Skip to content

facade ¤

Implements the libc API.

Classes:

Functions:

  • get_libc
  • which
  • has_exported_symbols

    Do we have exported library symbols (e.g. fscanf, read, write)?

  • has_internal_symbols

    Do we have internal library symbols?

  • has_debug_info

    Do we have debugging information like structure types?

  • filepath

    The filepath of the libc shared object.

  • loader_filepath

    The filepath of the ld shared object.

  • addr

    The start load address of the libc shared object file.

  • loader_addr

    The start load address of the ld shared object file.

  • section_by_name

    Returns pwndbg.aglib.elf.section_by_name() for the libc shared object file.

  • section_address_by_name

    Get the start load address of the section section_name in the libc shared

  • relocations_by_section_name

    Returns pwndbg.aglib.elf.relocations_by_section_name() for the libc shared object file.

  • urls

    Get useful URLs regarding this libc implementation.

  • version

    Get the version of the libc implementation as a tuple.

Attributes:

libc_regex module-attribute ¤

libc_regex = compile('^libc6?[-_\\.]')

ld_regex module-attribute ¤

ld_regex = compile('ld.*\\.so(?:\\.[0-9]+)?')

LibcNotFound ¤

Bases: Exception

__check_candidates ¤

__check_candidates(
    libc_candidates: list[str], ld_candidates: list[str]
) -> tuple[str | None, str | None, LibcProvider | None]

Queries the libc implementations on if any of them claim any libc and ld mappings.

Returns:

  • str | None

    A tuple (claimed libc mapping, claimed ld mapping, claiming implementation). If noone claimed anything,

  • str | None

    "claiming implementation" will be None. It is possible that exactly one of "claimed libc mapping"

  • LibcProvider | None

    and "claimed ld mapping" is None.

__get_libc ¤

__get_libc() -> tuple[Path, Path, LibcProvider]

Find the active libc implementation and the associated libc and ld mappings.

The process must be alive when this is called.

If the program is statically linked, will return the main executable module's Path for the libc and ld path, and still try to infer the libc implementation.

If no libc verifies anything, but there is at least one libc OR ld candidate mapping, it/they will be returned along with the "unknown" libc implementation.

Returns:

  • tuple[Path, Path, LibcProvider]

    A tuple (libc mapping path, ld mapping path, libc implementation). Both of the returned Path's are resolved (absolute, followed symlinks).

Raises:

  • LibcNotFound

    If the binary is dynamically linked and we couldn't find any candidate mappings.

get_libc ¤

get_libc() -> LibcProvider

which ¤

which() -> LibcType

has_exported_symbols ¤

has_exported_symbols() -> bool

Do we have exported library symbols (e.g. fscanf, read, write)?

If the library is dynamically linked, they will always be there. If it is statically linked and stripped, they may be missing.

has_internal_symbols ¤

has_internal_symbols() -> bool

Do we have internal library symbols?

If the library is dynamically linked, even if it is stripped it will retain its exported symbols (e.g. fscanf) because they are required for dynamic linking.

This funcions checks if the non-exported symbols (like __GI_exit, __run_exit_handlers, intitial) are also available.

Symbols are global variables and functions. Internal symbols also come with debug info.

has_debug_info ¤

has_debug_info() -> bool

Do we have debugging information like structure types?

filepath ¤

filepath() -> Path

The filepath of the libc shared object.

There may not be a backing file for this Path if we are remote debugging. If the program is statically linked this will return the path of the main objfile. This may have the same value as loader_filepath() for some libc's.

loader_filepath ¤

loader_filepath() -> Path

The filepath of the ld shared object.

There may not be a backing file for this Path if we are remote debugging. If the program is statically linked this will return the path of the main objfile. This may have the same value as filepath() for some libc's.

addr ¤

addr() -> int

The start load address of the libc shared object file.

If the program is statically linked this will return the address of the main objfile. May be the same as loader_addr() for some libc's.

loader_addr ¤

loader_addr() -> int

The start load address of the ld shared object file.

If the program is statically linked this will return the address of the main objfile. May be the same as addr() for some libc's.

section_by_name ¤

section_by_name(section_name: str) -> tuple[int, int, bytes] | None

Returns pwndbg.aglib.elf.section_by_name() for the libc shared object file.

section_address_by_name ¤

section_address_by_name(section_name: str) -> int

Get the start load address of the section section_name in the libc shared object file.

relocations_by_section_name ¤

relocations_by_section_name(section_name: str) -> tuple[Relocation, ...]

Returns pwndbg.aglib.elf.relocations_by_section_name() for the libc shared object file.

urls ¤

urls() -> LibcURLs

Get useful URLs regarding this libc implementation.

version ¤

version() -> tuple[int, ...]

Get the version of the libc implementation as a tuple.

If you are calling this, you must know exactly which libc is being used.

If the version couldn't be determined, (-1, -1) will be returned.