Skip to content

onegadget ¤

Classes:

Functions:

Attributes:

ADDRESS_WRITABLE_PATTERN module-attribute ¤

ADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')

WRITABLE_COLON_PATTERN module-attribute ¤

WRITABLE_COLON_PATTERN = compile('writable: (.*)')

EQUAL_NULL_PATTERN module-attribute ¤

EQUAL_NULL_PATTERN = compile('(.*) == NULL')

VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN module-attribute ¤

VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')

VALID_ARGV_PATTERN module-attribute ¤

VALID_ARGV_PATTERN = compile('(.+) is a valid argv')

VALID_ENVP_PATTERN module-attribute ¤

VALID_ENVP_PATTERN = compile('(.+) is a valid envp')

IS_ALIGNED_PATTERN module-attribute ¤

IS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\d+)')

IS_GOT_ADDRESS_PATTERN module-attribute ¤

IS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')

CAST_PATTERN module-attribute ¤

CAST_PATTERN = compile('^\\([s|u]\\d+\\)')

XMM_SHIFT module-attribute ¤

XMM_SHIFT = ' >> '

CONSTRAINT_SEPARATOR module-attribute ¤

CONSTRAINT_SEPARATOR = ' || '

CAST_DEREF_MAPPING module-attribute ¤

CAST_DEREF_MAPPING = {
    "(u16)": u16,
    "(s16)": s16,
    "(u32)": u32,
    "(s32)": s32,
    "(u64)": u64,
    "(s64)": s64,
}

CAST_MAPPING module-attribute ¤

CAST_MAPPING = {
    "(u16)": lambda x: value,
    "(s16)": lambda x: value,
    "(u32)": lambda x: value,
    "(s32)": lambda x: value,
    "(u64)": lambda x: value,
    "(s64)": lambda x: value,
}

ONEGADGET_COLOR module-attribute ¤

ONEGADGET_COLOR = {
    "light_green": lambda x: colorize(x, "\x1b[38;5;82m"),
    "light_purple": lambda x: colorize(x, "\x1b[38;5;153m"),
}

ONEGADGET_CACHEDIR module-attribute ¤

ONEGADGET_CACHEDIR = cachedir('onegadget')

SAT module-attribute ¤

SAT = SAT

UNSAT module-attribute ¤

UNSAT = UNSAT

UNKNOWN module-attribute ¤

UNKNOWN = UNKNOWN

CheckSatResult ¤

Bases: Enum

Methods:

Attributes:

SAT class-attribute instance-attribute ¤

SAT = 1

UNSAT class-attribute instance-attribute ¤

UNSAT = 0

UNKNOWN class-attribute instance-attribute ¤

UNKNOWN = -1

__str__ ¤

__str__() -> str

__and__ ¤

__and__(other: CheckSatResult) -> CheckSatResult

__or__ ¤

__or__(other: CheckSatResult) -> CheckSatResult

Lambda ¤

Lambda(obj: str | Lambda)

Modified from onegadget's Lambda class

https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13

Methods:

Attributes:

immi instance-attribute ¤

immi = 0

obj instance-attribute ¤

obj = obj

deref_count instance-attribute ¤

deref_count = 0

gdb_expr property ¤

gdb_expr: str

color_str property ¤

color_str: str

__add__ ¤

__add__(other: int) -> Lambda

__sub__ ¤

__sub__(other: int) -> Lambda

__str__ ¤

__str__() -> str

__repr__ ¤

__repr__() -> str

deref ¤

deref() -> Lambda

deref_ ¤

deref_() -> None

ref ¤

ref() -> Lambda

evaluate ¤

evaluate(context: dict[Any, Any]) -> int | Lambda

parse staticmethod ¤

parse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda

mem_obj staticmethod ¤

mem_obj(arg: str) -> tuple[str, int]

colorize_reg ¤

colorize_reg(x: object) -> str

colorize_integer ¤

colorize_integer(x: object) -> str

colorize_psuedo_code ¤

colorize_psuedo_code(code: str) -> str

Colorize the pseudo code of onegadget

compute_file_hash ¤

compute_file_hash(filename: str) -> str

Compute the MD5 hash of the file, return the hash

run_onegadget ¤

run_onegadget() -> str

Run onegadget and return the output

parse_expression ¤

parse_expression(expr: str) -> tuple[int | None, str, str | None]

Parse expression, return the result, colorized string and error message

check_stack_argv ¤

check_stack_argv(expr: str) -> tuple[CheckSatResult, str]

Check argv that's on the stack, return the result and the message

check_non_stack_argv ¤

check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]

Check argv that's not on the stack, return the result and the message

check_argv ¤

check_argv(expr: str) -> tuple[CheckSatResult, str]

Check argv, return the result and the message

check_envp ¤

check_envp(expr: str) -> tuple[bool, str]

Check envp, return the result and the message

check_constraint ¤

check_constraint(constraint: str) -> tuple[CheckSatResult, str]

Parse constraint, return the result and the message

check_gadget ¤

check_gadget(
    gadget: str,
    show_unsat: bool = False,
    no_unknown: bool = False,
    verbose: bool = False,
) -> CheckSatResult

Check status of each gadget, return the gadget's status

find_gadgets ¤

find_gadgets(
    show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False
) -> dict[CheckSatResult, int]

Find gadgets by parsing the output of onegadget, return there's any valid gadget