pwnlib.util.misc — We could not fit it any other place

pwnlib.util.misc._create_execve_script(argv=None, executable=None, cwd=None, env=None, ignore_environ=None, stdin=0, stdout=1, stderr=2, preexec_fn=None, preexec_args=(), aslr=None, setuid=None, shell=False, log=<pwnlib.log.Logger object>)[source]

Creates a python wrapper script that triggers the syscall execve directly.

Parameters:
  • argv (list) – List of arguments to pass into the process

  • executable (str) – Path to the executable to run. If None, argv[0] is used.

  • cwd (str) – Working directory. If None, uses the working directory specified on cwd or set via set_working_directory().

  • env (dict) – Environment variables to add to the environment.

  • ignore_environ (bool) – Ignore default environment. By default use default environment iff env not specified.

  • stdin (int, str) – If an integer, replace stdin with the numbered file descriptor. If a string, a open a file with the specified path and replace stdin with its file descriptor. May also be one of sys.stdin, sys.stdout, sys.stderr. If None, the file descriptor is closed.

  • stdout (int, str) – See stdin.

  • stderr (int, str) – See stdin.

  • preexec_fn (callable) – Function which is executed on the remote side before execve(). This MUST be a self-contained function – it must perform all of its own imports, and cannot refer to variables outside its scope.

  • preexec_args (object) – Argument passed to preexec_fn. This MUST only consist of native Python objects.

  • aslr (bool) – See pwnlib.tubes.process.process for more information.

  • setuid (bool) – See pwnlib.tubes.process.process for more information.

  • shell (bool) – Pass the command-line arguments to the shell.

Returns:

A string containing the python script.

pwnlib.util.misc.align(alignment, x) int[source]

Rounds x up to nearest multiple of the alignment.

Example

>>> [align(5, n) for n in range(15)]
[0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15]
pwnlib.util.misc.align_down(alignment, x) int[source]

Rounds x down to nearest multiple of the alignment.

Example

>>> [align_down(5, n) for n in range(15)]
[0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10]
pwnlib.util.misc.binary_ip(host) str[source]

Resolve host and return IP as four byte string.

Example

>>> binary_ip("127.0.0.1")
b'\x7f\x00\x00\x01'
pwnlib.util.misc.dealarm_shell(tube)[source]

Given a tube which is a shell, dealarm it.

pwnlib.util.misc.mkdir_p(path)[source]

Emulates the behavior of mkdir -p.

pwnlib.util.misc.parse_ldd_output(output)[source]

Parses the output from a run of ‘ldd’ on a binary. Returns a dictionary of {path: address} for each library required by the specified binary.

Parameters:

output (str) – The output to parse

Example

>>> sorted(parse_ldd_output('''
...     linux-vdso.so.1 =>  (0x00007fffbf5fe000)
...     libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fe28117f000)
...     libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fe280f7b000)
...     libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe280bb4000)
...     /lib64/ld-linux-x86-64.so.2 (0x00007fe2813dd000)
... ''').keys())
['/lib/x86_64-linux-gnu/libc.so.6', '/lib/x86_64-linux-gnu/libdl.so.2', '/lib/x86_64-linux-gnu/libtinfo.so.5', '/lib64/ld-linux-x86-64.so.2']
pwnlib.util.misc.python_2_bytes_compatible(klass)[source]

A class decorator that defines __str__ methods under Python 2. Under Python 3 it does nothing.

pwnlib.util.misc.read(path, count=-1, skip=0) str[source]

Open file, return content.

Examples

>>> read('/proc/self/exe')[:4] 
b'\x7fELF'
pwnlib.util.misc.register_sizes(regs, in_sizes)[source]

Create dictionaries over register sizes and relations

Given a list of lists of overlapping register names (e.g. [‘eax’,’ax’,’al’,’ah’]) and a list of input sizes, it returns the following:

  • all_regs : list of all valid registers

  • sizes[reg] : the size of reg in bits

  • bigger[reg] : list of overlapping registers bigger than reg

  • smaller[reg]: list of overlapping registers smaller than reg

Used in i386/AMD64 shellcode, e.g. the mov-shellcode.

Example

>>> regs = [['eax', 'ax', 'al', 'ah'],['ebx', 'bx', 'bl', 'bh'],
... ['ecx', 'cx', 'cl', 'ch'],
... ['edx', 'dx', 'dl', 'dh'],
... ['edi', 'di'],
... ['esi', 'si'],
... ['ebp', 'bp'],
... ['esp', 'sp'],
... ]
>>> all_regs, sizes, bigger, smaller = register_sizes(regs, [32, 16, 8, 8])
>>> all_regs
['eax', 'ax', 'al', 'ah', 'ebx', 'bx', 'bl', 'bh', 'ecx', 'cx', 'cl', 'ch', 'edx', 'dx', 'dl', 'dh', 'edi', 'di', 'esi', 'si', 'ebp', 'bp', 'esp', 'sp']
>>> pprint(sizes)
{'ah': 8,
 'al': 8,
 'ax': 16,
 'bh': 8,
 'bl': 8,
 'bp': 16,
 'bx': 16,
 'ch': 8,
 'cl': 8,
 'cx': 16,
 'dh': 8,
 'di': 16,
 'dl': 8,
 'dx': 16,
 'eax': 32,
 'ebp': 32,
 'ebx': 32,
 'ecx': 32,
 'edi': 32,
 'edx': 32,
 'esi': 32,
 'esp': 32,
 'si': 16,
 'sp': 16}
>>> pprint(bigger)
{'ah': ['eax', 'ax', 'ah'],
 'al': ['eax', 'ax', 'al'],
 'ax': ['eax', 'ax'],
 'bh': ['ebx', 'bx', 'bh'],
 'bl': ['ebx', 'bx', 'bl'],
 'bp': ['ebp', 'bp'],
 'bx': ['ebx', 'bx'],
 'ch': ['ecx', 'cx', 'ch'],
 'cl': ['ecx', 'cx', 'cl'],
 'cx': ['ecx', 'cx'],
 'dh': ['edx', 'dx', 'dh'],
 'di': ['edi', 'di'],
 'dl': ['edx', 'dx', 'dl'],
 'dx': ['edx', 'dx'],
 'eax': ['eax'],
 'ebp': ['ebp'],
 'ebx': ['ebx'],
 'ecx': ['ecx'],
 'edi': ['edi'],
 'edx': ['edx'],
 'esi': ['esi'],
 'esp': ['esp'],
 'si': ['esi', 'si'],
 'sp': ['esp', 'sp']}
>>> pprint(smaller)
{'ah': [],
 'al': [],
 'ax': ['al', 'ah'],
 'bh': [],
 'bl': [],
 'bp': [],
 'bx': ['bl', 'bh'],
 'ch': [],
 'cl': [],
 'cx': ['cl', 'ch'],
 'dh': [],
 'di': [],
 'dl': [],
 'dx': ['dl', 'dh'],
 'eax': ['ax', 'al', 'ah'],
 'ebp': ['bp'],
 'ebx': ['bx', 'bl', 'bh'],
 'ecx': ['cx', 'cl', 'ch'],
 'edi': ['di'],
 'edx': ['dx', 'dl', 'dh'],
 'esi': ['si'],
 'esp': ['sp'],
 'si': [],
 'sp': []}
pwnlib.util.misc.run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, preexec_fn=None) int[source]

Run a command in a new terminal.

When terminal is not set:
  • If context.terminal is set it will be used. If it is an iterable then context.terminal[1:] are default arguments.

  • If a pwntools-terminal command exists in $PATH, it is used

  • If tmux is detected (by the presence of the $TMUX environment variable), a new pane will be opened.

  • If GNU Screen is detected (by the presence of the $STY environment variable), a new screen will be opened.

  • If $TERM_PROGRAM is set, that is used.

  • If X11 is detected (by the presence of the $DISPLAY environment variable), x-terminal-emulator is used.

  • If KDE Konsole is detected (by the presence of the $KONSOLE_VERSION environment variable), a terminal will be split.

  • If WSL (Windows Subsystem for Linux) is detected (by the presence of a wsl.exe binary in the $PATH and /proc/sys/kernel/osrelease containing Microsoft), a new cmd.exe window will be opened.

If kill_at_exit is True, try to close the command/terminal when the current process exits. This may not work for all terminal types.

Parameters:
  • command (str) – The command to run.

  • terminal (str) – Which terminal to use.

  • args (list) – Arguments to pass to the terminal

  • kill_at_exit (bool) – Whether to close the command/terminal on process exit.

  • preexec_fn (callable) – Callable to invoke before exec().

Note

The command is opened with /dev/null for stdin, stdout, stderr.

Returns:

PID of the new terminal process

pwnlib.util.misc.size(n, abbrev='B', si=False) str[source]

Convert the length of a bytestream to human readable form.

Parameters:
  • n (int,iterable) – The length to convert to human readable form, or an object which can have len() called on it.

  • abbrev (str) – String appended to the size, defaults to 'B'.

Example

>>> size(451)
'451B'
>>> size(1000)
'1000B'
>>> size(1024)
'1.00KB'
>>> size(1024, ' bytes')
'1.00K bytes'
>>> size(1024, si = True)
'1.02KB'
>>> [size(1024 ** n) for n in range(7)]
['1B', '1.00KB', '1.00MB', '1.00GB', '1.00TB', '1.00PB', '1024.00PB']
>>> size([])
'0B'
>>> size([1,2,3])
'3B'
pwnlib.util.misc.which(name, flags=os.X_OK, all=False) str or str set[source]

Works as the system command which; searches $PATH for name and returns a full path if found. Tries all of the file extensions in $PATHEXT on Windows too.

If all is True the set of all found locations is returned, else the first occurrence or None is returned.

Parameters:
  • name (str) – The file to search for.

  • all (bool) – Whether to return all locations where name was found.

Returns:

If all is True the set of all locations where name was found, else the first location or None if not found.

Example

>>> which('sh') 
'.../bin/sh'
pwnlib.util.misc.write(path, data=b'', create_dir=False, mode='w')[source]

Create new file or truncate existing to zero length and write data.