rev: r2: Fix imported symbol realnames

Radare2 commit 0fcffc4cbf5c ("Use raw symbol name in flatItem.realname
instead of the flag name"), which first appeared in release 5.9.8,
changes the value of "realname" for each of the object's imported
symbols (PLTs).

Previously, a symbol "imp.read" (for instance) would report a realname
of "read".  Now the "imp." prefix persists in this value, meaning a
symbol lookup within nsploit like so would fail:

    binary.sym.imp.read

    binary.sym.imp['imp.read'] # The working lookup

To restore the previous behavior in nsploit, actively filter out the
"imp." substring if it appears at the beginning of a symbol's realname
value.  Sploit adds this back in by embedding imported symbols in the
"imp" subtable, as before.

Signed-off-by: Malfurious <m@lfurio.us>

1 files changed, 5 insertions, 1 deletions

diff --git a/nsploit/rev/r2.py b/nsploit/rev/r2.py
index f4f2a5e..765d2a7 100644
--- a/nsploit/rev/r2.py
+++ b/nsploit/rev/r2.py
@@ -12,6 +12,10 @@ import re
 def run_cmd(binary,cmd):
     return run_cmd_cached(['r2','-q','-c',cmd,'-e','scr.color=false','-e','rop.len=10','-e','search.in=io.maps.x',binary])
 
+def __fixup_sym(name):
+    prefix = "imp."
+    return name[len(prefix):] if name.startswith(prefix) else name
+
 def get_elf_symbols(elf):
     ilog(f'Retrieving symbols of {elf} with r2...')
 
@@ -24,7 +28,7 @@ def get_elf_symbols(elf):
     syms = [s for s in syms if s['type'] in ['OBJ', 'FUNC', 'NOTYPE']]
 
     plt = [s for s in syms if s['is_imported']]
-    plt = {sym['realname']:sym['vaddr'] for sym in plt}
+    plt = {__fixup_sym(sym['realname']):sym['vaddr'] for sym in plt}
     plt = Symtbl(base=sect.get('.plt',0), **plt)
 
     syms = [s for s in syms if not s['is_imported']]