diff options
| author | Malfurious <m@lfurio.us> | 2022-07-07 00:00:41 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2022-09-12 20:19:09 -0400 |
| commit | fe63ef169d3ce1e6e14842f716cdbc62b458e1f1 (patch) | |
| tree | 83668f2a3106ac951d9e6a09a618ec210b34a69f | |
| parent | 1480e6ba39fdaacaf558dd099ccf1b87c9b92d6a (diff) | |
| download | lib-des-gnux-fe63ef169d3ce1e6e14842f716cdbc62b458e1f1.tar.gz lib-des-gnux-fe63ef169d3ce1e6e14842f716cdbc62b458e1f1.zip | |
sploit: rev: Properly base Symtbls for non-PIC binaries
The baddr property identified by r2 is now used as the base address for
ELF symbol tables. This should not change the addresses retrieved via
the table normally, however should fix the internal offsets of the table
so that rebasing makes sense.
Note that for PIC/PIE binaries we would already get a Symtbl with
'correct' offsets, as r2 is unable to absolutely resolve them for us.
In these cases, the Symtbl base value remains at zero.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
| -rw-r--r-- | tools/sploit/sploit/rev/r2.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tools/sploit/sploit/rev/r2.py b/tools/sploit/sploit/rev/r2.py index bb3edb3..6dfd499 100644 --- a/tools/sploit/sploit/rev/r2.py +++ b/tools/sploit/sploit/rev/r2.py @@ -13,6 +13,11 @@ def get_elf_symbols(elf): ilog(f'Retrieving symbols of {elf} with r2...') out = {} + cmd_base = 'iI~baddr' + base = run_cmd(elf,cmd_base) + base = re.split(r'\s+',base[0])[1] + base = int(base,0) + cmd_syms = 'is' out_syms = run_cmd(elf,cmd_syms) out_syms = [re.split(r'\s+',sym) for sym in out_syms][4:] @@ -39,7 +44,7 @@ def get_elf_symbols(elf): out_strs = {sym[2][sym[2].rfind('.')+1:]:int(sym[0],0) for sym in out_strs} out.update(out_strs) - return Symtbl(**out) + return Symtbl(base=base, **out) def get_locals(binary,func): ilog(f'Retrieving local stack frame of {hex(func)} in {binary} with r2...') |