pwntools 1.1.0 → 1.2.0

data/lib/pwnlib/errors.rb

@@ -1,11 +1,12 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 module Pwnlib
   # Generic {Pwnlib} exception class.
   class Error < StandardError
   end
 
-  # Pnwlib Errors
+  # {Pwnlib} Errors.
   module Errors
     # Raised by some IO operations in tubes.
     class EndOfTubeError < ::Pwnlib::Error
@@ -23,7 +24,7 @@ module Pwnlib
     class TimeoutError < ::Pwnlib::Error
     end
 
-    # Raised when method doesn't support under current architecture.
+    # Raised when a method is not supported under current architecture.
     class UnsupportedArchError < ::Pwnlib::Error
     end
   end

data/lib/pwnlib/ext/array.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/ext/helper'
 require 'pwnlib/util/fiddling'
@@ -18,4 +19,4 @@ module Pwnlib
   end
 end
 
-::Array.public_send(:include, ::Pwnlib::Ext::Array::InstanceMethods)
+::Array.include ::Pwnlib::Ext::Array::InstanceMethods

data/lib/pwnlib/ext/helper.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 module Pwnlib
   module Ext
@@ -10,8 +11,8 @@ module Pwnlib
           .concat(m2.to_a)
           .each do |method, proxy_to|
             class_eval(<<-EOS, __FILE__, __LINE__ + 1)
-              def #{method}(*args, &block)
-              #{mod}.#{proxy_to}(self, *args, &block)
+              def #{method}(*args, **kwargs, &block)
+              #{mod}.#{proxy_to}(self, *args, **kwargs, &block)
               end
             EOS
           end

data/lib/pwnlib/ext/integer.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/ext/helper'
 require 'pwnlib/util/packing'
@@ -18,4 +19,4 @@ module Pwnlib
   end
 end
 
-::Integer.public_send(:include, ::Pwnlib::Ext::Integer::InstanceMethods)
+::Integer.include ::Pwnlib::Ext::Integer::InstanceMethods

data/lib/pwnlib/ext/string.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/ext/helper'
 require 'pwnlib/util/fiddling'
@@ -13,11 +14,11 @@ module Pwnlib
 
         def_proxy_method ::Pwnlib::Util::Packing, %w(unpack unpack_many u8 u16 u32 u64)
         def_proxy_method ::Pwnlib::Util::Fiddling, %w(
-          enhex unhex urlencode urldecode bits bits_str unbits bitswap b64e b64d
+          enhex unhex urlencode urldecode bits bits_str unbits bitswap b64e b64d xor
         )
       end
     end
   end
 end
 
-::String.public_send(:include, ::Pwnlib::Ext::String::InstanceMethods)
+::String.include ::Pwnlib::Ext::String::InstanceMethods

data/lib/pwnlib/logger.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'logger'
 
@@ -37,6 +38,19 @@ module Pwnlib
         @formatter = proc do |severity, _datetime, progname, msg|
           format("[%s] %s\n", Rainbow(progname || severity).color(SEV_COLOR[severity]), msg)
         end
+
+        # Cache the file content so we can modify the file when it's running.
+        # If the source is modified before the first call, parsing source file
+        # might still fail.
+        @source_of_file_cache = Hash.new do |h, key|
+          next if key.nil?
+
+          h[key] = IO.read(key)
+        end
+
+        # As a naive heuristic for the most common single file use case, adding
+        # the last file from the execution stack.
+        @source_of_file_cache[caller_locations.last.absolute_path]
       end
 
       # Log the message with indent.
@@ -47,6 +61,7 @@ module Pwnlib
       #   The severity of the message.
       def indented(message, level: DEBUG)
         return if @logdev.nil? || level < context.log_level
+
         @logdev.write(
           message.lines.map { |s| '    ' + s }.join + "\n"
         )
@@ -108,6 +123,7 @@ module Pwnlib
         severity = INFO
         # Don't invoke the block if it's unnecessary.
         return true if severity < context.log_level
+
         caller_ = caller_locations(1, 1).first
         src = source_of(caller_.absolute_path, caller_.lineno)
         results = args.empty? ? [[yield, source_of_block(src)]] : args.zip(source_of_args(src))
@@ -122,11 +138,12 @@ module Pwnlib
       def add(severity, message = nil, progname = nil)
         severity ||= UNKNOWN
         return true if severity < context.log_level
+
         super(severity, message, progname)
       end
 
       def source_of(path, line_number)
-        File.open(path) { |f| LoggerType.expression_at(f, line_number) }
+        LoggerType.expression_at(@source_of_file_cache[path], line_number)
       end
 
       # Find the content of block that invoked by log.dump { ... }.
@@ -168,6 +185,7 @@ module Pwnlib
         sexp = ::RubyParser.new.process(source)
         sexp = search_sexp(sexp, target)
         return nil if sexp.nil?
+
         yield sexp
       end
 
@@ -175,6 +193,7 @@ module Pwnlib
       def search_sexp(sexp, target)
         return nil unless sexp.is_a?(::Sexp)
         return sexp if match_sexp?(sexp, target)
+
         sexp.find do |e|
           f = search_sexp(e, target)
           break f if f
@@ -185,6 +204,7 @@ module Pwnlib
         target.zip(sexp.entries).all? do |t, s|
           next true if t.nil?
           next match_sexp?(s, t) if t.is_a?(Array)
+
           s == t
         end
       end

data/lib/pwnlib/memleak.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/util/packing'
 

data/lib/pwnlib/pwn.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 # require this file would also require all things in pwnlib, but would not pollute anything.
 
@@ -11,11 +12,12 @@ require 'pwnlib/elf/elf'
 require 'pwnlib/errors'
 require 'pwnlib/logger'
 require 'pwnlib/reg_sort'
+require 'pwnlib/runner'
 require 'pwnlib/shellcraft/shellcraft'
 require 'pwnlib/tubes/process'
 require 'pwnlib/tubes/serialtube'
 require 'pwnlib/tubes/sock'
-
+require 'pwnlib/ui'
 require 'pwnlib/util/cyclic'
 require 'pwnlib/util/fiddling'
 require 'pwnlib/util/getdents'
@@ -28,6 +30,8 @@ module Pwn
   include ::Pwnlib::Asm
   include ::Pwnlib::Context
   include ::Pwnlib::Logger
+  include ::Pwnlib::Runner
+  include ::Pwnlib::UI
   include ::Pwnlib::Util::Cyclic
   include ::Pwnlib::Util::Fiddling
   include ::Pwnlib::Util::HexDump

data/lib/pwnlib/reg_sort.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/context'
 require 'pwnlib/util/ruby'
@@ -70,6 +71,7 @@ module Pwnlib
         first_reg, val = list.shift
         # Special case for val.zero? because zeroify registers is cheaper than mov.
         next if list.empty? || all_regs.include?(val) || val.zero?
+
         list.each do |(reg, _)|
           hash[reg] = first_reg
           in_out.delete(reg)
@@ -87,11 +89,13 @@ module Pwnlib
       until deg.empty?
         min_deg = deg.min_by { |_, v| v }[1]
         break unless min_deg.zero? # remain are all cycles
+
         min_pivs = deg.select { |_, v| v == min_deg }
         piv = randomize ? min_pivs.sample : min_pivs.first
         dst = piv.first
         deg.delete(dst)
         next unless graph.key?(dst) # Reach an end node.
+
         deg[graph[dst]] -= 1
         result << ['mov', dst, graph[dst]]
         graph.delete(dst)
@@ -134,6 +138,7 @@ module Pwnlib
         return [] unless assignments.key?(target)
         # Found a cycle.
         return target == path.first ? path : [] if path.include?(target)
+
         check_cycle_(target, assignments, path)
       end
     end

data/lib/pwnlib/runner.rb

@@ -0,0 +1,53 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'fileutils'
+
+require 'pwnlib/asm'
+require 'pwnlib/tubes/process'
+
+module Pwnlib
+  # This module collects the methods for executing codes, e.g., assembly code, assembled machine code, etc.
+  module Runner
+    module_function
+
+    # Given an assembly listing, assemble and execute it.
+    #
+    # @param [String] assembly
+    #   Assembly code.
+    #
+    # @return [Pwnlib::Tubes::Process]
+    #   The tube for interacting.
+    #
+    # @see Runner.run_shellcode
+    def run_assembly(assembly)
+      run_shellcode(::Pwnlib::Asm.asm(assembly))
+    end
+
+    # Given assembled machine code bytes, execute them.
+    #
+    # @param [String] bytes
+    #   Assembled code.
+    #
+    # @return [Pwnlib::Tubes::Process]
+    #   The tube for interacting.
+    #
+    # @example
+    #   r = run_shellcode(asm(shellcraft.cat('/etc/passwd')))
+    #   r.interact
+    #   # [INFO] Switching to interactive mode
+    #   # root:x:0:0:root:/root:/bin/bash
+    #   # daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+    #   # bin:x:2:2:bin:/bin:/usr/sbin/nologin
+    #   # sys:x:3:3:sys:/dev:/usr/sbin/nologin
+    #   # sync:x:4:65534:sync:/bin:/bin/sync
+    #   # games:x:5:60:games:/usr/games:/usr/sbin/nologin
+    #   # [INFO] Got EOF in interactive mode
+    #   #=> true
+    def run_shellcode(bytes)
+      file = ::Pwnlib::Asm.make_elf(bytes, to_file: true)
+      at_exit { FileUtils.rm_f(file) if File.exist?(file) }
+      ::Pwnlib::Tubes::Process.new(file)
+    end
+  end
+end

data/lib/pwnlib/shellcraft/generators/amd64/common/common.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pwnlib/shellcraft/generators/helper'
 
 module Pwnlib

data/lib/pwnlib/shellcraft/generators/amd64/common/infloop.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 require 'pwnlib/shellcraft/generators/x86/common/infloop'

data/lib/pwnlib/shellcraft/generators/amd64/common/memcpy.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 require 'pwnlib/shellcraft/generators/amd64/common/setregs'
@@ -18,10 +19,13 @@ module Pwnlib
           #   Source to be copied.
           # @param [Integer] n
           #   The number of bytes to be copied.
+          #
+          # @example
+          #   shellcraft.memcpy('rax', 'rbx', 0x1000)
           def memcpy(dst, src, n)
             cat "/* memcpy(#{pretty(dst)}, #{pretty(src)}, #{pretty(n)}) */"
             cat 'cld'
-            cat Common.setregs(rdi: dst, rsi: src, rcx: n)
+            cat Common.setregs({ rdi: dst, rsi: src, rcx: n })
             cat 'rep movsb'
           end
         end

data/lib/pwnlib/shellcraft/generators/amd64/common/mov.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 
@@ -36,18 +37,21 @@ module Pwnlib
           #   #=> nil
           def mov(dst, src, stack_allowed: true)
             raise ArgumentError, "#{dst} is not a register" unless register?(dst)
+
             dst = get_register(dst)
             if register?(src)
               src = get_register(src)
               if dst.size < src.size && !dst.bigger.include?(src.name)
                 raise ArgumentError, "cannot mov #{dst}, #{src}: dst is smaller than src"
               end
+
               # Downgrade our register choice if possible.
               # Opcodes for operating on 32-bit registers are always (?) shorter.
               dst = get_register(dst.native32) if dst.size == 64 && src.size <= 32
             else
               context.local(arch: 'amd64') { src = evaluate(src) }
               raise ArgumentError, format('cannot mov %s, %d: dst is smaller than src', dst, src) unless dst.fits(src)
+
               orig_dst = dst
               dst = get_register(dst.native32) if dst.size == 64 && bits_required(src) <= 32
 

data/lib/pwnlib/shellcraft/generators/amd64/common/nop.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 
 module Pwnlib

data/lib/pwnlib/shellcraft/generators/amd64/common/popad.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 

data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 
@@ -27,6 +28,7 @@ module Pwnlib
             # This will not affect callee's +str+.
             str += "\x00" if append_null && !str.end_with?("\x00")
             return if str.empty?
+
             padding = str[-1].ord >= 128 ? "\xff" : "\x00"
             cat "/* push #{str.inspect} */"
             group(8, str, underfull_action: :fill, fill_value: padding).reverse_each do |word|
@@ -43,7 +45,7 @@ module Pwnlib
               elsif okay(word)
                 cat "mov rax, #{pretty(sign)}"
                 cat 'push rax'
-              elsif sign32 > 0 && word[4, 4] == "\x00" * 4
+              elsif sign32.positive? && word[4, 4] == "\x00" * 4
                 # The high 4 byte of word are all zeros, so we can use +xor dword ptr [rsp]+.
                 a = u32(xor_pair(word[0, 4]).first, endian: 'little', signed: true)
                 cat "push #{pretty(a)} ^ #{pretty(sign)}"

data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr_array.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 require 'pwnlib/shellcraft/generators/x86/common/pushstr_array'

data/lib/pwnlib/shellcraft/generators/amd64/common/ret.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 require 'pwnlib/shellcraft/generators/amd64/common/mov'

data/lib/pwnlib/shellcraft/generators/amd64/common/setregs.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/common/common'
 require 'pwnlib/shellcraft/generators/x86/common/setregs'
@@ -11,9 +12,9 @@ module Pwnlib
           # @overload setregs(reg_context, stack_allowed: true)
           #
           # @see Generators::X86::Common#setregs
-          def setregs(*args)
+          def setregs(*args, **kwargs)
             context.local(arch: :amd64) do
-              cat X86::Common.setregs(*args)
+              cat X86::Common.setregs(*args, **kwargs)
             end
           end
         end

data/lib/pwnlib/shellcraft/generators/amd64/linux/cat.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/linux/linux'
 require 'pwnlib/shellcraft/generators/x86/linux/cat'
@@ -11,9 +12,9 @@ module Pwnlib
           # @overload cat(filename, fd: 1)
           #
           # @see Generators::X86::Linux#cat
-          def cat(*args)
+          def cat(*args, **kwargs)
             context.local(arch: :amd64) do
-              cat X86::Linux.cat(*args)
+              cat X86::Linux.cat(*args, **kwargs)
             end
           end
         end

data/lib/pwnlib/shellcraft/generators/amd64/linux/execve.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/linux/linux'
 require 'pwnlib/shellcraft/generators/x86/linux/execve'

data/lib/pwnlib/shellcraft/generators/amd64/linux/exit.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/shellcraft/generators/amd64/linux/linux'
 require 'pwnlib/shellcraft/generators/x86/linux/exit'