This repository has been archived by the owner on Nov 13, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
/
ChainBuilder.py
64 lines (49 loc) · 2 KB
/
ChainBuilder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
from Solver import *
from Gadget import *
from RopChain import *
from multiprocessing import Pool
def analyzeGadget(gadget):
gadget.analyzeGadget()
return gadget
class ChainBuilder(object):
def __init__(self, gadgets=list()):
self.gadgets = gadgets
self.regs = dict()
self.raw_chain = None
def solve_chain(self, avoid_char=None):
self.raw_chain = solveGadgets(self.gadgets.copy(), self.regs, avoid_char=avoid_char)
def set_regs(self, regs):
self.regs = regs
def get_syscall_addr(self, not_write_regs=set(), avoid_char=None):
return findSyscall(self.gadgets.copy(), not_write_regs, avoid_char=avoid_char)
def set_writes(self, writes):
self.writes = writes
def solve_chain_write(self, avoid_char=None):
self.raw_chain = solveWriteGadgets(self.gadgets.copy(), self.writes, avoid_char=avoid_char)
def solve_pivot(self, addr, avoid_char):
self.raw_chain = solvePivot(self.gadgets.copy(), addr, avoid_char)
def build_chain(self, next_call=None):
if next_call:
self.raw_chain.set_next_call(next_call)
return self.raw_chain
def add_gadget_string(self, addr, gadget_string, gadget_opcode):
gadget = Gadget(addr)
gadget.loadFromString(gadget_string, gadget_opcode)
self.add_gadget(gadget)
def add_gadget(self, gadget):
self.gadgets.append(gadget)
def load_list_gadget_string(self, gadgets_dict):
for addr,info in gadgets_dict.items():
self.add_gadget_string(addr, info[0], info[1])
def analyzeAll(self, num_process=1):
if num_process != 1:
p = Pool(num_process)
self.gadgets = p.map(analyzeGadget, self.gadgets)
else:
for gadget in self.gadgets:
gadget.analyzeGadget()
def save_analyzed_gadgets(self):
saved = pickle.dumps(self.gadgets)
return saved
def load_analyzed_gadgets(self, pickled_data):
self.gadgets = pickle.loads(pickled_data)