diff options
| author | bloodstalker <thabogre@gmail.com> | 2018-01-02 19:12:05 +0000 |
|---|---|---|
| committer | bloodstalker <thabogre@gmail.com> | 2018-01-02 19:12:05 +0000 |
| commit | d7f4a97c10813eb4f8e8a31064deedbf0d7d2a8b (patch) | |
| tree | ba63aaa4624329a7b23350ffc8f8f77c1ac0dc43 | |
| parent | wip (diff) | |
| download | mutator-d7f4a97c10813eb4f8e8a31064deedbf0d7d2a8b.tar.gz mutator-d7f4a97c10813eb4f8e8a31064deedbf0d7d2a8b.zip | |
load.py now loads all objects and functions along with names to c++. next is getting them to lua.
Diffstat (limited to '')
| -rwxr-xr-x | bfd/load.py | 104 | ||||
| -rw-r--r-- | bruiser/bruiser.cpp | 34 | ||||
| -rw-r--r-- | bruiser/executioner.h | 11 | ||||
| -rw-r--r-- | bruiser/lua-scripts/demo1.lua | 47 |
4 files changed, 145 insertions, 51 deletions
diff --git a/bfd/load.py b/bfd/load.py index ccaec6a..08adfc5 100755 --- a/bfd/load.py +++ b/bfd/load.py @@ -23,6 +23,7 @@ class CLIArgParser(object): parser.add_argument("--stentries", action='store_true', help="dump section table entries", default=False) parser.add_argument("--objcode", action='store_true', help="dump objects", default=False) parser.add_argument("--test", action='store_true', help="test switch", default=False) + parser.add_argument("--dynsym", action='store_true', help="dump dynamic symbol table", default=False) self.args = parser.parse_args() if self.args.obj is None: raise Exception("no object file provided. please specify an object with --obj.") @@ -299,32 +300,32 @@ class ELF(object): def init(self, size): self.size = size self.read_ELF_H(size) - self.so.seek(int.from_bytes(self.elfhdr.e_phoff, byteorder="little", signed=False)) - phnum = int.from_bytes(self.elfhdr.e_phnum, byteorder="little", signed=False) + self.so.seek(byte2int(self.elfhdr.e_phoff)) + phnum = byte2int(self.elfhdr.e_phnum) for i in range(0, phnum): self.read_PHDR(size) - self.so.seek(int.from_bytes(self.elfhdr.e_shoff, byteorder="little", signed=False)) - shnum = int.from_bytes(self.elfhdr.e_shnum, byteorder="little", signed=False) + self.so.seek(byte2int(self.elfhdr.e_shoff)) + shnum = byte2int(self.elfhdr.e_shnum) for i in range(0, shnum): self.read_SHDR(size) for i in range(0, shnum): - type = int.from_bytes(self.shhdr[i].sh_type, byteorder="little", signed=False) + type = byte2int(self.shhdr[i].sh_type) if type == sh_type_e.SHT_SYMTAB: - self.so.seek(int.from_bytes(self.shhdr[i].sh_offset, byteorder="little", signed=False), 0) - symbol_tb = self.so.read(int.from_bytes(self.shhdr[i].sh_size, byteorder="little", signed=False)) + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) offset = 0 - num = int(int.from_bytes(self.shhdr[i].sh_size, byteorder="little") / 24) + num = int(byte2int(self.shhdr[i].sh_size) / 24) for j in range(0, num): self.read_st_entry(symbol_tb[offset:offset + 24], self.string_tb_e) - offset += 8*24 + offset += 24 if type == sh_type_e.SHT_DYNSYM: - self.so.seek(int.from_bytes(self.shhdr[i].sh_offset, byteorder="little", signed=False), 0) - symbol_tb = self.so.read(int.from_bytes(self.shhdr[i].sh_size, byteorder="little", signed=False)) + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) offset = 0 - num = int(int.from_bytes(self.shhdr[i].sh_size, byteorder="little") / 24) + num = int(byte2int(self.shhdr[i].sh_size) / 24) for j in range(0, num): self.read_st_entry(symbol_tb[offset:offset + 24], self.string_tb_e_dyn) - offset += 8*24 + offset += 24 self.pop_data_section() self.pop_text_section() @@ -442,13 +443,21 @@ class ELF(object): ret_list = [] for entry in self.string_tb_e: if entry.st_type == stt_type: - ret_list.append("".join(self.get_st_entry_symbol_string(byte2int(entry.st_name)))) + ret_list.append("".join(self.get_st_entry_symbol_string(byte2int(entry.st_name), ".strtab"))) if dump_b: for name in ret_list: print(name) - return ret_list + def dump_obj_size(self, stt_type, dump_b): + ret_list = [] + for entry in self.string_tb_e: + if entry.st_type == stt_type: + ret_list.append(byte2int(entry.st_size)) + if dump_b: + for name in ret_list: + print(name) + return ret_list def dump_symbol_idx(self): print(Colors.green + "symbol:" + Colors.ENDC) @@ -546,21 +555,34 @@ class ELF(object): print(Colors.blue + "sh_entsize: " + Colors.cyan + repr(byte2int(self.shhdr[i].sh_entsize)) + Colors.ENDC) counter += 1 - def dump_symbol_tb(self): - for i in range(0, int.from_bytes(self.elfhdr.e_shnum, byteorder="little", signed=False)): - if int.from_bytes(self.shhdr[i].sh_type, byteorder="little", signed=False) == sh_type_e.SHT_STRTAB: - print(Colors.BOLD + Colors.yellow + "STRING TABLE:" + Colors.ENDC) - self.so.seek(int.from_bytes(self.shhdr[i].sh_offset, byteorder="little", signed=False), 0) - symbol_tb = self.so.read(int.from_bytes(self.shhdr[i].sh_size, byteorder="little", signed=False)) - for byte in symbol_tb: - print(chr(byte), end='') - if chr(byte) == '\0': print() + def dump_symbol_tb(self, name, type): + for i in range(0, byte2int(self.elfhdr.e_shnum)): + if byte2int(self.shhdr[i].sh_type) == type: + if name == self.read_section_name(byte2int(self.shhdr[i].sh_name)): + print(Colors.BOLD + Colors.yellow + "STRING TABLE:" + Colors.ENDC) + self.so.seek(byte2int(self.shhdr[i].sh_offset), 0) + symbol_tb = self.so.read(byte2int(self.shhdr[i].sh_size)) + for byte in symbol_tb: + print(chr(byte), end='') + if chr(byte) == '\0': print() def dump_st_entries(self): for entry in self.string_tb_e: print(Colors.green + "name index: " + Colors.ENDC + repr(byte2int(entry.st_name)), end="") - print(Colors.green + " name: " + Colors.ENDC + repr("".join(self.get_st_entry_symbol_string(byte2int(entry.st_name)))), end="") + print(Colors.green + " name: " + Colors.ENDC + repr("".join(self.get_st_entry_symbol_string(byte2int(entry.st_name), ".strtab"))), end="") + print(Colors.green + " value: " + Colors.ENDC + repr(byte2int(entry.st_value)), end="") + print(Colors.green + " size: " + Colors.ENDC + repr(byte2int(entry.st_size)), end="") + print(Colors.green + " info: " + Colors.ENDC + repr(byte2int(entry.st_info)), end="") + print(Colors.green + " other: " + Colors.ENDC + repr(byte2int(entry.st_other)), end="") + print(Colors.green + " shndx: " + Colors.ENDC + repr(byte2int(entry.st_shndx)), end="") + print(Colors.green + " bind: " + Colors.ENDC + get_elf_st_bind_string(entry.st_bind), end="") + print(Colors.green + " type: " + Colors.ENDC + get_elf_st_type_string(entry.st_type)) + + def dump_st_entries_dyn(self): + for entry in self.string_tb_e_dyn: + print(Colors.green + "name index: " + Colors.ENDC + repr(byte2int(entry.st_name)), end="") + print(Colors.green + " name: " + Colors.ENDC + repr("".join(self.get_st_entry_symbol_string(byte2int(entry.st_name), ".dynstr"))), end="") print(Colors.green + " value: " + Colors.ENDC + repr(byte2int(entry.st_value)), end="") print(Colors.green + " size: " + Colors.ENDC + repr(byte2int(entry.st_size)), end="") print(Colors.green + " info: " + Colors.ENDC + repr(byte2int(entry.st_info)), end="") @@ -569,11 +591,11 @@ class ELF(object): print(Colors.green + " bind: " + Colors.ENDC + get_elf_st_bind_string(entry.st_bind), end="") print(Colors.green + " type: " + Colors.ENDC + get_elf_st_type_string(entry.st_type)) - def get_st_entry_symbol_string(self, index): + def get_st_entry_symbol_string(self, index, section_name): symbol = [] for i in range(0, byte2int(self.elfhdr.e_shnum)): name = self.read_section_name(byte2int(self.shhdr[i].sh_name)) - if byte2int(self.shhdr[i].sh_type) == sh_type_e.SHT_STRTAB and name == ".strtab": + if byte2int(self.shhdr[i].sh_type) == sh_type_e.SHT_STRTAB and name == section_name: self.so.seek(byte2int(self.shhdr[i].sh_offset) + index, 0) byte = self.so.read(1) while chr(byte[0]) != "\0": @@ -646,30 +668,48 @@ def elf_get_func_names(): elf.init(64) return elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False) -def main2(): +# obj here means variables or what the C standard means by objects +def elf_get_obj_names(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, False) + +# obj here means variables or what the C standard means by objects +def elf_get_obj_sizes(): + so = openSO_r(sys.argv[1]) + elf = ELF(so) + elf.init(64) + return elf.dump_obj_size(ELF_ST_TYPE.STT_OBJECT, False) + +def elf_get_func_code(): so = openSO_r(sys.argv[1]) elf = ELF(so) elf.init(64) return elf.dump_funcs(False) def main(): - variables = globals().copy() - variables.update(locals()) - shell = code.InteractiveConsole(variables) try: argparser = CLIArgParser() so = openSO_r(argparser.args.obj) elf = ELF(so) elf.init(64) if argparser.args.header: elf.dump_header() - elif argparser.args.symboltable: elf.dump_symbol_tb() + elif argparser.args.symboltable: + elf.dump_symbol_tb(".strtab", sh_type_e.SHT_STRTAB) + elf.dump_symbol_tb(".dynstr", sh_type_e.SHT_STRTAB) elif argparser.args.phdrs: elf.dump_phdrs() elif argparser.args.shdrs: elf.dump_shdrs() elif argparser.args.symbolindex: elf.dump_symbol_idx() elif argparser.args.stentries: elf.dump_st_entries() elif argparser.args.objcode: elf.dump_funcs(True) elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True) + elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True) + elif argparser.args.dynsym: elf.dump_st_entries_dyn() except: + variables = globals().copy() + variables.update(locals()) + shell = code.InteractiveConsole(variables) shell.interact(banner="PyElfDump REPL") if __name__ == "__main__": diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index 8934867..cd52603 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -283,7 +283,8 @@ class PyExec { tempvec.push_back(int(byte)); } } - if (!tempvec.empty()) {hexobj.push_back(tempvec);} + //if (!tempvec.empty()) {hexobj.push_back(tempvec);} + hexobj.push_back(tempvec); tempvec.clear(); } } @@ -305,9 +306,8 @@ class PyExec { } } - std::vector<std::vector<uint8_t>> exportObjs(void) { - return hexobj; - } + std::vector<std::vector<uint8_t>> exportObjs(void) {return hexobj;} + std::vector<std::string> exportStrings(void) {return hexobj_str;} private: std::string py_script_name; @@ -1183,6 +1183,7 @@ class LuaWrapper funcname = lua_tostring(__ls, 1); objjpath = lua_tostring(__ls, 2); action = lua_tostring(__ls, 3); + lua_pop(__ls, 3); } else { std::cout << RED << "wrong number of arguments provided. should give the python script name, python func name and its args.\n" << NORMAL; @@ -1191,18 +1192,15 @@ class LuaWrapper std::cout << CYAN << "initing the py embed class...\n" << NORMAL; PyExec py(filename.c_str(), funcname.c_str(), objjpath.c_str()); - std::cout << CYAN << "forking python script...\n" << NORMAL; pid_t pid = fork(); - if (pid < 0) - { + if (pid < 0) { PRINT_WITH_COLOR_LB(RED, "could not fork..."); lua_pushnumber(__ls, EXIT_FAILURE); } - if (pid == 0) - { + if (pid == 0) { std::cout << BLUE << "running load.py: " << NORMAL << "\n"; py.run(); if (action == "code_list") { @@ -1212,20 +1210,28 @@ class LuaWrapper else if (action == "symbol_list") { py.getAsCppStringVec(); } + + lua_newtable(__ls); + int tableindex = 0 ; + for (auto& iter : py.exportStrings()) { + lua_pushnumber(__ls, tableindex); + tableindex++; + lua_pushstring(__ls, iter.c_str()); + lua_settable(__ls, 1); + } //py.killPyObj(); - lua_pushnumber(__ls, 0); + //lua_pushnumber(__ls, 0); exit(EXIT_SUCCESS); } - if (pid > 0) - { + if (pid > 0) { int status; pid_t returned; returned = waitpid(pid, &status, 0); - lua_pushnumber(__ls, returned); + //lua_pushnumber(__ls, returned); } - lua_pushnumber(__ls, 0); + //lua_pushnumber(__ls, 0); return 1; } diff --git a/bruiser/executioner.h b/bruiser/executioner.h index b881902..4b8b651 100644 --- a/bruiser/executioner.h +++ b/bruiser/executioner.h @@ -19,6 +19,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ /**********************************************************************************************************************/ +#include "./bruiser.h" +#include "lua-5.3.4/src/lua.hpp" + #include <iostream> #include <tuple> #include <vector> @@ -27,7 +30,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* #include <cstring> #include <sys/mman.h> #include <unistd.h> -#include "lua-5.3.4/src/lua.hpp" /**********************************************************************************************************************/ #ifndef EXECUTIONER_H #define EXECUTIONER_H @@ -68,7 +70,7 @@ namespace { // start of anonymous namespace if (lua_type(__ls, 1) == LUA_TSTRING) { xfuncname = lua_tostring(__ls, 1); } else { - //PRINT_WITH_COLOR_LB(RED, "the first argument should be a string that is the name of the xfunc to be called."); + PRINT_WITH_COLOR_LB(RED, "the first argument should be a string that is the name of the xfunc to be called."); } // detecting arg types @@ -79,8 +81,10 @@ namespace { // start of anonymous namespace else if (lua_type(__ls, i) == LUA_TLIGHTUSERDATA) { } else if (lua_type(__ls, i) == LUA_TNUMBER) { + arg_double.push_back(std::make_pair(lua_tonumber(__ls, i), i)); } else if (lua_type(__ls, i) == LUA_TSTRING) { + arg_str.push_back(std::make_pair(lua_tostring(__ls, i), i)); } else if (lua_type(__ls, i) == LUA_TTABLE) { } @@ -92,12 +96,13 @@ namespace { // start of anonymous namespace } // type is Nil else { + PRINT_WITH_COLOR_LB(RED, "you passed a Nil argument..."); } } pid_t pid = fork(); if (pid < 0) { - //PRINT_WITH_COLOR_LB(RED, "could not fork..."); + PRINT_WITH_COLOR_LB(RED, "could not fork..."); lua_pushnumber(__ls, EXIT_FAILURE); } if (pid == 0) {} diff --git a/bruiser/lua-scripts/demo1.lua b/bruiser/lua-scripts/demo1.lua index 98bdb0d..b382f2d 100644 --- a/bruiser/lua-scripts/demo1.lua +++ b/bruiser/lua-scripts/demo1.lua @@ -1,2 +1,45 @@ -objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") -objload("main2", "../bfd/test/test.so", "code_list") +-- +-- get the .so object names +-- objload("elf_get_obj_names", "../bfd/test/test.so", "symbol_list") +-- +-- get the .so object sizes +-- objload("elf_get_obj_sizes", "../bfd/test/test.so", "symbol_list") +-- +-- get the .so function names +-- objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") +-- get the .so function code +-- objload("elf_get_func_code", "../bfd/test/test.so", "code_list") +-- + +function printObjNames() + local c = {objload("elf_get_obj_names", "../bfd/test/test.so", "symbol_list")} + for k,v in ipairs(c) do + print(k,v) + end +end + +function printObjSizes() + local c = {objload("elf_get_obj_sizes", "../bfd/test/test.so", "symbol_list")} + for k,v in ipairs(c) do + print(k,v) + end +end + +function printFuncNames() + local c = {objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list")} + for k,v in ipairs(c) do + print(k,v) + end +end + +function printFuncCode() + local c = {objload("elf_get_func_code", "../bfd/test/test.so", "code_list")} + for k,v in ipairs(c) do + print(k,v) + end +end + +printObjNames() +printObjSizes() +printFuncNames() +--printFuncCode() |