pwnlib.util.misc — We could not fit it any other place

pwnlib.util.misc.align(alignment, x) → int[source]

Rounds x up to nearest multiple of the alignment.


>>> [align(5, n) for n in range(15)]
[0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15]
pwnlib.util.misc.align_down(alignment, x) → int[source]

Rounds x down to nearest multiple of the alignment.


>>> [align_down(5, n) for n in range(15)]
[0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10]
pwnlib.util.misc.binary_ip(host) → str[source]

Resolve host and return IP as four byte string.


>>> binary_ip("")

Given a tube which is a shell, dealarm it.


Emulates the behavior of mkdir -p.


Parses the output from a run of ‘ldd’ on a binary. Returns a dictionary of {path: address} for each library required by the specified binary.

Parameters:output (str) – The output to parse


>>> sorted(parse_ldd_output('''
... =>  (0x00007fffbf5fe000)
... => /lib/x86_64-linux-gnu/ (0x00007fe28117f000)
... => /lib/x86_64-linux-gnu/ (0x00007fe280f7b000)
... => /lib/x86_64-linux-gnu/ (0x00007fe280bb4000)
...     /lib64/ (0x00007fe2813dd000)
... ''').keys())
['/lib/x86_64-linux-gnu/', '/lib/x86_64-linux-gnu/', '/lib/x86_64-linux-gnu/', '/lib64/'], count=-1, skip=0) → str[source]

Open file, return content.


>>> read('/proc/self/exe')[:4]
pwnlib.util.misc.register_sizes(regs, in_sizes)[source]

Create dictionaries over register sizes and relations

Given a list of lists of overlapping register names (e.g. [‘eax’,’ax’,’al’,’ah’]) and a list of input sizes, it returns the following:

  • all_regs : list of all valid registers
  • sizes[reg] : the size of reg in bits
  • bigger[reg] : list of overlapping registers bigger than reg
  • smaller[reg]: list of overlapping registers smaller than reg

Used in i386/AMD64 shellcode, e.g. the mov-shellcode.


>>> regs = [['eax', 'ax', 'al', 'ah'],['ebx', 'bx', 'bl', 'bh'],
... ['ecx', 'cx', 'cl', 'ch'],
... ['edx', 'dx', 'dl', 'dh'],
... ['edi', 'di'],
... ['esi', 'si'],
... ['ebp', 'bp'],
... ['esp', 'sp'],
... ]
>>> all_regs, sizes, bigger, smaller = register_sizes(regs, [32, 16, 8, 8])
>>> all_regs
['eax', 'ax', 'al', 'ah', 'ebx', 'bx', 'bl', 'bh', 'ecx', 'cx', 'cl', 'ch', 'edx', 'dx', 'dl', 'dh', 'edi', 'di', 'esi', 'si', 'ebp', 'bp', 'esp', 'sp']
>>> sizes
{'ch': 8, 'cl': 8, 'ah': 8, 'edi': 32, 'al': 8, 'cx': 16, 'ebp': 32, 'ax': 16, 'edx': 32, 'ebx': 32, 'esp': 32, 'esi': 32, 'dl': 8, 'dh': 8, 'di': 16, 'bl': 8, 'bh': 8, 'eax': 32, 'bp': 16, 'dx': 16, 'bx': 16, 'ecx': 32, 'sp': 16, 'si': 16}
>>> bigger
{'ch': ['ecx', 'cx', 'ch'], 'cl': ['ecx', 'cx', 'cl'], 'ah': ['eax', 'ax', 'ah'], 'edi': ['edi'], 'al': ['eax', 'ax', 'al'], 'cx': ['ecx', 'cx'], 'ebp': ['ebp'], 'ax': ['eax', 'ax'], 'edx': ['edx'], 'ebx': ['ebx'], 'esp': ['esp'], 'esi': ['esi'], 'dl': ['edx', 'dx', 'dl'], 'dh': ['edx', 'dx', 'dh'], 'di': ['edi', 'di'], 'bl': ['ebx', 'bx', 'bl'], 'bh': ['ebx', 'bx', 'bh'], 'eax': ['eax'], 'bp': ['ebp', 'bp'], 'dx': ['edx', 'dx'], 'bx': ['ebx', 'bx'], 'ecx': ['ecx'], 'sp': ['esp', 'sp'], 'si': ['esi', 'si']}
>>> smaller
{'ch': [], 'cl': [], 'ah': [], 'edi': ['di'], 'al': [], 'cx': ['cl', 'ch'], 'ebp': ['bp'], 'ax': ['al', 'ah'], 'edx': ['dx', 'dl', 'dh'], 'ebx': ['bx', 'bl', 'bh'], 'esp': ['sp'], 'esi': ['si'], 'dl': [], 'dh': [], 'di': [], 'bl': [], 'bh': [], 'eax': ['ax', 'al', 'ah'], 'bp': [], 'dx': ['dl', 'dh'], 'bx': ['bl', 'bh'], 'ecx': ['cx', 'cl', 'ch'], 'sp': [], 'si': []}
pwnlib.util.misc.run_in_new_terminal(command, terminal = None) → None[source]

Run a command in a new terminal.

When terminal is not set:
  • If context.terminal is set it will be used. If it is an iterable then context.terminal[1:] are default arguments.
  • If X11 is detected (by the presence of the DISPLAY environment variable), x-terminal-emulator is used.
  • If tmux is detected (by the presence of the TMUX environment variable), a new pane will be opened.
  • command (str) – The command to run.
  • terminal (str) – Which terminal to use.
  • args (list) – Arguments to pass to the terminal


pwnlib.util.misc.size(n, abbriv = 'B', si = False) → str[source]

Convert the length of a bytestream to human readable form.

  • n (int,str) – The length to convert to human readable form
  • abbriv (str) –


>>> size(451)
>>> size(1000)
>>> size(1024)
>>> size(1024, si = True)
>>> [size(1024 ** n) for n in range(7)]
['1B', '1.00KB', '1.00MB', '1.00GB', '1.00TB', '1.00PB', '1024.00PB']
pwnlib.util.misc.which(name, flags = os.X_OK, all = False) → str or str set[source]

Works as the system command which; searches $PATH for name and returns a full path if found.

If all is True the set of all found locations is returned, else the first occurence or None is returned.

  • name (str) – The file to search for.
  • all (bool) – Whether to return all locations where name was found.

If all is True the set of all locations where name was found, else the first location or None if not found.


>>> which('sh')
pwnlib.util.misc.write(path, data='', create_dir=False, mode='w')[source]

Create new file or truncate existing to zero length and write data.