '/bin/sh'
948 # Immediately preceding is a NULL-terminated environment variable string.
949 # We want to find the beginning of it
950 if not self.at_execfn:
951 address = stack.stop
952 address -= 2*self.bytes
953 address -= 1
954 address = stack.rfind(b'\x00', None, address)
955 address += 1
956 self.at_execfn = address
957
958 address = self.at_execfn-1
959
960
961 # Sanity check!
962 try:
963 if stack[address] != b'\x00':
964 log.warning("Error parsing corefile stack: Could not find end of environment")
965 return
966 except ValueError:
967 log.warning("Error parsing corefile stack: Address out of bounds")
968 return
969
970 # address is currently set to the NULL terminator of the last
971 # environment variable.
972 address = stack.rfind(b'\x00', None, address)
973
974 # We've found the beginning of the last environment variable.
975 # We should be able to search up the stack for the envp[] array to
976 # find a pointer to this address, followed by a NULL.
977 last_env_addr = address + 1
978 p_last_env_addr = stack.find(pack(last_env_addr), None, last_env_addr)
979 if p_last_env_addr < 0:
980 # Something weird is happening. Just don't touch it.
981 log.warn_once("Error parsing corefile stack: Found bad environment at %#x", last_env_addr)
982 return
983
984 # Sanity check that we did correctly find the envp NULL terminator.
985 envp_nullterm = p_last_env_addr+context.bytes
986 if self.unpack(envp_nullterm) != 0:
987 log.warning("Error parsing corefile stack: Could not find end of environment variables")
988 return
989
990 # We've successfully located the end of the envp[] array.
991 #

Callers 1

__init__Method · 0.95

Calls 9

enhexFunction · 0.90
packFunction · 0.90
unpack_manyFunction · 0.90
warn_onceMethod · 0.80
rfindMethod · 0.80
warningMethod · 0.80
stringMethod · 0.80
findMethod · 0.45
unpackMethod · 0.45

Tested by

no test coverage detected