r"""Retrieve the address of an environment variable in the remote process. Examples: >>> s = ssh(host='example.pwnme') >>> p = s.process(['python', '-c', 'import time; time.sleep(10)']) >>> hex(p.getenv('PATH')) # doctest: +ELLIPSIS '0x...'
(self, variable, **kwargs)
| 381 | return pwnlib.elf.corefile.Corefile(finder.core_path) |
| 382 | |
| 383 | def getenv(self, variable, **kwargs): |
| 384 | r"""Retrieve the address of an environment variable in the remote process. |
| 385 | |
| 386 | Examples: |
| 387 | |
| 388 | >>> s = ssh(host='example.pwnme') |
| 389 | >>> p = s.process(['python', '-c', 'import time; time.sleep(10)']) |
| 390 | >>> hex(p.getenv('PATH')) # doctest: +ELLIPSIS |
| 391 | '0x...' |
| 392 | """ |
| 393 | argv0 = self.argv[0] |
| 394 | |
| 395 | variable = bytearray(packing._need_bytes(variable, min_wrong=0x80)) |
| 396 | |
| 397 | script = ';'.join(('from ctypes import *', |
| 398 | 'import os', |
| 399 | 'libc = CDLL("libc.so.6")', |
| 400 | 'getenv = libc.getenv', |
| 401 | 'getenv.restype = c_void_p', |
| 402 | 'print(os.path.realpath(%r))' % self.executable, |
| 403 | 'print(getenv(bytes(%r)))' % variable,)) |
| 404 | |
| 405 | try: |
| 406 | with context.quiet: |
| 407 | python = self.parent.which('python2.7') or self.parent.which('python3') or self.parent.which('python') |
| 408 | |
| 409 | if not python: |
| 410 | self.error("Python is not installed on the remote system.") |
| 411 | |
| 412 | io = self.parent.process([argv0,'-c', script.strip()], |
| 413 | executable=python, |
| 414 | env=self.env, |
| 415 | **kwargs) |
| 416 | path = io.recvline() |
| 417 | address = int(io.recvall()) |
| 418 | |
| 419 | address -= len(python) |
| 420 | address += len(path) |
| 421 | |
| 422 | return int(address) & context.mask |
| 423 | except Exception: |
| 424 | self.exception("Could not look up environment variable %r" % variable) |
| 425 | |
| 426 | def _close_msg(self): |
| 427 | # If we never completely started up, just use the parent implementation |