Skip to content

Commit

Permalink
Add executable= argument to ELF.search (#1576)
Browse files Browse the repository at this point in the history
* Add `executable=` argument like `writable=` to ELF.search

* Add doctest using ELF.search with `executable = True`

* Fix `__next__()` issue.
  • Loading branch information
saullocarvalho authored Jun 11, 2020
1 parent f1628b8 commit a0eeb30
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions pwnlib/elf/elf.py
Original file line number Diff line number Diff line change
Expand Up @@ -1115,8 +1115,8 @@ def libc_start_main_return(self):
return_from_main = int(return_from_main[ : return_from_main.index(':') ], 16)
return return_from_main

def search(self, needle, writable = False):
"""search(needle, writable = False) -> generator
def search(self, needle, writable = False, executable = False):
"""search(needle, writable = False, executable = False) -> generator
Search the ELF's virtual address space for the specified string.
Expand All @@ -1129,6 +1129,7 @@ def search(self, needle, writable = False):
Arguments:
needle(str): String to search for.
writable(bool): Search only writable sections.
executable(bool): Search only executable sections.
Yields:
An iterator for each virtual address that matches.
Expand All @@ -1146,11 +1147,20 @@ def search(self, needle, writable = False):
>>> len(list(bash.search(b'GNU bash'))) > 0
True
It is also possible to search for instructions in executable sections.
>>> binary = ELF.from_assembly('nop; mov eax, 0; jmp esp; ret')
>>> jmp_addr = next(binary.search(asm('jmp esp'), executable = True))
>>> binary.read(jmp_addr, 2) == asm('jmp esp')
True
"""
load_address_fixup = (self.address - self.load_addr)

if writable:
segments = self.writable_segments
elif executable:
segments = self.executable_segments
else:
segments = self.segments

Expand Down

0 comments on commit a0eeb30

Please sign in to comment.