import struct
p8 = lambda x: struct.pack("<Q", x)
u8 = lambda x: struct.unpack("<Q", x)[0]
p4 = lambda x: struct.pack("<L", x)
u4 = lambda x: struct.unpack("<L", x)[0]
class elfleak:
leak = lambda x: x
elf_got_dynamic = False
elf_dynamic = -1
base = -1
sections = {}
def __init__(self, *args, **kwargs):
print kwargs
if 'leak' in kwargs:
self.leak = kwargs['leak']
def get_elf(self, start):
pages = 0;
start &= 0xfffffffffffff000;
while self.leak(start - pages + 1, 3) != 'ELF':
pages += 0x1000
self.base = start - pages
return start - pages
def get_prog_headers(self, base):
return u8(self.leak(base + 32, 8))
def get_dynamic(self, prog):
if self.elf_got_dynamic == True:
return self.elf_dynamic
i = 0
while u8(self.leak(prog + i, 8)) & 0xffffffff != 2:
i += 56
self.elf_got_dynamic = True
self.elf_dynamic = u8(self.leak(prog + i + 16, 8))
print hex(i)
return self.elf_dynamic
def get_str_symtab(self, dynamic):
strtab = symtab = type = 0
i = 0
while ((5 not in self.sections) or (6 not in self.sections)):
type = u8(self.leak(dynamic + i, 8))
self.sections[type] = u8(self.leak(dynamic + i + 8, 8))
if 5 in self.sections:
strtab = self.sections[5]
if 6 in self.sections:
symtab = self.sections[6]
print hex(type), hex(u8(self.leak(dynamic + i + 8, 8)))
i += 8;
return (strtab, symtab)
def get_symbol(self, symbol, strtab, symtab):
offset = 0
i = 0 + 382 * 24
i += 26 * 24
symbol += '\x00'
len_symbol = len(symbol)
while (1):
offset = u4(self.leak(symtab + i, 4))
symname = self.leak(strtab + offset, len(symbol))
if '\x00' in symname:
symname = symname[:symname.find('\x00')]
#print 'Symbol: ', symname
print symname, hex(u8(self.leak(symtab + i + 8, 8)))
if symname == symbol[:-1]:
return u8(self.leak(symtab + i + 8, 8))
i += 24;