search

Gallopsled / pwntools

CTF framework and exploit development library
http://pwntools.com
Other
11.92k stars 1.69k forks source link

ELF.plt['unlink'] is wrong for the provided binary #2453

Open cq674350529 opened 1 week ago

cq674350529 commented 1 week ago

Description

When tried to get the plt information from init elf with pwntools, it outputed the wrong address for some functions.

In [1]: from pwn import ELF

In [2]: init_elf = ELF("./init")

In [3]: hex(init_elf.plt["unlink"])
Out[3]: '0x42138'

Take the unlink function as an example, the outputed plt address is 0x42138. However, it's 0x41B60 shown in IDA Pro.

image

I tested it on the following environment:

The binary information are as follows, and added as an attachment below.

$ file ./init 
./init: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, BuildID[sha1]=b3444afb3a4dc34e2798e7d89505c1061b57683a, for GNU/Linux 3.2.0, stripped

init.zip

tesuji commented 1 week ago

pwntools on my ubuntu machine cannot load plt in your file. Radare validates that unlink.plt is at 0x00041b60

> uv pip list| grep pwn
pwntools           4.13.0
> python
>>> from pwn import *
>>> exe = ELF('./init', checksec=False)
[!] Could not populate PLT: No module named 'pkg_resources'
>>> hex(exe.sym.unlink)
'0x41b60'
cq674350529 commented 6 days ago

Thanks, exe.sym.unlink or exe.symbols["unlink"] works well, I may use this instead.