mirror of https://github.com/pwndbg/pwndbg.git
Make the rop command work, add documentation
Zach Riggle
10 years ago
parent
2a7ac228ec
commit
e510f75562
@ -1,24 +1,55 @@
|
|||||||
from __future__ import print_function
|
from __future__ import print_function
|
||||||
import os
|
import argparse
|
||||||
|
import re
|
||||||
|
import subprocess
|
||||||
|
import tempfile
|
||||||
|
|
||||||
import gdb
|
import gdb
|
||||||
import pwndbg.commands
|
import pwndbg.commands
|
||||||
import pwndbg.vmmap
|
import pwndbg.vmmap
|
||||||
|
|
||||||
@pwndbg.commands.Command
|
parser = argparse.ArgumentParser(description="Dump ROP gadgets with Jon Salwan's ROPgadget tool.",
|
||||||
def rop(start=None, stop=None):
|
epilog="Example: rop --grep 'pop rdi' -- --nojop")
|
||||||
"""
|
parser.add_argument('--grep', type=str,
|
||||||
Dump ROP gadgets.
|
help='String to grep the output for')
|
||||||
|
parser.add_argument('argument', nargs='*', type=str,
|
||||||
|
help='Arguments to pass to ROPgadget')
|
||||||
|
|
||||||
Optionally specify an address to dump all gadgets in that memory
|
@pwndbg.commands.ArgparsedCommand(parser)
|
||||||
area, or also specify a stop address.
|
def rop(grep, argument):
|
||||||
|
with tempfile.NamedTemporaryFile() as corefile:
|
||||||
|
|
||||||
Searches executable mapped pages only.
|
# If the process is running, dump a corefile so we get actual addresses.
|
||||||
"""
|
if pwndbg.proc.alive:
|
||||||
# for page in pwndbg.vmmap.get()
|
filename = corefile.name
|
||||||
|
gdb.execute('gcore %s' % filename)
|
||||||
|
else:
|
||||||
|
filename = pwndbg.proc.exe
|
||||||
|
|
||||||
|
# If no binary was specified, we can't do anything
|
||||||
|
if not filename:
|
||||||
|
print("No file to get gadgets from")
|
||||||
|
return
|
||||||
|
|
||||||
|
# Build up the command line to run
|
||||||
cmd = ['ROPgadget',
|
cmd = ['ROPgadget',
|
||||||
'--rawArch=x86',
|
'--binary',
|
||||||
'--rawMode=32',
|
filename]
|
||||||
'--binary=dump',
|
cmd += argument
|
||||||
'--offset=0xdeadbeef']
|
|
||||||
os.system(' '.join(cmd))
|
try:
|
||||||
|
io = subprocess.Popen(cmd, stdout=subprocess.PIPE)
|
||||||
|
except Exception:
|
||||||
|
print("Could not run ROPgadget. Please ensure it's installed and in $PATH.")
|
||||||
|
|
||||||
|
(stdout, stderr) = io.communicate()
|
||||||
|
|
||||||
|
stdout = stdout.decode('latin-1')
|
||||||
|
|
||||||
|
if not grep:
|
||||||
|
print(stdout)
|
||||||
|
return
|
||||||
|
|
||||||
|
for line in stdout.splitlines():
|
||||||
|
if re.search(grep, line):
|
||||||
|
print(line)
|
||||||
Loading…
Reference in new issue