Class: OneGadget::Fetcher::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/one_gadget/fetchers/base.rb

Overview

Define common methods for gadget fetchers.

Direct Known Subclasses

AArch64, X86

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(file) ⇒ Base

Instantiate a fetcher object.

Parameters:

  • file (String)

    Absolute path of target libc.


12
13
14
15
# File 'lib/one_gadget/fetchers/base.rb', line 12

def initialize(file)
  @file = file
  @arch = self.class.name.split('::').last.downcase.to_sym
end

Instance Attribute Details

#fileString (readonly)

The absolute path of glibc.

Returns:

  • (String)

    The filename.


9
10
11
# File 'lib/one_gadget/fetchers/base.rb', line 9

def file
  @file
end

Instance Method Details

#candidates {|cand| ... } ⇒ Array<String>

Fetch candidates that end with call exec*.

Give a block to filter gadget candidates.

Yield Parameters:

  • cand (String)

    Is this candidate valid?

Yield Returns:

  • (Boolean)

    True for valid.

Returns:

  • (Array<String>)

    Each String returned is multi-lines of assembly code.


45
46
47
48
49
50
51
52
53
# File 'lib/one_gadget/fetchers/base.rb', line 45

def candidates(&block)
  cands = `#{objdump_cmd}|egrep '#{call_str}.*<exec[^+]*>$' -B 30`.split('--').map do |cand|
    cand.lines.map(&:strip).reject(&:empty?).join("\n")
  end
  # remove all jmps
  cands = slice_prefix(cands, &method(:branch?))
  cands.select!(&block) if block_given?
  cands
end

#findArray<OneGadget::Gadget::Gadget>

Do find gadgets in glibc.

Returns:


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/one_gadget/fetchers/base.rb', line 19

def find
  candidates.map do |cand|
    lines = cand.lines
    # use processor to find which can lead to a valid one-gadget call.
    gadgets = []
    (lines.size - 2).downto(0) do |i|
      processor = emulate(lines[i..-1])
      options = resolve(processor)
      next if options.nil? # impossible be a gadget

      offset = offset_of(lines[i])
      gadgets << OneGadget::Gadget::Gadget.new(offset, options)
    end
    gadgets
  end.flatten
end