From 2624c2961ec043c6a2b08f7923602a784e392c10 Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 10 Mar 2022 19:24:31 -0500 Subject: sploit: Split Symtbl funcionality with Memmap Symtbl now only deals with offets. A read-only view of a symtbl can be created via the Memmap class. This view also takes an absolute address for a symbol and will return adjusted addresses based on this. This replaces the addr() method. Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index 6de32f8..1149e99 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -1,15 +1,19 @@ class Symtbl: - def __init__(self, base=0, **kwargs): - self.__dict__ = {'base' : base, **kwargs} + def __init__(self, **kwargs): + self.__dict__ = {**kwargs} - def __getattribute__(self, sym): - a = object.__getattribute__(self, sym) - if sym in object.__getattribute__(self,'__dict__') and sym != 'base': - return self.base + a - else: - return a - def addr(self, sym, addr): - if sym == 'base' : self.base = addr - else: self.base = addr - object.__getattribute__(self, sym) +class Memmap: + def __init__(self, tbl, sym, addr): + object.__setattr__(self,'__tbl__', tbl) + base = addr if sym == 'base' else addr - getattr(self.__tbl__, sym) + object.__setattr__(self,'base', base) + + def __getattribute__(self, sym): + if sym == '__tbl__' or sym == 'base': + return object.__getattribute__(self, sym) + a = getattr(self.__tbl__, sym) + return self.base + a + def __setattr__(self, k, v): + raise TypeError('Memmaps are Read-Only! Modify offsets with Symtbl instead!') -- cgit v1.2.3 From 5c104e5f9b66614d0e8bf9fc3339f0e97faf627a Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 10 Mar 2022 19:37:36 -0500 Subject: sploit: Add string cast for Symtbl and Memmap Add string cast to mem module types so that they can be printed out in a human readable format. Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index 1149e99..58c3d3d 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -2,6 +2,13 @@ class Symtbl: def __init__(self, **kwargs): self.__dict__ = {**kwargs} + def __str__(self): + tbl_format = '\n{:<20} {:<20}' + s = 'len: ' + str(len(self.__dict__)) + s += tbl_format.format('ADDRESS', 'SYMBOL') + for sym,addr in sorted(self.__dict__.items(),key=lambda x:x[1]): + s += tbl_format.format(hex(addr),sym) + return s class Memmap: def __init__(self, tbl, sym, addr): @@ -17,3 +24,12 @@ class Memmap: def __setattr__(self, k, v): raise TypeError('Memmaps are Read-Only! Modify offsets with Symtbl instead!') + + def __str__(self): + tbl_format = '\n{:<20} {:<20}' + s = 'len: ' + str(len(self.__tbl__.__dict__)+1) + s += tbl_format.format('ADDRESS', 'SYMBOL') + s += tbl_format.format(hex(self.base),'base') + for sym,addr in sorted(self.__tbl__.__dict__.items(),key=lambda x:x[1]): + s += tbl_format.format(hex(addr+self.base),sym) + return s -- cgit v1.2.3 From a1a1c6151dc23a32d9f19da8cd721ed82495b86e Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 10 Mar 2022 19:52:50 -0500 Subject: Add adjust and rebase functions to mem module Add the ability to shift all Symtbl offsets by a fixed amount with adjust(). Add the ability to shift all Symtbl offsets so that a designated symbol is now at offset 0 and all other symbols maintain their relative offsets to that symbol with rebase(). Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index 58c3d3d..e257c03 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -33,3 +33,11 @@ class Memmap: for sym,addr in sorted(self.__tbl__.__dict__.items(),key=lambda x:x[1]): s += tbl_format.format(hex(addr+self.base),sym) return s + +def adjust(tbl, off): + tbl.__dict__ = {k:v+off for k,v in tbl.__dict__.items()} + +def rebase(tbl, sym): + off = -getattr(tbl, sym) + adjust(tbl, off) + -- cgit v1.2.3 From f0147dda4339b8d67af03a682acbaba607cc0b30 Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sat, 12 Mar 2022 18:39:03 -0500 Subject: sploit: move adjust and rebase into member funcs Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index e257c03..0392fa9 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -2,6 +2,12 @@ class Symtbl: def __init__(self, **kwargs): self.__dict__ = {**kwargs} + def adjust(self, off): + self.__dict__ = {k:v+off for k,v in self.__dict__.items()} + + def rebase(self, sym): + self.adjust(-sym) + def __str__(self): tbl_format = '\n{:<20} {:<20}' s = 'len: ' + str(len(self.__dict__)) @@ -34,10 +40,3 @@ class Memmap: s += tbl_format.format(hex(addr+self.base),sym) return s -def adjust(tbl, off): - tbl.__dict__ = {k:v+off for k,v in tbl.__dict__.items()} - -def rebase(tbl, sym): - off = -getattr(tbl, sym) - adjust(tbl, off) - -- cgit v1.2.3 From b8b16e8e94e555c3a735079cbe1ba92813c85685 Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sat, 12 Mar 2022 18:39:53 -0500 Subject: sploit: add len func to mem len() will calculate the length of the symtbl in bytes rather than the number of symbols Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index 0392fa9..f0b93fd 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -8,6 +8,14 @@ class Symtbl: def rebase(self, sym): self.adjust(-sym) + def __len__(self): + vals = self.__dict__.values() + if len(vals)<1: + return 0 + hi = max(max(vals),0) + lo = min(min(vals),0) + return hi-lo + def __str__(self): tbl_format = '\n{:<20} {:<20}' s = 'len: ' + str(len(self.__dict__)) @@ -31,6 +39,9 @@ class Memmap: def __setattr__(self, k, v): raise TypeError('Memmaps are Read-Only! Modify offsets with Symtbl instead!') + def __len__(self): + return len(self.__tbl__) + def __str__(self): tbl_format = '\n{:<20} {:<20}' s = 'len: ' + str(len(self.__tbl__.__dict__)+1) -- cgit v1.2.3 From d3f8148b0fd3e55f1839336ff555ef5418cbaf5e Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sat, 12 Mar 2022 18:40:53 -0500 Subject: sploit: code reuse for mem string methods Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index f0b93fd..cf138b3 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -17,12 +17,7 @@ class Symtbl: return hi-lo def __str__(self): - tbl_format = '\n{:<20} {:<20}' - s = 'len: ' + str(len(self.__dict__)) - s += tbl_format.format('ADDRESS', 'SYMBOL') - for sym,addr in sorted(self.__dict__.items(),key=lambda x:x[1]): - s += tbl_format.format(hex(addr),sym) - return s + return __str__(self,self.__dict__) class Memmap: def __init__(self, tbl, sym, addr): @@ -43,11 +38,18 @@ class Memmap: return len(self.__tbl__) def __str__(self): - tbl_format = '\n{:<20} {:<20}' - s = 'len: ' + str(len(self.__tbl__.__dict__)+1) - s += tbl_format.format('ADDRESS', 'SYMBOL') - s += tbl_format.format(hex(self.base),'base') - for sym,addr in sorted(self.__tbl__.__dict__.items(),key=lambda x:x[1]): - s += tbl_format.format(hex(addr+self.base),sym) + s = __str__(self,self.__tbl__.__dict__) + pos = -1 + for i in range(3): + pos = s.find('\n',pos+1) + s = s[:pos] + __tbl_format__.format(hex(self.base),'base') + s[pos:] return s +__tbl_format__ = '\n{:<20} {:<20}' +def __str__(self,tbl): + s = 'symbols: ' + str(len(tbl)) + s += '\nlength: ' + str(len(self)) + s += __tbl_format__.format('ADDRESS', 'SYMBOL') + for sym,off in sorted(tbl.items(),key=lambda x:x[1]): + s += __tbl_format__.format(hex(getattr(self,sym)),sym) + return s -- cgit v1.2.3 From 9469b96ded48d7425ecb8e82382b8bbed163b075 Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sun, 13 Mar 2022 04:24:30 -0400 Subject: sploit: remove length calculation from Symtbl length() fails on local stack frames (where it was originally intended to be useful) when register based locals (like arguments) are present. Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index cf138b3..fc8a4b3 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -8,14 +8,6 @@ class Symtbl: def rebase(self, sym): self.adjust(-sym) - def __len__(self): - vals = self.__dict__.values() - if len(vals)<1: - return 0 - hi = max(max(vals),0) - lo = min(min(vals),0) - return hi-lo - def __str__(self): return __str__(self,self.__dict__) @@ -34,13 +26,10 @@ class Memmap: def __setattr__(self, k, v): raise TypeError('Memmaps are Read-Only! Modify offsets with Symtbl instead!') - def __len__(self): - return len(self.__tbl__) - def __str__(self): s = __str__(self,self.__tbl__.__dict__) pos = -1 - for i in range(3): + for i in range(2): pos = s.find('\n',pos+1) s = s[:pos] + __tbl_format__.format(hex(self.base),'base') + s[pos:] return s @@ -48,7 +37,6 @@ class Memmap: __tbl_format__ = '\n{:<20} {:<20}' def __str__(self,tbl): s = 'symbols: ' + str(len(tbl)) - s += '\nlength: ' + str(len(self)) s += __tbl_format__.format('ADDRESS', 'SYMBOL') for sym,off in sorted(tbl.items(),key=lambda x:x[1]): s += __tbl_format__.format(hex(getattr(self,sym)),sym) -- cgit v1.2.3 From ff3b871f75013748a66d1c0a4ee8de7e311d3281 Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sun, 13 Mar 2022 17:52:37 -0400 Subject: sploit: Instantiate Memmap with integer offset Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index fc8a4b3..932510d 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -13,18 +13,18 @@ class Symtbl: class Memmap: def __init__(self, tbl, sym, addr): - object.__setattr__(self,'__tbl__', tbl) - base = addr if sym == 'base' else addr - getattr(self.__tbl__, sym) - object.__setattr__(self,'base', base) + self.__tbl__ = tbl + self.base = addr - sym def __getattribute__(self, sym): - if sym == '__tbl__' or sym == 'base': + if(sym in ['__tbl__','base']): return object.__getattribute__(self, sym) a = getattr(self.__tbl__, sym) return self.base + a - def __setattr__(self, k, v): - raise TypeError('Memmaps are Read-Only! Modify offsets with Symtbl instead!') + def __setattr__(self, sym, addr): + if(sym in ['__tbl__','base']): + return object.__setattr__(self,sym,addr) def __str__(self): s = __str__(self,self.__tbl__.__dict__) -- cgit v1.2.3 From c486409b4dcb0048be972013801d7624f8ff4dcb Mon Sep 17 00:00:00 2001 From: dusoleil Date: Sun, 13 Mar 2022 17:53:23 -0400 Subject: sploit: Add support for nested Symtbls Signed-off-by: dusoleil --- tools/sploit/sploit/mem.py | 48 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) diff --git a/tools/sploit/sploit/mem.py b/tools/sploit/sploit/mem.py index 932510d..3ad0c50 100644 --- a/tools/sploit/sploit/mem.py +++ b/tools/sploit/sploit/mem.py @@ -1,7 +1,41 @@ class Symtbl: + __subs__ = {} def __init__(self, **kwargs): self.__dict__ = {**kwargs} + def subtable(self, sym, off, table): + setattr(self, sym, off) + self.__subs__[sym] = table + + class __InnerTable__: + def __init__(self,off,tbl): + self.off = off + self.tbl = tbl + def __getattribute__(self,sym): + if(sym in ['off','tbl','__class__']): + return object.__getattribute__(self,sym) + addr = getattr(self.tbl,sym) + if(type(addr)==int): + return addr + self.off + if(type(addr)==self.__class__): + addr.off += self.off + return addr + return addr + def __setattr__(self,sym,off): + if(sym in ['off','tbl']): + return object.__setattr__(self,sym,off) + return setattr(self.tbl,sym,off-self.off) + def __str__(self): + return str(self.tbl) + + def __getattribute__(self, sym): + addr = object.__getattribute__(self,sym) + if(sym == '__subs__'):return addr + if(sym == 'base'):return 0 + if(sym in self.__subs__): + return self.__InnerTable__(addr,self.__subs__[sym]) + return addr + def adjust(self, off): self.__dict__ = {k:v+off for k,v in self.__dict__.items()} @@ -19,12 +53,16 @@ class Memmap: def __getattribute__(self, sym): if(sym in ['__tbl__','base']): return object.__getattribute__(self, sym) - a = getattr(self.__tbl__, sym) - return self.base + a + addr = getattr(self.__tbl__, sym) + if(type(addr)==Symtbl.__InnerTable__): + addr.off += self.base + return addr + return self.base + addr def __setattr__(self, sym, addr): if(sym in ['__tbl__','base']): return object.__setattr__(self,sym,addr) + return setattr(self.__tbl__,sym,addr-self.base) def __str__(self): s = __str__(self,self.__tbl__.__dict__) @@ -39,5 +77,9 @@ def __str__(self,tbl): s = 'symbols: ' + str(len(tbl)) s += __tbl_format__.format('ADDRESS', 'SYMBOL') for sym,off in sorted(tbl.items(),key=lambda x:x[1]): - s += __tbl_format__.format(hex(getattr(self,sym)),sym) + addr = getattr(self,sym) + if(type(addr)==Symtbl.__InnerTable__): + s += __tbl_format__.format(hex(addr.off),f'[{sym}]') + else: + s += __tbl_format__.format(hex(addr),sym) return s -- cgit v1.2.3