From fe63ef169d3ce1e6e14842f716cdbc62b458e1f1 Mon Sep 17 00:00:00 2001 From: Malfurious Date: Thu, 7 Jul 2022 00:00:41 -0400 Subject: sploit: rev: Properly base Symtbls for non-PIC binaries The baddr property identified by r2 is now used as the base address for ELF symbol tables. This should not change the addresses retrieved via the table normally, however should fix the internal offsets of the table so that rebasing makes sense. Note that for PIC/PIE binaries we would already get a Symtbl with 'correct' offsets, as r2 is unable to absolutely resolve them for us. In these cases, the Symtbl base value remains at zero. Signed-off-by: Malfurious Signed-off-by: dusoleil --- tools/sploit/sploit/rev/r2.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/sploit/sploit/rev/r2.py b/tools/sploit/sploit/rev/r2.py index bb3edb3..6dfd499 100644 --- a/tools/sploit/sploit/rev/r2.py +++ b/tools/sploit/sploit/rev/r2.py @@ -13,6 +13,11 @@ def get_elf_symbols(elf): ilog(f'Retrieving symbols of {elf} with r2...') out = {} + cmd_base = 'iI~baddr' + base = run_cmd(elf,cmd_base) + base = re.split(r'\s+',base[0])[1] + base = int(base,0) + cmd_syms = 'is' out_syms = run_cmd(elf,cmd_syms) out_syms = [re.split(r'\s+',sym) for sym in out_syms][4:] @@ -39,7 +44,7 @@ def get_elf_symbols(elf): out_strs = {sym[2][sym[2].rfind('.')+1:]:int(sym[0],0) for sym in out_strs} out.update(out_strs) - return Symtbl(**out) + return Symtbl(base=base, **out) def get_locals(binary,func): ilog(f'Retrieving local stack frame of {hex(func)} in {binary} with r2...') -- cgit v1.2.3