From ff2e7a6d219643ffe6fad0b4988305c90e846437 Mon Sep 17 00:00:00 2001 From: Malfurious Date: Sun, 16 Mar 2025 22:49:42 -0400 Subject: rev: r2: Fix imported symbol realnames Radare2 commit 0fcffc4cbf5c ("Use raw symbol name in flatItem.realname instead of the flag name"), which first appeared in release 5.9.8, changes the value of "realname" for each of the object's imported symbols (PLTs). Previously, a symbol "imp.read" (for instance) would report a realname of "read". Now the "imp." prefix persists in this value, meaning a symbol lookup within nsploit like so would fail: binary.sym.imp.read binary.sym.imp['imp.read'] # The working lookup To restore the previous behavior in nsploit, actively filter out the "imp." substring if it appears at the beginning of a symbol's realname value. Sploit adds this back in by embedding imported symbols in the "imp" subtable, as before. Signed-off-by: Malfurious --- nsploit/rev/r2.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nsploit/rev/r2.py b/nsploit/rev/r2.py index f4f2a5e..765d2a7 100644 --- a/nsploit/rev/r2.py +++ b/nsploit/rev/r2.py @@ -12,6 +12,10 @@ import re def run_cmd(binary,cmd): return run_cmd_cached(['r2','-q','-c',cmd,'-e','scr.color=false','-e','rop.len=10','-e','search.in=io.maps.x',binary]) +def __fixup_sym(name): + prefix = "imp." + return name[len(prefix):] if name.startswith(prefix) else name + def get_elf_symbols(elf): ilog(f'Retrieving symbols of {elf} with r2...') @@ -24,7 +28,7 @@ def get_elf_symbols(elf): syms = [s for s in syms if s['type'] in ['OBJ', 'FUNC', 'NOTYPE']] plt = [s for s in syms if s['is_imported']] - plt = {sym['realname']:sym['vaddr'] for sym in plt} + plt = {__fixup_sym(sym['realname']):sym['vaddr'] for sym in plt} plt = Symtbl(base=sect.get('.plt',0), **plt) syms = [s for s in syms if not s['is_imported']] -- cgit v1.2.3