Skip to content

Onegadget

ADDRESS_WRITABLE_PATTERN = re.compile('address(?:es)? (.*) (?:is|are) writable') module-attribute

CAST_DEREF_MAPPING = {'(u16)': pwndbg.aglib.memory.u16, '(s16)': pwndbg.aglib.memory.s16, '(u32)': pwndbg.aglib.memory.u32, '(s32)': pwndbg.aglib.memory.s32, '(u64)': pwndbg.aglib.memory.u64, '(s64)': pwndbg.aglib.memory.s64} module-attribute

CAST_MAPPING = {'(u16)': lambda x: ctypes.c_uint16(x).value, '(s16)': lambda x: ctypes.c_int16(x).value, '(u32)': lambda x: ctypes.c_uint32(x).value, '(s32)': lambda x: ctypes.c_int32(x).value, '(u64)': lambda x: ctypes.c_uint64(x).value, '(s64)': lambda x: ctypes.c_int64(x).value} module-attribute

CAST_PATTERN = re.compile('^\\([s|u]\\d+\\)') module-attribute

CONSTRAINT_SEPARATOR = ' || ' module-attribute

EQUAL_NULL_PATTERN = re.compile('(.*) == NULL') module-attribute

IS_ALIGNED_PATTERN = re.compile('(.+) & 0xf == (\\d+)') module-attribute

IS_GOT_ADDRESS_PATTERN = re.compile('(.+) is the GOT address of libc') module-attribute

ONEGADGET_CACHEDIR = pwndbg.lib.tempfile.cachedir('onegadget') module-attribute

ONEGADGET_COLOR = {'light_green': lambda x: colorize(x, '\x1b[38;5;82m'), 'light_purple': lambda x: colorize(x, '\x1b[38;5;153m')} module-attribute

SAT = CheckSatResult.SAT module-attribute

UNKNOWN = CheckSatResult.UNKNOWN module-attribute

UNSAT = CheckSatResult.UNSAT module-attribute

VALID_ARGV_PATTERN = re.compile('(.+) is a valid argv') module-attribute

VALID_ENVP_PATTERN = re.compile('(.+) is a valid envp') module-attribute

VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = re.compile('(.*) <= 0') module-attribute

WRITABLE_COLON_PATTERN = re.compile('writable: (.*)') module-attribute

XMM_SHIFT = ' >> ' module-attribute

CheckSatResult

Bases: Enum

SAT = 1 class-attribute instance-attribute

UNKNOWN = -1 class-attribute instance-attribute

UNSAT = 0 class-attribute instance-attribute

__and__(other)

__or__(other)

__str__()

Lambda

Modified from onegadget's Lambda class

https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13

color_str: str property

deref_count = 0 instance-attribute

gdb_expr: str property

immi = 0 instance-attribute

obj = obj instance-attribute

__add__(other)

__init__(obj)

__repr__()

__str__()

__sub__(other)

deref()

deref_()

evaluate(context)

mem_obj(arg) staticmethod

parse(argument, predefined={}) staticmethod

ref()

check_argv(expr)

Check argv, return the result and the message

check_constraint(constraint)

Parse constraint, return the result and the message

check_envp(expr)

Check envp, return the result and the message

check_gadget(gadget, show_unsat=False, no_unknown=False, verbose=False)

Check status of each gadget, return the gadget's status

check_non_stack_argv(expr)

Check argv that's not on the stack, return the result and the message

check_stack_argv(expr)

Check argv that's on the stack, return the result and the message

colorize_integer(x)

colorize_psuedo_code(code)

Colorize the pseudo code of onegadget

colorize_reg(x)

compute_file_hash(filename)

Compute the MD5 hash of the file, return the hash

find_gadgets(show_unsat=False, no_unknown=False, verbose=False)

Find gadgets by parsing the output of onegadget, return there's any valid gadget

parse_expression(expr)

Parse expression, return the result, colorized string and error message

run_onegadget()

Run onegadget and return the output