summaryrefslogtreecommitdiffstats
path: root/sploit/rev (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2023-02-24r2: Simplify Symtbl construction in get_locals()v0.2Malfurious1-3/+1
Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2023-02-24symtbl: Rename file to match class nameMalfurious1-2/+2
I assume that the preferred style is to leave one major class each to a file. In this case, synchronize the names of the Symtbl class and its containing module. Per PEP8, the module is lowercase, and the class remains Pascal case. If other memory-oriented utilities are introduced in the future, we may wish to move them, as well as Symtbl, back into a subpackage named 'mem'. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-09-12sploit: rev: Properly base Symtbls for non-PIC binariesMalfurious1-1/+6
The baddr property identified by r2 is now used as the base address for ELF symbol tables. This should not change the addresses retrieved via the table normally, however should fix the internal offsets of the table so that rebasing makes sense. Note that for PIC/PIE binaries we would already get a Symtbl with 'correct' offsets, as r2 is unable to absolutely resolve them for us. In these cases, the Symtbl base value remains at zero. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-17sploit: Clean up use of __getattribute__Malfurious1-4/+1
__getattribute__ is the low-level magic func and will intercept every attribute lookup, whereas __getattr__ is high-level, and is only invoked in specific conditions (such as __getattribute__'s failure). As such, any overload of __getattribute__ which preferentially falls back to object.__getattribute__() before serving a request, can more simply be replaced by a __getattr__ overload without the fallback. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: Move __attr_filter__ to a general place in utildusoleil1-1/+3
Found a spot to use __attr_filter__ in the rev module, so moving it out of mem and into a shared place (util). Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add stack base pointer to locals symtbldusoleil1-1/+3
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: print hex of addresses in rev logsdusoleil1-2/+2
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add status logging to rev moduledusoleil2-0/+13
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: lazy load libs for ELFdusoleil1-4/+16
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: cache results of external commandsdusoleil3-15/+6
rather than cacheing ELF instantiations, just cache the results of external commands Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add the rest of r2 functions through elfdusoleil1-0/+20
expose the rest of the rev.r2 capabilities through rev.elf Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: typo fix in rev.r2dusoleil1-1/+1
accidentally left the argument as "elf" instead of "binary" and had the arguments in the wrong order Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: cache ELF loadsdusoleil1-1/+11
With recursive ELF loads, there is the possibility of loading in a heavy ELF (like libc) multiple times. Hiding instantiation of the class behind a factory method and caching instances should eliminate this problem. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add ELF helper class to revdusoleil2-0/+23
Create a class which encapsulates some basic information about an ELF file and provides a convenient interface for basic reverse engineering. In particular, ELF automatically loads the symbol table of the given elf file and recursively creates ELF objects for any linked libraries. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: consolidate r2 symbol search callsdusoleil1-16/+5
Consolidate some of the r2 calls that get combined to create the symbol list. Instead of doing multiple calls with different greps within radare2, just do a single call and search it in the python side. This gives us a slight, but noticeable performance increase. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: fix r2 module syntax errordusoleil1-12/+12
forgot to remove the r2 namespace from the calls from back when it was implemented differently Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: reverse direction of r2 get_locals offsetsdusoleil1-1/+1
rev.r2's get_locals() function returns a Symtbl of offsets representing the local variables on in a stack frame of a particular function. The offsets returned by r2 are based around the base of the stack, but they are increasing in value as they grow from the stack. To properly model memory, they should decrease in value as they grow from the stack. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add r2 funcionality to rev moduledusoleil2-1/+94
Add an r2 module with several helper functions that do a number of simple reverse engineering tasks to aid in writing simple sploit scripts. The functions in this module invoke radare2 to accomplish their tasks. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add ldd ability to rev moduledusoleil2-0/+14
add helper function to invoke ldd to get a list of libraries that will be linked to a given ELF Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2022-03-13sploit: add rev module to sploitdusoleil1-0/+0
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
cgit-1.2.3-r5 | srcnode v0.4.0