RubyGems - heapinfo - Versions diffs - 0.0.3 → 0.0.4 - Mend

heapinfo 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e90a4db825f5e6b53989edc82441a0800d13aaa7
-  data.tar.gz: f638662fb165a7c884c5427b378cfac091ebe83a
+  metadata.gz: 3afc942b75cd48a72f4d699b68423d2b6e23ff01
+  data.tar.gz: 69bbf96563700cdf3275b680229f65c6ba20e8e5
 SHA512:
-  metadata.gz: f2356a124a5a9480e2e170f6abb2ee782f671734d4e7edbe2f15f47f690609a40580ac1d3d8f027342d03a82901c996b32d9dc21dccb4473105f027814149503
-  data.tar.gz: 3e3df55aca650bf6c8277185afdf56bb3f9c4e3ded9ec444af64f6159302aa9eb5d001da0f3f7dac82d174348c5e8af5b4340abfa1a5cca6f205a7936fa640b0
+  metadata.gz: c3cceb98b2e06f7c02a6ce16c9d9322de0a554742a213aeb26e8e7dce945fb35f9e425cf2e316e9317128df0ef061317c57fbcf449842888c9a35886c6549783
+  data.tar.gz: b1285f36856258f0834707b54252cc2989050fc72f99a9ebead0fadc565ab10e0e090fe03bbd42bb1c3ebd6e52c293ea1ef49e237451dcc81f33d43d9f5f30ac

data/lib/heapinfo/arena.rb CHANGED

@@ -35,7 +35,10 @@ module HeapInfo
       return self if top_ptr == 0 # arena not init yet
       @top_chunk = Chunk.new size_t, top_ptr, @dumper
       @last_remainder = Chunk.new size_t, top_ptr_offset + 8, @dumper
-      @system_mem = Helper.unpack(size_t, @dumper.call(top_ptr_offset + 258 * size_t + 16, size_t))
+      # this offset diff after 2.23
+      @system_mem = 2.times.map do |off|
+        Helper.unpack(size_t, @dumper.call(top_ptr_offset + 258 * size_t + 16 + off * size_t, size_t))
+      end.find { |val| val >= 0x21000 and (val & 0xfff) == 0 }
       @fastbin = Array.new(7) do |idx|
         f = Fastbin.new(size_t, @base + 8 - size_t * 2 + size_t * idx, @dumper, head: true)
         f.index = idx

data/lib/heapinfo/version.rb CHANGED

@@ -1,3 +1,3 @@
 module HeapInfo
-  VERSION = '0.0.3'.freeze
+  VERSION = '0.0.4'.freeze
 end

data/spec/dumper_spec.rb CHANGED

@@ -1,17 +1,31 @@
 # encoding: ascii-8bit
 require 'heapinfo'
 describe HeapInfo::Dumper do
+  before(:all) do
+    @self_maps = IO.binread('/proc/self/maps').lines.map do |seg|
+      s = seg.split(/\s/)
+      s[0] = s[0].split('-').map { |addr| addr.to_i(16) }
+      [s[0][0], s[0][1], s[1], s[-1]] # start, end, perm, name
+    end
+    @get_elf_base = ->() do
+      exe = File.readlink('/proc/self/exe')
+      @self_maps.find { |arr| arr[3] == exe }[0]
+    end
+  end
   describe 'dump' do
     before(:each) do
       @mem_filename = '/proc/self/mem'
+      @elf_base = @get_elf_base.call
     end
     it 'simple' do
       dumper = HeapInfo::Dumper.new(nil, @mem_filename)
-      expect(dumper.dump(0x400000, 4)).to eq "\x7fELF"
+      expect(dumper.dump(@elf_base, 4)).to eq "\x7fELF"
     end
     it 'segment' do
-      class S;def elf; HeapInfo::Segment.new(0x400000, 'elf'); end; end
-      dumper = HeapInfo::Dumper.new(S.new, @mem_filename)
+      class S;def initialize(base);@base = base;end; def elf; HeapInfo::Segment.new(@base, 'elf'); end; end
+      dumper = HeapInfo::Dumper.new(S.new(@elf_base), @mem_filename)
       expect(dumper.dump(:elf, 4)).to eq "\x7fELF"
     end
     it 'invalid' do
@@ -34,26 +48,33 @@ describe HeapInfo::Dumper do
   describe 'find' do
     before(:all) do
-      class S;def elf; HeapInfo::Segment.new(0x400000, ''); end; def bits; 64; end; end
-      @dumper = HeapInfo::Dumper.new(S.new, '/proc/self/mem')
+      @elf_base = @get_elf_base.call
+      class S; def bits; 64; end; end
+      @dumper = HeapInfo::Dumper.new(S.new(@elf_base), '/proc/self/mem')
+      @end_of_maps = ->() do
+        @self_maps.find.with_index do |seg, i|
+          seg[2].include?('r') and seg[1] != @self_maps[i][0] # incontinuously segment
+        end[1]
+      end
     end
     it 'simple' do
-      expect(@dumper.find("ELF", :elf, 4)).to eq 0x400001
+      expect(@dumper.find("ELF", :elf, 4)).to eq @elf_base + 1
       expect(@dumper.find("ELF", :elf, 3)).to be nil
     end
     it 'regexp' do
-      addr = @dumper.find(/ru.y/, :elf, 0x1000)
-      expect(@dumper.dump(addr, 4) =~ /ru.y/).to eq 0
+      addr = @dumper.find(/lin.x/, :elf, 0x1000)
+      expect(@dumper.dump(addr, 5) =~ /lin.x/).to eq 0
     end
     it 'invalid' do
       expect(@dumper.find(nil, :elf, 1)).to be nil
     end
     it 'parser' do
-      expect(@dumper.find("ELF", ':elf + 1', 3)).to eq 0x400001
+      expect(@dumper.find("ELF", ':elf + 1', 3)).to eq @elf_base + 1
     end
     it 'reach end' do
+      mem = @end_of_maps.call
       # check dumper won't return nil when remain readable memory less than one page
-      expect(@dumper.find("\x00", 0x601010, 0x1000).nil?).to be false
+      expect(@dumper.find("\x00", mem - 0xff0, 0x1000).nil?).to be false
     end
   end

data/spec/files/victim.cpp CHANGED

@@ -28,5 +28,6 @@ int main(int argc, char **argv) {
   v = malloc(152); // let 136 put into smallbin
   malloc(200); // to prevent merge with top_chunk
   free(v); // put into unsorted bin
-  scanf("%*c");
+  char dummy;
+  read(0, &dummy, 1); // function which not use heap
 }

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: heapinfo
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - david942j
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-20 00:00:00.000000000 Z
+date: 2016-12-28 00:00:00.000000000 Z
 dependencies: []
 description: create an interactive memory info interface while pwn / exploiting
 email: