| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Rename all affected files, references to file paths, and module imports
within the code. Since this line of development represents a fork from
the original sploit, a name change is seen as necessary to distinguish
the projects, as well as allow them to be installed side by side.
What does the "n" mean? Great question! You can think of it as meaning
"new sploit" if you want, though that's not quite intended. The name is
simply distinct and easy to pronounce. I had originally settled on
"msploit" (something along the lines of "Malf's sploit"), but this name
is too close to "metasploit" for me - and N is right next to it on the
keyboard.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
There are some useful concepts expressed in the Symtbl class that can
provide good value if applied elsewhere as well. In this particular
case, I want to address the somewhat awkward relationship between Symtbl
and the Payload class by providing an abstract base for both of them. I
will go into more details in an upcoming commit for Payload.
This patch shouldn't change any behavior for Symtbl barring perhaps its
new preference of the new IndexEntry type described below. Some
characteristics of Symtbl are refactored into two new interface types:
IndexEntry provides "base" and implements logic supporting the use of
instance objects as integers. The intent is to extend from this class
when creating special types to be used in IndexTbls, Symtbls, etc.
IndexTbl (extends IndexEntry) provides a unified system for attribute /
element access, and acts as an abstract container where storage and
lookup semantics are up to the specific implementation.
Symtbl (extends IndexTbl) is now better described as an Index table,
where indices represent numeric addresses. The nominal data type is
int, however IndexEntries (which are int-like) may be nested to record
the addresses of ROP gadgets, sub-symtbls, and perhaps more in the
future.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
When iterating over a symtbl, the returned tuples should be sorted by
offset.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
This fixes a bug with Symtbl's __getitem__. An object that is
convertable to int should also cause __getitem__ to behave as though an
int was given, and translate the object as a foreign offset.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Also check type when setting arch.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Can now use Symtbl subscript syntax to obtain the mapped address of a
foreign offset (not a defined symbol) without having to modify the
object or add a new symbol entry.
Assuming a base value of 10, tbl[15] will return 25, for example.
We now assert that the defined table keys are strings, to prevent the
creation of entries that are now un-readable by this patch. However,
this always should have been the case.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
QoL change - Don't print the headings if the table is empty. Just
report "0 symbols" and the base address.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
When printing a human readable Symtbl, show all nested objects within
[brackets], not just Symtbl itself. Primarily useful since more types
are being developed with the intent of being stored in a Symtbl.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Define human-readable string formatting for objects in repr, rather than
str, as this will enable an interactive interpreter to more conveniently
show this data to the user. I believe this especially makes sense in
cases where __str__ doesn't perform a semantic type conversion for its
class (currently, all affected cases).
Scripts can still easily yield this information by using
`print(object)`, as print will fallback to repr(object) when there is
not an explicitly defined __str__.
Furthermore, this patch still maintains backwards compatability (for the
time being) of using str(object) to retrieve the information. This is
because the default __str__ implementation will defer to __repr__ if
provided. This made the Symtbl case of providing both of them
especially redundant.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
This effort was triggered by three immediate wants of the module:
An improved data container interface to support things like key
iteration and better key management. This is primarily wanted by
the ROP module (which is still in development).
The introduction of package documentation across the project. This
module is now fully documented.
To fix a bug in the Symtbl constructor, which would not allow a
caller to supply "self" as an initial symbol name, even though it is
legal in every other context. This problem was caused by the
constructor's bound instance parameter sharing this name.
This patch addresses all of these concerns, and also introduces some
fringe / QoL improvements that were discovered during the API refactor.
Element access may now be done via subscripting, as well as the previous
(and still generally perferred) .attribute notation. The syntax for
storing subtables within a parent Symtbl is now greatly streamlined due
to some implementation-level changes to the class. You may now directly
assign just a Symtbl object or a normal int, and you don't have to fuss
with tuples anymore. The subtable's base is taken as its offset in the
parent, and the new operator replacement for the .map() method may be
used to define a desired value for the parent.
This detail is actually a breaking change compared to the previous
version. While not technically a bug, it is unintuitive that the
previous version would not remove subtables when their offset was
changed by a simple assignment - the table would just move. This patch
make it such that any symbol assignment to a regular int will replace an
old mounted subtable if one exists.
There are now no normal instance methods on the Symtbl type (only dunder
method overrides). This is to free up the available symbol namespace as
much as possible. The previous methods map(), adjust(), and rebase()
are now implemented as operators which, in every case, yield a new
derivative object, rather than mutating the original. All operators are
listed here:
@ remap to absolute address
+ remap to relative address
- remap to negated relative address
>> adjust all symbol offsets upward
<< adjust all symbol offsets downward
% rebase all symbol offsets around an absolute zero point
Additionally, Symtbl objects will convert to an integer via int(),
hex(), oct(), or bin(), yielding the base value.
The addition of these operators presents another breaking change to the
previous version. Previously, symbol adjustments or rebases affected
the tracked offsets and caused symbols to shift around in linked tables
as well. Since these operators now preserve the state of their source
object, this is no longer the case. The amount of shift due to
adjustment or rebasing is localized in a specific Symtbl instance (and
is affected the the use of the related operators), however this value is
inherited by derivatives of that object.
There is a third breaking change caused by the use of operators as well.
Previously, the map() function allowed the caller to specify that the
given absolute address is not that of the table base, but of some offset
in the table, from which the new base is calculated. However, the
remapping operators take only a single numeric value as their right hand
side operand, which is the absolute or relative address. The new
intended way of accomplishing this (which is _nearly_ equivalent) is
through the combined use of the rebase and remap operations:
# The address of the puts() function in a libc tbl is leaked
sym = sym % sym.puts @ leak
aka: adjust offsets such that the known point is at the base, then move
that base to the known location. The way in which this is different to
what you would end up with before is that previously, following a
map(abs, off) the base of the table would be accurately valued
according to the known information. Now, the 'base' is considered to be
the leaked value, but internal offsets are shifted such that they still
resolve correctly.
Finally, a few new pieces of functionality are added to build out the
container API:
- symbol key deletion
- iteration over symbol:offset pairs
- can now check for symbol existence with the "in" keyword
- len(symtbl) returns the number of symbols defined
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
I assume that the preferred style is to leave one major class each to a
file. In this case, synchronize the names of the Symtbl class and its
containing module. Per PEP8, the module is lowercase, and the class
remains Pascal case.
If other memory-oriented utilities are introduced in the future, we may
wish to move them, as well as Symtbl, back into a subpackage named
'mem'.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Some code previously assumed a Symtbl's base value to always be zero.
This was often the case, however the assumption would break (for example)
when attempting to rebase() a mapped Symtbl.
As of the previous patch enabling freer modification of base, the
potentiality of these bugs will be higher.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Allow a Symtbl's base to be modified in-place, without mapping into a
new object. This is useful when working with the Symtbl aspect of a
Payload.
This includes setting a non-zero base on construction. As usual, when
defining base on construction, any additional kwargs symbols are
interpreted relative to the given base. The order of arguments does not
matter.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
The recent implementation of the new design for Symtbl contained a few
bugs:
- Attempting to access .base on a Symtbl or intermediate
__InnerTable__ caused an exception.
- Symtbl objects all used the same static collection of nested
subtables, rather than an instanced one. If two table objects
contained the same named key, they would refer to the same
nested table from both locations.
- Printing the contents of a table accessed via an absolute
nesting (aka: via an __InnerTable__ object) would not show the
offsets adjusted for the curent context.
In addition to these fixes, the class implementation is largely
simplified as well. This is in part due to the removal of unnecessary
logic, such as the way our __getattribute__ overloads were implemented.
Mainly, this came down to merging the redundant abstractions in our
original design.
Over time, the differences between these interfaces became blurred to
the point where simply reusing one is not at all problematic. It is
very much the intent of this patch to preserve the semantics of the
tool's design (that being: flexable, nestable tables, to which a
separate, but linked, mapped view may be obtained), but to state it as
cleanly as possible.
Note that all of the working state of a Symtbl is kept in its new
_namesp member. This is primarily done to enable subclassing the Symtbl
class. Ordinarily, setattr() on self would force the incoming value
into the actual symbol table, making it impossible for subclasses to
store separate instance data. Furthermore, the consolidation of
properties into this object creates fewer potential collisions with
user-defined symbols.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Found a spot to use __attr_filter__ in the rev module, so moving it out
of mem and into a shared place (util).
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
In the various __getattribute__() overloads in the mem module, we should
filter all of the built-in magic members to do the default
object.__getattribute__() behavior. This is opposed to the earlier
stance of just caring about the ones that I saw as realistically being
called.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
length() fails on local stack frames (where it was originally intended
to be useful) when register based locals (like arguments) are present.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
len() will calculate the length of the symtbl in bytes rather than the
number of symbols
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Add the ability to shift all Symtbl offsets by a fixed amount with
adjust().
Add the ability to shift all Symtbl offsets so that a designated symbol
is now at offset 0 and all other symbols maintain their relative offsets
to that symbol with rebase().
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Add string cast to mem module types so that they can be printed out in a
human readable format.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Symtbl now only deals with offets. A read-only view of a symtbl can be
created via the Memmap class. This view also takes an absolute address
for a symbol and will return adjusted addresses based on this. This
replaces the addr() method.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
