Last active
September 11, 2022 21:26
-
-
Save mmkhitaryan/50ba3cc942100e1a1dc9eec6c364c480 to your computer and use it in GitHub Desktop.
Bug in r2pipe?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # r2 /bin/ls | |
| # . ./run_in_r2.py | |
| # 1 | |
| # 2 | |
| # ... 1000+ | |
| import r2pipe | |
| r = r2pipe.open() | |
| FILE_NAME = "README" | |
| r.cmd('ood') | |
| r.cmd('aaa') | |
| all_imports = r.cmdj('iaj') | |
| for r2_import in all_imports["imports"]: | |
| if r2_import["name"]=="opendir": | |
| opendir_pointer = r2_import["plt"] | |
| last_pointer = '' | |
| r.cmd(f'dcu {opendir_pointer}') | |
| # there is no way to stop loop | |
| done = False | |
| counter = 0 | |
| while not done: | |
| poiner_from_stack = str(r.cmdj('pxqj 8 @rsp')[0]) | |
| # skip same pointer | |
| if last_pointer == poiner_from_stack: | |
| counter+=1 | |
| print(counter) | |
| if last_pointer != poiner_from_stack: | |
| heap_read = r.cmd(f'prx 1024 @ {poiner_from_stack}') | |
| if FILE_NAME in heap_read: | |
| print(heap_read) | |
| done = True | |
| last_pointer = poiner_from_stack | |
| r.cmd('ds') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # python run_without_r2.py | |
| # 1 | |
| # 2 | |
| # ... | |
| # 326 | |
| import r2pipe | |
| r = r2pipe.open('/bin/ls') | |
| FILE_NAME = "README" | |
| r.cmd('ood') | |
| r.cmd('aaa') | |
| all_imports = r.cmdj('iaj') | |
| for r2_import in all_imports["imports"]: | |
| if r2_import["name"]=="opendir": | |
| opendir_pointer = r2_import["plt"] | |
| last_pointer = '' | |
| r.cmd(f'dcu {opendir_pointer}') | |
| # there is no way to stop loop | |
| done = False | |
| counter = 0 | |
| while not done: | |
| poiner_from_stack = str(r.cmdj('pxqj 8 @rsp')[0]) | |
| # skip same pointer | |
| if last_pointer == poiner_from_stack: | |
| counter+=1 | |
| print(counter) | |
| if last_pointer != poiner_from_stack: | |
| heap_read = r.cmd(f'prx 1024 @ {poiner_from_stack}') | |
| if FILE_NAME in heap_read: | |
| print(heap_read) | |
| done = True | |
| last_pointer = poiner_from_stack | |
| r.cmd('ds') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment