autorop.bof package

Submodules

autorop.bof.Corefile module

class autorop.bof.Corefile.Corefile[source]

Bases: autorop.toplevel.Pipe.Pipe

__call__(state)[source]

Transform the given PwnState to have a buffer overflow overwriter.

Parameters

state (PwnState) –

The current PwnState with the following set

  • binary_name: Path to binary.

  • bof_ret_offset: (optional) If not None, skips corefile generation step.

  • overwriter: Function which writes rop chain to the “right place”.

Return type

PwnState

Returns

Mutated PwnState, with the following updated

  • bof_ret_offset: Updated if it was not set before.

  • overwriter: Now calls the previous overwriter but with bof_ret_offset padding bytes prepended to the data given, and reading the same number of lines as were observed at the crash.

__init__()[source]

Find offset to the return address via buffer overflow using corefile.

This pipe not only finds the offset from the input to the return address on the stack, but also sets state.overwriter to be a function that correctly overwrites starting at the return address.

You can avoid active corefile generation by setting state.bof_ret_offset yourself - in this case, the state.overwriter is set appropriately.

Module contents