Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
for eachStr in tmp1:
if eachStr in funcListOut:
leakAddrFunc = eachStr
break;
if leakAddrFunc == "":# perform func search using in-like.
for eachStr in tmp1:
if eachStr in funcListIn:
leakAddrFunc = eachStr
break;
if leakAddrFunc == "":
print "[-] No leak functions can be used. Can not leak the real address."
exit(1)
print "[*] Found a leak function: %s" % leakAddrFunc
gdbmi = GdbController()
response = gdbmi.write('-file-exec-file %s' % (target_program))
response = gdbmi.write('file %s' % (target_program))
response = gdbmi.write('break %s' % (leakAddrFunc))
# print_log(response)
response = gdbmi.write('run')
# print_log(response)
response = gdbmi.write('finish')
# print_log(response)
i=0;
maxi = 10;
badStr = ["<", "?"]
realAddress = ""
def init(self):
self.gdbmi = GdbController()
self.gdbmi.write('-exec-arguments %s %s' % self.prog_args, read_response=False)
self.gdbmi.write('-file-exec-and-symbols %s' % self.binary, read_response=False)
self.gdbmi.write('-break-insert %s' % self.method_name, read_response=False)
self.gdbmi.write('-exec-run', read_response=False)
self.gdbmi.write('-data-list-register-names', read_response=False)
'M': self.write_memory,
'p': self.read_register,
'P': self.write_register,
'v': self.handle_long_commands,
'X': self.write_memory_bin,
'Z': self.insert_breakpoint,
'z': self.remove_breakpoint,
'?': self.stop_reason,
'!': self.extend_mode,
}
self.active_state = active_state
self.regs = GdbRegSpace(self.active_state)
self.mem = GdbMemSpace(self.active_state)
self.packet_size = PAGESIZE
self.libs = GdbSharedLibrary(self.active_state, self.packet_size)
self.gdb = GdbController()
self.gdb.write("-target-select remote %s" % ptsname)
self.thread = threading.Thread(target=self.run)
self.thread.start()
self.gdb.write("-file-exec-and-symbols %s" % binary)
"p": self.read_register,
"P": self.write_register,
"v": self.handle_long_commands,
"X": self.write_memory_bin,
"Z": self.insert_breakpoint,
"z": self.remove_breakpoint,
"?": self.stop_reason,
"!": self.extend_mode,
}
self.states = states
self.active_state = active_state if active_state else states.get_major(-1)
self.regs = GdbRegSpace(self.active_state)
self.mem = GdbMemSpace(self.active_state, cda)
self.packet_size = PAGESIZE
self.libs = GdbSharedLibrary(self.active_state, self.packet_size)
self.gdb = GdbController(gdb_args=["--quiet", "--nx", "--interpreter=mi2"])
self.gdb.write("-target-select remote %s" % ptsname, timeout_sec=10)
self.thread = threading.Thread(target=self.run)
self.thread.start()
self.gdb.write("-file-exec-and-symbols %s" % binary, timeout_sec=100)
self.gdb.write("set stack-cache off", timeout_sec=100)
def __init__(
self, elf: ELF, coredump: Coredump, lib_text_addrs: Dict[str, int]
) -> None:
self.coredump = coredump
self.elf = elf
self.corefile = self.coredump.file.name
self.execfile = self.elf.file.name
self.gdb = GdbController(gdb_args=["--quiet", "--interpreter=mi2"])
self.lib_text_addrs = lib_text_addrs
self.get_response()
self.setup_gdb()
def __init__(self, binary_path: str, trace: List[Instruction]) -> None:
self.binary_path = binary_path
self.trace = trace
self.rr = GdbController(
gdb_path=DEFAULT_RR_PATH, gdb_args=[binary_path], rr=True
)
self.current_index = 0