Adding support for FileStructure exploitation

[vigneshsrao]

This is in reference to #1217.

The functioning of this class is similar to srop.py. One has to create an object of this class and then assign member variables, similar to the C fashion. The python class basically emulate's the C FILE structure and makes it easier to write payloads for exploiting the FILE structure. It also includes methods to generate payloads for some standard cases like arbitrary read and write. Only amd64 and i386 architectures are supported currently.

The python file itself contains a full documentation. Please refer here for a detailed overview of the features.

[zachriggle]

Overall this looks good, and most of the heavy lifting is done! Cool stuff!

I've added some comments about convention (self.arch vs context.arch, general code style (e.g. number of spaces), tests (needs more and better tests), and documentation (no functions or methods have docs).

If you can clean this up a bit, we can get this merged!

[zachriggle]

This needs documentation and tests

[zachriggle]

This needs documentation and tests

[zachriggle]

Indentation is wrong here. I'd recommend looking at collections.defaultdict to avoid the need for this.

[zachriggle]

This should show what the payload looks like, so that there are actual tests.

[zachriggle]

Show the payload

[zachriggle]

Needs docs and doctests

[zachriggle]

Needs docs and doctests

[zachriggle]

Needs docs and doctests

[zachriggle]

Do not use self.arch, use context.arch

[zachriggle]

It looks like we're inheriting from dict in order to set these fields.

Just use regular fields, i.e. self.flags, self._IO_write_base, etc.

This way these fields can be documented.

[vigneshsrao]

So should we remove the inheritance from dict altogether? Or should we just add documentation for the various fields?

[zachriggle]

Are there any places we leverage the dict inheritance other than to set self['field'] = value?

[vigneshsrao]

While setting the default data we update the dict. Also, the str and struntil functions involve checking the type of the value of each key, while iterating through the list of fields. I am not quite sure how we can iterate through the list of fields while checking the type of the value they hold if all the fields are set as independent class attributes.

[zachriggle]

Are the fields not enumerable before runtime? Keeping a list of fields we care about, and using getattr() would be equivalent.

On Wed, Oct 31, 2018 at 4:43 PM Vignesh S Rao ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In pwnlib/FilePointer.py <#1218 (comment)>: > + return '' + structure='' + for val in self.vars_: + if isinstance(self[val],str): + if self.arch=='i386': + structure+=self[val].ljust(4,'\x00') + else: + structure+=self[val].ljust(8,'\x00') + else: + structure+=packit(self[val],self.length[val]) + if val==v: + break + return structure[:len(structure)-1] + + def write(self,addr=0,size=0): + self['flags'] &=~8 While setting the default data we update the dict. Also, the str and struntil functions involve checking the type of the value of each key, while iterating through the list of fields. I am not quite sure how we can iterate through the list of fields while checking the type of the value they hold if all the fields are set as independent class attributes. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1218 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAG0GAlwtDOGADs-GTL3WJdZR8iOIl7Bks5uqhmMgaJpZM4X9lfL> .

-- *Zach Riggle*

[vigneshsrao]

Neat! Did not think of this before. I'll make the necessary changes as soon as possible. Thanks a lot!

[vigneshsrao]

Completed the necessary changes.

[orenht]

Hi, are there any plans on getting this merged? :)

[vigneshsrao]

@zachriggle Are there any more changes to be made to the code?
If not can this be merged?