search

Gallopsled / pwntools

CTF framework and exploit development library
http://pwntools.com
Other
11.99k stars 1.7k forks source link

FIX: Getting right amount of data for search fix #2281

Closed gordiig closed 1 year ago

gordiig commented 1 year ago

PR for #2266 and #2269

Description

As far as I researched ELF and your code, memory layout is looking something like this:


                                                            +-----------------------+
                                                            |         zeroes        | 
      |-----------------------------------------------------|-----------------------|
p_vaddr                                             p_vaddr + p_filesz      p_vaddr + p_memsz

If it is true, you are reading more data than needed ([offset:offset+memsz] instead of [offset:offset+filesz]).

peace-maker commented 1 year ago

Hm, looking at your readelf output in https://github.com/Gallopsled/pwntools/issues/2266#issuecomment-1717766054, there are multiple segments with the same file offset but different virtual addresses and page flags, but only one of them is actually captured in the core dump file. What I'm wondering is if those addresses were actually valid and were really mapped to the same memory? Then this info of finding the needle in an executable section is important if you e.g. look for some gadget and the lookup using core.string(addr) might be misleading?

I'll try to replicate your setup and debug a bit.