pwnlib.util.misc
— We could not fit it any other place
- pwnlib.util.misc._create_execve_script(argv=None, executable=None, cwd=None, env=None, ignore_environ=None, stdin=0, stdout=1, stderr=2, preexec_fn=None, preexec_args=(), aslr=None, setuid=None, shell=False, log=<pwnlib.log.Logger object>)[source]
Creates a python wrapper script that triggers the syscall execve directly.
- Parameters
argv (list) – List of arguments to pass into the process
executable (str) – Path to the executable to run. If
None
,argv[0]
is used.cwd (str) – Working directory. If
None
, uses the working directory specified oncwd
or set viaset_working_directory()
.env (dict) – Environment variables to add to the environment.
ignore_environ (bool) – Ignore default environment. By default use default environment iff env not specified.
stdin (int, str) – If an integer, replace stdin with the numbered file descriptor. If a string, a open a file with the specified path and replace stdin with its file descriptor. May also be one of
sys.stdin
,sys.stdout
,sys.stderr
. IfNone
, the file descriptor is closed.preexec_fn (callable) – Function which is executed on the remote side before execve(). This MUST be a self-contained function – it must perform all of its own imports, and cannot refer to variables outside its scope.
preexec_args (object) – Argument passed to
preexec_fn
. This MUST only consist of native Python objects.aslr (bool) – See
pwnlib.tubes.process.process
for more information.setuid (bool) – See
pwnlib.tubes.process.process
for more information.shell (bool) – Pass the command-line arguments to the shell.
- Returns
A string containing the python script.
- pwnlib.util.misc.align(alignment, x) int [source]
Rounds x up to nearest multiple of the alignment.
Example
>>> [align(5, n) for n in range(15)] [0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15]
- pwnlib.util.misc.align_down(alignment, x) int [source]
Rounds x down to nearest multiple of the alignment.
Example
>>> [align_down(5, n) for n in range(15)] [0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10]
- pwnlib.util.misc.binary_ip(host) str [source]
Resolve host and return IP as four byte string.
Example
>>> binary_ip("127.0.0.1") b'\x7f\x00\x00\x01'
- pwnlib.util.misc.parse_ldd_output(output)[source]
Parses the output from a run of ‘ldd’ on a binary. Returns a dictionary of {path: address} for each library required by the specified binary.
- Parameters
output (str) – The output to parse
Example
>>> sorted(parse_ldd_output(''' ... linux-vdso.so.1 => (0x00007fffbf5fe000) ... libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fe28117f000) ... libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fe280f7b000) ... libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe280bb4000) ... /lib64/ld-linux-x86-64.so.2 (0x00007fe2813dd000) ... ''').keys()) ['/lib/x86_64-linux-gnu/libc.so.6', '/lib/x86_64-linux-gnu/libdl.so.2', '/lib/x86_64-linux-gnu/libtinfo.so.5', '/lib64/ld-linux-x86-64.so.2']
- pwnlib.util.misc.python_2_bytes_compatible(klass)[source]
A class decorator that defines __str__ methods under Python 2. Under Python 3 it does nothing.
- pwnlib.util.misc.read(path, count=-1, skip=0) str [source]
Open file, return content.
Examples
>>> read('/proc/self/exe')[:4] b'\x7fELF'
- pwnlib.util.misc.register_sizes(regs, in_sizes)[source]
Create dictionaries over register sizes and relations
Given a list of lists of overlapping register names (e.g. [‘eax’,’ax’,’al’,’ah’]) and a list of input sizes, it returns the following:
all_regs : list of all valid registers
sizes[reg] : the size of reg in bits
bigger[reg] : list of overlapping registers bigger than reg
smaller[reg]: list of overlapping registers smaller than reg
Used in i386/AMD64 shellcode, e.g. the mov-shellcode.
Example
>>> regs = [['eax', 'ax', 'al', 'ah'],['ebx', 'bx', 'bl', 'bh'], ... ['ecx', 'cx', 'cl', 'ch'], ... ['edx', 'dx', 'dl', 'dh'], ... ['edi', 'di'], ... ['esi', 'si'], ... ['ebp', 'bp'], ... ['esp', 'sp'], ... ] >>> all_regs, sizes, bigger, smaller = register_sizes(regs, [32, 16, 8, 8]) >>> all_regs ['eax', 'ax', 'al', 'ah', 'ebx', 'bx', 'bl', 'bh', 'ecx', 'cx', 'cl', 'ch', 'edx', 'dx', 'dl', 'dh', 'edi', 'di', 'esi', 'si', 'ebp', 'bp', 'esp', 'sp'] >>> pprint(sizes) {'ah': 8, 'al': 8, 'ax': 16, 'bh': 8, 'bl': 8, 'bp': 16, 'bx': 16, 'ch': 8, 'cl': 8, 'cx': 16, 'dh': 8, 'di': 16, 'dl': 8, 'dx': 16, 'eax': 32, 'ebp': 32, 'ebx': 32, 'ecx': 32, 'edi': 32, 'edx': 32, 'esi': 32, 'esp': 32, 'si': 16, 'sp': 16} >>> pprint(bigger) {'ah': ['eax', 'ax', 'ah'], 'al': ['eax', 'ax', 'al'], 'ax': ['eax', 'ax'], 'bh': ['ebx', 'bx', 'bh'], 'bl': ['ebx', 'bx', 'bl'], 'bp': ['ebp', 'bp'], 'bx': ['ebx', 'bx'], 'ch': ['ecx', 'cx', 'ch'], 'cl': ['ecx', 'cx', 'cl'], 'cx': ['ecx', 'cx'], 'dh': ['edx', 'dx', 'dh'], 'di': ['edi', 'di'], 'dl': ['edx', 'dx', 'dl'], 'dx': ['edx', 'dx'], 'eax': ['eax'], 'ebp': ['ebp'], 'ebx': ['ebx'], 'ecx': ['ecx'], 'edi': ['edi'], 'edx': ['edx'], 'esi': ['esi'], 'esp': ['esp'], 'si': ['esi', 'si'], 'sp': ['esp', 'sp']} >>> pprint(smaller) {'ah': [], 'al': [], 'ax': ['al', 'ah'], 'bh': [], 'bl': [], 'bp': [], 'bx': ['bl', 'bh'], 'ch': [], 'cl': [], 'cx': ['cl', 'ch'], 'dh': [], 'di': [], 'dl': [], 'dx': ['dl', 'dh'], 'eax': ['ax', 'al', 'ah'], 'ebp': ['bp'], 'ebx': ['bx', 'bl', 'bh'], 'ecx': ['cx', 'cl', 'ch'], 'edi': ['di'], 'edx': ['dx', 'dl', 'dh'], 'esi': ['si'], 'esp': ['sp'], 'si': [], 'sp': []}
- pwnlib.util.misc.run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, preexec_fn=None) int [source]
Run a command in a new terminal.
- When
terminal
is not set: If
context.terminal
is set it will be used. If it is an iterable thencontext.terminal[1:]
are default arguments.If a
pwntools-terminal
command exists in$PATH
, it is usedIf tmux is detected (by the presence of the
$TMUX
environment variable), a new pane will be opened.If GNU Screen is detected (by the presence of the
$STY
environment variable), a new screen will be opened.If
$TERM_PROGRAM
is set, that is used.If X11 is detected (by the presence of the
$DISPLAY
environment variable),x-terminal-emulator
is used.If KDE Konsole is detected (by the presence of the
$KONSOLE_VERSION
environment variable), a terminal will be split.If WSL (Windows Subsystem for Linux) is detected (by the presence of a
wsl.exe
binary in the$PATH
and/proc/sys/kernel/osrelease
containingMicrosoft
), a newcmd.exe
window will be opened.
If kill_at_exit is
True
, try to close the command/terminal when the current process exits. This may not work for all terminal types.- Parameters
Note
The command is opened with
/dev/null
for stdin, stdout, stderr.- Returns
PID of the new terminal process
- When
- pwnlib.util.misc.size(n, abbrev='B', si=False) str [source]
Convert the length of a bytestream to human readable form.
- Parameters
Example
>>> size(451) '451B' >>> size(1000) '1000B' >>> size(1024) '1.00KB' >>> size(1024, ' bytes') '1.00K bytes' >>> size(1024, si = True) '1.02KB' >>> [size(1024 ** n) for n in range(7)] ['1B', '1.00KB', '1.00MB', '1.00GB', '1.00TB', '1.00PB', '1024.00PB'] >>> size([]) '0B' >>> size([1,2,3]) '3B'
- pwnlib.util.misc.which(name, flags=os.X_OK, all=False) str or str set [source]
Works as the system command
which
; searches $PATH forname
and returns a full path if found. Tries all of the file extensions in $PATHEXT on Windows too.If all is
True
the set of all found locations is returned, else the first occurrence orNone
is returned.- Parameters
- Returns
If all is
True
the set of all locations where name was found, else the first location orNone
if not found.
Example
>>> which('sh') '.../bin/sh'