context.cyclic_size doesn't update when using context.binary = ELF('./prog')

Gallopsled / pwntools

CTF framework and exploit development library

http://pwntools.com

Other

11.98k stars 1.7k forks source link

context.cyclic_size doesn't update when using context.binary = ELF('./prog') #2407

Closed mosheDO closed 3 months ago

mosheDO commented 4 months ago

when using context.binary it changes the context.bit from 4 to 8 in case the binary is 64 bit but the context.cyclic_size doesn't change from 4 to 8 as will in my opinion this is a bug

In [1]: from pwn import *

In [2]: context.cyclic_size
Out[2]: 4

In [3]: context.bits
Out[3]: 32

In [4]: context.binary = ELF('./task_patched', checksec=False)

In [5]: context.cyclic_size
Out[5]: 4

In [6]: context.bits
Out[6]: 64

Adding the code here should help self.cyclic_size = binary.bytes

Arusekk commented 3 months ago

This is not a bug. cyclic_size is deliberately fixed at 4, because in some cases even on 64-bit systems you only get 32-bit leaks. You can still change it manually if you for some reason need payloads longer than 456976 bytes.

mosheDO commented 3 months ago

because in some cases even on 64-bit systems you only get 32-bit leaks.

Can you please elaborate?

Arusekk commented 3 months ago

For example, on amd64 most of the instructions operating on 32-bit numbers are shorter than their full 64-bit counterparts, and therefore preferred by compilers when upper 32 bits are not relevant; and before the value gets to the place of use, it might undergo such clobbering. Thank you for taking the time to report this.