Closed bladechen closed 7 years ago
This is caused by the dd docstring of pwn containing null characters that are not escaped. Vim cannot handle such characters from Python. I've sent a PR to fix the docstring on pwn repository. I don't think we can easily fix it on our side. Maybe Vim should be able to convert the null character?
thank you~
import pwn when i type 'pwn.'
it triggers following:
ycm_state.GetCompletions() Error detected while processing function youcompleteme#Complete[22]..106_Pyeval:
line 7:
E859: Failed to convert returned python object to vim value
Press ENTER or type command to continue
def GetCompletions( self ): request = self.GetCurrentCompletionRequest() request.Start() while not request.Done(): try: if vimsupport.GetBoolValue( 'complete_check()' ): return { 'words' : [], 'refresh' : 'always' }
except KeyboardInterrupt: return { 'words' : [], 'refresh' : 'always' }
results = base.AdjustCandidateInsertionText( request.Response() ) fd = open ('/tmp/1', 'w+') fd.write(str(results))
return { 'words' : results, 'refresh' : 'always' }
I try to figure out it, by adding output file. which cause pyeval error.
cat /tmp/1
[{u'dup': 1, u'menu': u'function: misc.align', u'info': u'align(alignment, x)\n\nalign(alignment, x) -> int\n\nRounds\n0x0014: \'faaa\' \n0x0018: 0x10001234 funcname(3)\n0x001c: 0x10000007 <adjust: pop eax; ret>\n0x0020: 0x3 arg0\n0x0024: 0x10000007 pop eax; ret\n0x0028: 0x77\n0x002c: 0x10000000 int 0x80\n0x0030: 0x0 gs\n0x0034: 0x0 fs\n0x0038: 0x0 es\n0x003c: 0x0 ds\n0x0040: 0x0 edi\n0x0044: 0x0 esi\n0x0048: 0x0 ebp\n0x004c: 0x0 esp\n0x0050: 0x4 ebx\n0x0054: 0x6 edx\n0x0058: 0x5 ecx\n0x005c: 0xb eax\n0x0060: 0x0 trapno\n0x0064: 0x0 err\n0x0068: 0x10000000 int 0x80\n0x006c: 0x23 cs\n0x0070: 0x0 eflags\n0x0074: 0x0 esp_at_signal\n0x0078: 0x2b ss\n0x007c: 0x0 fpstate\n\n>>> r = ROP(e, 0x8048000)\n>>> r.funcname(1, 2)\n>>> r.funcname(3)\n>>> r.execve(4, 5, 6)\n>>> print r.dump()\n0x8048000: 0x10001234 funcname(1, 2)\n0x8048004: 0x10000003 <adjust: add esp, 0x10; ret>\n0x8048008: 0x1 arg0\n0x804800c: 0x2 arg1\n0x8048010: \'eaaa\' \n0x8048014: \'faaa\' \n0x8048018: 0x10001234 funcname(3)\n0x804801c: 0x10000007 <adjust: pop eax; ret>\n0x8048020: 0x3 arg0\n0x8048024: 0x10000007 pop eax; ret\n0x8048028: 0x77\n0x804802c: 0x10000000 int 0x80\n0x8048030: 0x0 gs\n0x8048034: 0x0 fs\n0x8048038: 0x0 es\n0x804803c: 0x0 ds\n0x8048040: 0x0 edi\n0x8048044: 0x0 esi\n0x8048048: 0x0 ebp\n0x804804c: 0x8048080 esp\n0x8048050: 0x4 ebx\n0x8048054: 0x6 edx\n0x8048058: 0x5 ecx\n0x804805c: 0xb eax\n0x8048060: 0x0 trapno\n0x8048064: 0x0 err\n0x8048068: 0x10000000 int 0x80\n0x804806c: 0x23 cs\n0x8048070: 0x0 eflags\n0x8048074: 0x0 esp_at_signal\n0x8048078: 0x2b ss\n0x804807c: 0x0 fpstate', u'word': u'ROP', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.ror', u'info': u'ror(n, k, word_size = None)\n\nA simple wrapper around :func: kw)\n\nGiven assembled machine code bytes, execute them.\n\nExample:\n\n >>> bytes = asm('mov ebx, 3; mov eax, SYS_exit; int 0x80;')\n >>> p = run_shellcode(bytes)\n >>> p.wait_for_close()\n >>> p.poll()\n 3\n\n >>> bytes = asm('mov r0, #12; mov r7, #1; svc #0', arch='arm')\n >>> p = run_shellcode(bytes, arch='arm')\n >>> p.wait_for_close()\n >>> p.poll()\n 12", u'word': u'run_shellcode', u'empty': 1}, {u'dup': 1, u'menu': u'function: runner.run_shellcode_exitcode', u'info': u"run_shellcode_exitcode(bytes)\n\nGiven assembled machine code bytes, execute them, and wait for\nthe process to die.\n\nReturns:\n\n The exit code of the process.\n\nExample:\n\n >>> bytes = asm('mov ebx, 3; mov eax, SYS_exit; int 0x80;')\n >>> run_shellcode_exitcode(bytes)\n 3", u'word': u'run_shellcode_exitcode', u'empty': 1}, {u'dup': 1, u'menu': u"statement: rv_doc = {'p': 'The packed number as a string',\n 'u': 'The unpacked number'}", u'word': u'rv_doc', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib.util.safeeval', u'word': u'safeeval', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.scramble', u'info': u'scramble(raw_bytes, a, kw)\n\nscramble(raw_bytes) -> str\n\nEncodes the input data with a random encoder.\n\nAccepts the same arguments as :func:
x
up to nearest multiple of thealignment
.\n\nExample:\n >>> [align(5, n) for n in range(15)]\n [0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15]', u'word': u'align', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.align_down', u'info': u'align_down(alignment, x)\n\nalign_down(alignment, x) -> int\n\nRoundsx
down to nearest multiple of thealignment
.\n\nExample:\n >>> [align_down(5, n) for n in range(15)]\n [0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10]', u'word': u'align_down', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.alphanumeric', u'info': u'alphanumeric(raw_bytes, *a, kw)\n\nalphanumeric(raw_bytes) -> str\n\nEncode the shellcoderaw_bytes
such that it does not\ncontain any bytes except for [A-Za-z0-9].\n\nAccepts the same arguments as :func:encode
.', u'word': u'alphanumeric', u'empty': 1}, {u'dup': 1, u'menu': u'module: amd64', u'word': u'amd64', u'empty': 1}, {u'dup': 1, u'menu': u"statement: arg_doc = {'p': 'number (int): Number to convert',\n 'u': 'data (str): String to convert'}", u'word': u'arg_doc', u'empty': 1}, {u'dup': 1, u'menu': u'statement: args = pwnlib.args.args', u'word': u'args', u'empty': 1}, {u'dup': 1, u'menu': u'module: arm', u'word': u'arm', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.asm', u'info': u'asm(shellcode, vma = 0, extract = True, shared = False)\n\nasm(code, vma = 0, extract = True, ...) -> str\n\nRuns :func:cpp
over a given shellcode and then assembles it into bytes.\n\nTo see which architectures or operating systems are supported,\nlook in :mod:pwnlib.contex
.\n\nTo support all these architecture, we bundle the GNU assembler\nand objcopy with pwntools.\n\nArguments:\n shellcode(str): Assembler code to assemble.\n vma(int): Virtual memory address of the beginning of assembly\n extract(bool): Extract the raw assembly bytes from the assembled\n file. IfFalse
, returns the path to an ELF file\n with the assembly embedded.\n\nKwargs:\n Any arguments/properties that can be set oncontext
\n\nExamples:\n\n .. doctest::\n\n >>> asm("mov eax, SYS_select", arch = \'i386\', os = \'freebsd\')\n \'\xb8]\x00\x00\x00\'\n >>> asm("mov eax, SYS_select", arch = \'amd64\', os = \'linux\')\n \'\xb8\x17\x00\x00\x00\'\n >>> asm("mov rax, SYS_select", arch = \'amd64\', os = \'linux\')\n \'H\xc7\xc0\x17\x00\x00\x00\'\n >>> asm("mov r0, #SYS_select", arch = \'arm\', os = \'linux\', bits=32)\n \'R\x00\xa0\xe3\'', u'word': u'asm', u'empty': 1}, {u'dup': 1, u'menu': u'module: atexit', u'word': u'atexit', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.b64d', u'info': u"b64d(s)\n\nb64d(s) -> str\n\nBase64 decodes a string\n\nExample:\n\n >>> b64d('dGVzdA==')\n 'test'", u'word': u'b64d', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.b64e', u'info': u'b64e(s)\n\nb64e(s) -> str\n\nBase64 encodes a string\n\nExample:\n\n >>> b64e("test")\n \'dGVzdA==\'\n ', u'word': u'b64e', u'empty': 1}, {u'dup': 1, u'menu': u'module: base64', u'word': u'base64', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.binary_ip', u'info': u'binary_ip(host)\n\nbinary_ip(host) -> str\n\nResolve host and return IP as four byte string.\n\nExample:\n >>> binary_ip("127.0.0.1")\n \'\x7f\x00\x00\x01\'', u'word': u'binary_ip', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.util.crc.BitPolynom', u'info': u'BitPolynom(self, n)\n\nClass for representing GF(2)[X], i.e. the field of polynomials over\nGF(2).\n\nIn practice the polynomials are represented as numbers such that `xn\ncorresponds to
1 << n. In this representation calculations are easy: Just\ndo everything as normal, but forget about everything the carries.\n\nAddition becomes xor and multiplication becomes carry-less multiplication.\n\nExamples:\n\n >>> p1 = BitPolynom("x**3 + x + 1")\n >>> p1\n BitPolynom(\'x**3 + x + 1\')\n >>> int(p1)\n 11\n >>> p1 == BitPolynom(11)\n True\n >>> p2 = BitPolynom("x**2 + x + 1")\n >>> p1 + p2\n BitPolynom(\'x**3 + x**2\')\n >>> p1 * p2\n BitPolynom(\'x**5 + x**4 + 1\')\n >>> p1 / p2\n BitPolynom(\'x + 1\')\n >>> p1 % p2\n BitPolynom(\'x\')\n >>> d, r = divmod(p1, p2)\n >>> d * p2 + r == p1\n True\n >>> BitPolynom(-1)\n Traceback (most recent call last):\n ...\n ValueError: Polynomials cannot be negative: -1\n >>> BitPolynom(\'y\')\n Traceback (most recent call last):\n ...\n ValueError: Not a valid polynomial: y', u'word': u'BitPolynom', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.bits', u'info': u'bits(s, endian = \'big\', zero = 0, one = 1)\n\nbits(s, endian = \'big\', zero = 0, one = 1) -> list\n\nConverts the argument a list of bits.\n\nArguments:\n s: A string or number to be converted into bits.\n endian (str): The binary endian, default \'big\'.\n zero: The representing a 0-bit.\n one: The representing a 1-bit.\n\nReturns:\n A list consisting of the values specified in
zeroand
one.\n\nExamples:\n\n >>> bits(511, zero = "+", one = "-")\n [\'+\', \'+\', \'+\', \'+\', \'+\', \'+\', \'+\', \'-\', \'-\', \'-\', \'-\', \'-\', \'-\', \'-\', \'-\', \'-\']\n >>> sum(bits("test"))\n 17\n >>> bits(0)\n [0, 0, 0, 0, 0, 0, 0, 0]', u'word': u'bits', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.bits_str', u'info': u'bits_str(s, endian = \'big\', zero = \'0\', one = \'1\')\n\nbits_str(s, endian = \'big\', zero = \'0\', one = \'1\') -> str\n\nA wrapper around :func:
bits, which converts the output into a string.\n\nExamples:\n\n >>> bits_str(511)\n \'0000000111111111\'\n >>> bits_str("bits_str", endian = "little")\n \'0100011010010110001011101100111011111010110011100010111001001110\'', u'word': u'bits_str', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.bitswap', u'info': u'bitswap(s)\n\nbitswap(s) -> str\n\nReverses the bits in every byte of a given string.\n\nExample:\n >>> bitswap("1234")\n \'\\x8cL\\xcc,\'', u'word': u'bitswap', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.bitswap_int', u'info': u"bitswap_int(n, width)\n\nbitswap_int(n) -> int\n\nReverses the bits of a numbers and returns the result as a new number.\n\nArguments:\n n (int): The number to swap.\n width (int): The width of the integer\n\nExamples:\n >>> hex(bitswap_int(0x1234, 8))\n '0x2c'\n >>> hex(bitswap_int(0x1234, 16))\n '0x2c48'\n >>> hex(bitswap_int(0x1234, 24))\n '0x2c4800'\n >>> hex(bitswap_int(0x1234, 25))\n '0x589000'", u'word': u'bitswap_int', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.bnot', u'info': u"bnot(value, width=None)\n\nReturns the binary inverse of 'value'.", u'word': u'bnot', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.check_cycle', u'info': u"check_cycle(reg, assignments)\n\nWalk down the assignment list of a register,\nreturn the path walked if it is encountered again.\n\nReturns:\n\n The list of register involved in the cycle.\n If there is no cycle, this is an empty list.\n\nExample:\n\n >>> check_cycle('a', {'a': 1})\n []\n >>> check_cycle('a', {'a': 'a'})\n ['a']\n >>> check_cycle('a', {'a': 'b', 'b': 'a'})\n ['a', 'b']\n >>> check_cycle('a', {'a': 'b', 'b': 'c', 'c': 'b', 'd': 'a'})\n []\n >>> check_cycle('a', {'a': 'b', 'b': 'c', 'c': 'd', 'd': 'a'})\n ['a', 'b', 'c', 'd']", u'word': u'check_cycle', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.check_cycle_', u'info': u'check_cycle_(reg, assignments, path)\n\n', u'word': u'check_cycle_', u'empty': 1}, {u'dup': 1, u'menu': u'statement: checked_assembler_version = defaultdict(lambda: False)', u'word': u'checked_assembler_version', u'empty': 1}, {u'dup': 1, u'menu': u'module: collections', u'word': u'collections', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.concat', u'info': u'concat(l)\n\nconcat(l) -> list\n\nConcats a list of lists into a list.\n\nExample:\n\n >>> concat([[1, 2], [3]])\n [1, 2, 3]', u'word': u'concat', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.concat_all', u'info': u'concat_all(*args)\n\nconcat_all(*args) -> list\n\nConcats all the arguments together.\n\nExample:\n >>> concat_all(0, [1, (2, 3)], [([[4, 5, 6]])])\n [0, 1, 2, 3, 4, 5, 6]', u'word': u'concat_all', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.remote.connect', u'word': u'connect', u'empty': 1}, {u'dup': 1, u'menu': u'import: from ..context import context', u'word': u'context', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.elf.Core', u'info': u'Core(self, *a, **kw)\n\nCore(*a, **kw) -> Core\n\nEnhances the inforation available about a corefile (which is an extension\nof the ELF format) by permitting extraction of information about the mapped\ndata segments, and register state.\n\nRegisters can be accessed directly, e.g. via ``core_obj.eax``.\n\nMappings can be iterated in order via ``core_obj.mappings``.', u'word': u'Core', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.cpp', u'info': u'cpp(shellcode)\n\ncpp(shellcode, ...) -> str\n\nRuns CPP over the given shellcode.\n\nThe output will always contain exactly one newline at the end.\n\nArguments:\n shellcode(str): Shellcode to preprocess\n\nKwargs:\n Any arguments/properties that can be set on ``context``\n\nExamples:\n\n .. doctest::\n\n >>> cpp("mov al, SYS_setresuid", arch = "i386", os = "linux")\n \'mov al, 164\\n\'\n >>> cpp("weee SYS_setresuid", arch = "arm", os = "linux")\n \'weee (0+164)\\n\'\n >>> cpp("SYS_setresuid", arch = "thumb", os = "linux")\n \'(0+164)\\n\'\n >>> cpp("SYS_setresuid", os = "freebsd")\n \'311\\n\'', u'word': u'cpp', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib.util.crc', u'info': u"Module for calculating CRC-sums.\n\nContains all crc implementations know on the interwebz. For most implementations\nit contains only the core crc algorithm and not e.g. padding schemes.\n\nIt is horribly slow, as implements a naive algorithm working direclty on\nbit polynomials. This class is exposed as
BitPolynom.\n\nThe current algorithm is super-linear and takes about 4 seconds to calculate\nthe crc32-sum of ``'A'*40000``.\n\nAn obvious optimization would be to actually generate some lookup-tables.", u'word': u'crc', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.cyclic', u'info': u'cyclic(length = None, alphabet = string.ascii_lowercase, n = None)\n\ncyclic(length = None, alphabet = string.ascii_lowercase, n = 4) -> list/str\n\nA simple wrapper over :func:
de_bruijn. This function returns at most\n
lengthelements.\n\nIf the given alphabet is a string, a string is returned from this function. Otherwise\na list is returned.\n\nArguments:\n length: The desired length of the list or None if the entire sequence is desired.\n alphabet: List or string to generate the sequence over.\n n(int): The length of subsequences that should be unique.\n\nExample:\n >>> cyclic(alphabet = "ABC", n = 3)\n \'AAABAACABBABCACBACCBBBCBCCC\'\n >>> cyclic(20)\n \'aaaabaaacaaadaaaeaaa\'\n >>> alphabet, n = range(30), 3\n >>> len(alphabet)**n, len(cyclic(alphabet = alphabet, n = n))\n (27000, 27000)', u'word': u'cyclic', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.cyclic_find', u'info': u'cyclic_find(subseq, alphabet = string.ascii_lowercase, n = None)\n\ncyclic_find(subseq, alphabet = string.ascii_lowercase, n = None) -> int\n\nCalculates the position of a substring into a De Bruijn sequence.\n\n.. todo:\n\n "Calculates" is an overstatement. It simply traverses the list.\n\n There exists better algorithms for this, but they depend on generating\n the De Bruijn sequence in another fashion. Somebody should look at it:\n\n https://www.sciencedirect.com/science/article/pii/S0012365X00001175\n\nArguments:\n subseq: The subsequence to look for. This can be a string, a list or an\n integer. If an integer is provided it will be packed as a\n little endian integer.\n alphabet: List or string to generate the sequence over.\n n(int): The length of subsequences that should be unique.\n\n\nExamples:\n\n >>> cyclic_find(cyclic(1000)[514:518])\n 514\n >>> cyclic_find(0x61616162)\n 4', u'word': u'cyclic_find', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.cyclic_metasploit', u'info': u'cyclic_metasploit(length = None, sets = None)\n\ncyclic_metasploit(length = None, sets = [ string.ascii_uppercase, string.ascii_lowercase, string.digits ]) -> str\n\nA simple wrapper over :func:
metasploit_pattern. This function returns a\nstring of length
length.\n\nArguments:\n length: The desired length of the string or None if the entire sequence is desired.\n sets: List of strings to generate the sequence over.\n\nExample:\n >>> cyclic_metasploit(32)\n \'Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab\'\n >>> cyclic_metasploit(sets = ["AB","ab","12"])\n \'Aa1Aa2Ab1Ab2Ba1Ba2Bb1Bb2\'\n >>> cyclic_metasploit()[1337:1341]\n \'5Bs6\'\n >>> len(cyclic_metasploit())\n 20280', u'word': u'cyclic_metasploit', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.cyclic_metasploit_find', u'info': u'cyclic_metasploit_find(subseq, sets = None)\n\ncyclic_metasploit_find(subseq, sets = [ string.ascii_uppercase, string.ascii_lowercase, string.digits ]) -> int\n\nCalculates the position of a substring into a Metasploit Pattern sequence.\n\nArguments:\n subseq: The subsequence to look for. This can be a string or an\n integer. If an integer is provided it will be packed as a\n little endian integer.\n sets: List of strings to generate the sequence over.\n\nExamples:\n\n >>> cyclic_metasploit_find(cyclic_metasploit(1000)[514:518])\n 514\n >>> cyclic_metasploit_find(0x61413161)\n 4', u'word': u'cyclic_metasploit_find', u'empty': 1}, {u'dup': 1, u'menu': u"statement: \ncyclic_pregen = ''", u'word': u'cyclic_pregen', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.dd', u'info': u"dd(dst, src, count = 0, skip = 0, seek = 0, truncate = False)\n\ndd(dst, src, count = 0, skip = 0, seek = 0, truncate = False) -> dst\n\nInspired by the command line tool ``dd``, this function copies
countbyte\nvalues from offset
seekin
srcto offset
skipin
dst. If
countis\n0, all of ``src[seek:]`` is copied.\n\nIf
dstis a mutable type it will be updated. Otherwise a new instance of\nthe same type will be created. In either case the result is returned.\n\n
srccan be an iterable of characters or integers, a unicode string or a\nfile object. If it is an iterable of integers, each integer must be in the\nrange [0;255]. If it is a unicode string, its UTF-8 encoding will be used.\n\nThe seek offset of file objects will be preserved.\n\nArguments:\n dst: Supported types are
:class:file,
:class:list,
:class:tuple,\n
:class:str,
:class:bytearrayand
:class:unicode.\n src: An iterable of byte values (characters or integers), a unicode\n string or a file object.\n count (int): How many bytes to copy. If
countis 0 or larger than\n ``len(src[seek:])``, all bytes until the end of
srcare\n copied.\n skip (int): Offset in
dstto copy to.\n seek (int): Offset in
srcto copy from.\n truncate (bool): If
:const:True,
dstis truncated at the last copied\n byte.\n\nReturns:\n A modified version of
dst. If
dstis a mutable type it will be\n modified in-place.\n\nExamples:\n>>> dd(tuple('Hello!'), '?', skip = 5)\n('H', 'e', 'l', 'l', 'o', '?')\n>>> dd(list('Hello!'), (63,), skip = 5)\n['H', 'e', 'l', 'l', 'o', '?']\n>>> write('/tmp/foo', 'A' * 10)\n... dd(file('/tmp/foo'), file('/dev/zero'), skip = 3, count = 4)\n... read('/tmp/foo')\n'AAA\x00\x00\x00\x00AAA'\n>>> write('/tmp/foo', 'A' * 10)\n... dd(file('/tmp/foo'), file('/dev/zero'), skip = 3, count = 4, truncate = True)\n... read('/tmp/foo')\n'AAA\x00\x00\x00\x00'", u'word': u'dd', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.de_bruijn', u'info': u'de_bruijn(alphabet = string.ascii_lowercase, n = None)\n\nde_bruijn(alphabet = string.ascii_lowercase, n = 4) -> generator\n\nGenerator for a sequence of unique substrings of length
n. This is implemented using a\nDe Bruijn Sequence over the given
alphabet.\n\nThe returned generator will yield up to ``len(alphabet)**n`` elements.\n\nArguments:\n alphabet: List or string to generate the sequence over.\n n(int): The length of subsequences that should be unique.', u'word': u'de_bruijn', u'empty': 1}, {u'dup': 1, u'menu': u'statement: de_bruijn_gen = de_bruijn()', u'word': u'de_bruijn_gen', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.dealarm_shell', u'info': u'dealarm_shell(tube)\n\nGiven a tube which is a shell, dealarm it.\n ', u'word': u'dealarm_shell', u'empty': 1}, {u'dup': 1, u'menu': u'statement: debug = log.debug', u'word': u'debug', u'empty': 1}, {u'dup': 1, u'menu': u"statement: default_style = {\n 'marker': text.gray if text.has_gray else text.blue,\n 'nonprintable': text.gray if text.has_gray else text.blue,\n '00': text.red,\n '0a': text.red,\n 'ff': text.green,\n}", u'word': u'default_style', u'empty': 1}, {u'dup': 1, u'menu': u'class: collections.defaultdict', u'info': u'defaultdict(default_factory[, ...]) --> dict with default factory\n\nThe default factory is called without arguments to produce\na new value when a key is not present, in __getitem__ only.\nA defaultdict compares equal to a dict with the same items.\nAll remaining arguments are treated the same as if they were\npassed to the dict constructor, including keyword arguments.', u'word': u'defaultdict', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.depends_on_cycle', u'info': u'depends_on_cycle(reg, assignments, in_cycles)\n\n', u'word': u'depends_on_cycle', u'empty': 1}, {u'dup': 1, u'menu': u'function: getdents.dirents', u'info': u"dirents(buf)\n\nunpack_dents(buf) -> list\n\nExtracts data from a buffer emitted by getdents()\n\nArguments:\n buf(str): Byte array\n\nReturns:\n A list of filenames.\n\nExample:\n\n >>> data = '5ade6d010100000010002e0000000004010000000200000010002e2e006e3d04092b6d010300000010007461736b00045bde6d010400000010006664003b3504'\n >>> data = data.decode('hex')\n >>> print dirents(data)\n ['.', '..', 'fd', 'task']", u'word': u'dirents', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.disasm', u'info': u"disasm(data, vma = 0, byte = True, offset = True, instructions = True)\n\ndisasm(data, ...) -> str\n\nDisassembles a bytestring into human readable assembler.\n\nTo see which architectures are supported,\nlook in :mod:
pwnlib.contex.\n\nTo support all these architecture, we bundle the GNU objcopy\nand objdump with pwntools.\n\nArguments:\n data(str): Bytestring to disassemble.\n vma(int): Passed through to the --adjust-vma argument of objdump\n byte(bool): Include the hex-printed bytes in the disassembly\n offset(bool): Include the virtual memory address in the disassembly\n\nKwargs:\n Any arguments/properties that can be set on ``context``\n\nExamples:\n\n .. doctest::\n\n >>> print disasm('b85d000000'.decode('hex'), arch = 'i386')\n 0: b8 5d 00 00 00 mov eax,0x5d\n >>> print disasm('b85d000000'.decode('hex'), arch = 'i386', byte = 0)\n 0: mov eax,0x5d\n >>> print disasm('b85d000000'.decode('hex'), arch = 'i386', byte = 0, offset = 0)\n mov eax,0x5d\n >>> print disasm('b817000000'.decode('hex'), arch = 'amd64')\n 0: b8 17 00 00 00 mov eax,0x17\n >>> print disasm('48c7c017000000'.decode('hex'), arch = 'amd64')\n 0: 48 c7 c0 17 00 00 00 mov rax,0x17\n >>> print disasm('04001fe552009000'.decode('hex'), arch = 'arm')\n 0: e51f0004 ldr r0, [pc, #-4] ; 0x4\n 4: 00900052 addseq r0, r0, r2, asr r0\n >>> print disasm('4ff00500'.decode('hex'), arch = 'thumb', bits=32)\n 0: f04f 0005 mov.w r0, #5\n >>>", u'word': u'disasm', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.dpkg_search_for_binutils', u'info': u'dpkg_search_for_binutils(arch, util)\n\nUse dpkg to search for any available assemblers which will work.\n\nReturns:\n A list of candidate package names.', u'word': u'dpkg_search_for_binutils', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.dynelf.DynELF', u'info': u'DynELF(self, leak, pointer=None, elf=None)\n\nDynELF knows how to resolve symbols in remote processes via an infoleak or\nmemleak vulnerability encapsulated by :class:
pwnlib.memleak.MemLeak.\n\nImplementation Details:\n\n Resolving Functions:\n\n In all ELFs which export symbols for importing by other libraries,\n (e.g. ``libc.so``) there are a series of tables which give exported\n symbol names, exported symbol addresses, and the ``hash`` of those\n exported symbols. By applying a hash function to the name of the\n desired symbol (e.g., ``\'printf\'``), it can be located in the hash\n table. Its location in the hash table provides an index into the\n string name table (strtab_), and the symbol address (symtab_).\n\n Assuming we have the base address of ``libc.so``, the way to resolve\n the address of ``printf`` is to locate the ``symtab``, ``strtab``,\n and hash table. The string ``"printf"`` is hashed according to the\n style of the hash table (SYSV_ or GNU_), and the hash table is\n walked until a matching entry is located. We can verify an exact\n match by checking the string table, and then get the offset into\n ``libc.so`` from the ``symtab``.\n\n Resolving Library Addresses:\n\n If we have a pointer into a dynamically-linked executable, we can\n leverage an internal linker structure called the
link map_. This\n is a linked list structure which contains information about each\n loaded library, including its full path and base address.\n\n A pointer to the ``link map`` can be found in two ways. Both are\n referenced from entries in the DYNAMIC_ array.\n\n - In non-RELRO binaries, a pointer is placed in the
.got.plt_ area\n in the binary. This is marked by finding the DT_PLTGOT_ area in the\n binary.\n - In all binaries, a pointer can be found in the area described by\n the DT_DEBUG_ area. This exists even in stripped binaries.\n\n For maximum flexibility, both mechanisms are used exhaustively.\n\n.. _symtab: https://refspecs.linuxbase.org/elf/gabi4+/ch4.symtab.html\n.. _strtab: https://refspecs.linuxbase.org/elf/gabi4+/ch4.strtab.html\n.. _.got.plt: https://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/specialsections.html\n.. _DYNAMIC: http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#dynamic_section\n.. _SYSV: https://refspecs.linuxbase.org/elf/gabi4+/ch5.dynamic.html#hash\n.. _GNU: https://blogs.oracle.com/ali/entry/gnu_hash_elf_sections\n.. _DT_DEBUG: https://reverseengineering.stackexchange.com/questions/6525/elf-link-map-when-linked-as-relro\n.. _link map: https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/link.h;h=eaca8028e45a859ac280301a6e955a14eed1b887;hb=HEAD#l84\n.. _DT_PLTGOT: http://refspecs.linuxfoundation.org/ELF/zSeries/lzsabi0_zSeries/x2251.html', u'word': u'DynELF', u'empty': 1}, {u'dup': 1, u'menu': u'class: elf.ELF', u'info': u"ELF(self, path)\n\nEncapsulates information about an ELF file.\n\n:ivar path: Path to the binary on disk\n:ivar symbols: Dictionary of {name: address} for all symbols in the ELF\n:ivar plt: Dictionary of {name: address} for all functions in the PLT\n:ivar got: Dictionary of {name: address} for all function pointers in the GOT\n:ivar libs: Dictionary of {path: address} for each shared object required to load the ELF\n\nExample:\n\n .. code-block:: python\n\n bash = ELF(which('bash'))\n hex(bash.symbols['read'])\n # 0x41dac0\n hex(bash.plt['read'])\n # 0x41dac0\n u32(bash.read(bash.got['read'], 4))\n # 0x41dac6\n print disasm(bash.read(bash.plt['read'],16), arch='amd64')\n # 0: ff 25 1a 18 2d 00 jmp QWORD PTR [rip+0x2d181a] # 0x2d1820\n # 6: 68 59 00 00 00 push 0x59\n # b: e9 50 fa ff ff jmp 0xfffffffffffffa60", u'word': u'ELF', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.encode', u'info': u"encode(raw_bytes, avoid=None, expr=None, force=0, pcreg='')\n\nencode(raw_bytes, avoid, expr, force) -> str\n\nEncode shellcode ``raw_bytes`` such that it does not contain\nany bytes in ``avoid`` or ``expr``.\n\nArguments:\n\n raw_bytes(str): Sequence of shellcode bytes to encode.\n avoid(str): Bytes to avoid\n expr(str): Regular expression which matches bad characters.\n force(bool): Force re-encoding of the shellcode, even if it\n doesn't contain any bytes in ``avoid``.", u'word': u'encode', u'empty': 1}, {u'dup': 1, u'menu': u'class: encoder.Encoder', u'info': u'Encoder(self)\n\n', u'word': u'Encoder', u'empty': 1}, {u'dup': 1, u'menu': u'forstmt: packing', u'word': u'end', u'empty': 1}, {u'dup': 1, u'menu': u"statement: ends = ['b','l']", u'word': u'ends', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.enhex', u'info': u'enhex(x)\n\nenhex(x) -> str\n\nHex-encodes a string.\n\nExample:\n\n >>> enhex("test")\n \'74657374\'', u'word': u'enhex', u'empty': 1}, {u'dup': 1, u'menu': u'instance: os.environ', u'info': u'_Environ(self, environ)\n\n', u'word': u'environ', u'empty': 1}, {u'dup': 1, u'menu': u'module: errno', u'word': u'errno', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \nerror = log.error', u'word': u'error', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.extract_dependencies', u'info': u"extract_dependencies(reg, assignments)\n\nReturn a list of all registers which directly\ndepend on the specified register.\n\nExample:\n\n >>> extract_dependencies('a', {'a': 1})\n []\n >>> extract_dependencies('a', {'a': 'b', 'b': 1})\n []\n >>> extract_dependencies('a', {'a': 1, 'b': 'a'})\n ['b']\n >>> extract_dependencies('a', {'a': 1, 'b': 'a', 'c': 'a'})\n ['b', 'c']", u'word': u'extract_dependencies', u'empty': 1}, {u'dup': 1, u'menu': u'module: fiddling', u'word': u'fiddling', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.findall', u'info': u'findall(haystack, needle)\n\nfindall(l, e) -> l\n\nGenerate all indices of needle in haystack, using the\nKnuth-Morris-Pratt algorithm.\n\nExample:\n >>> foo = findall([1,2,3,4,4,3,4,2,1], 4)\n >>> foo.next()\n 3\n >>> foo.next()\n 4\n >>> foo.next()\n 6', u'word': u'findall', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.fit', u'info': u'fit(pieces=None, **kwargs)\n\nfit(pieces, filler = de_bruijn(), length = None, preprocessor = None) -> str\n\nGenerates a string from a dictionary mapping offsets to data to place at\nthat offset.\n\nFor each key-value pair in
pieces, the key is either an offset or a byte\nsequence. In the latter case, the offset will be the lowest index at which\nthe sequence occurs in
filler. See examples below.\n\nEach piece of data is passed to :meth:
flatalong with the keyword\narguments
word_size,
endiannessand
sign.\n\nSpace between pieces of data is filled out using the iterable
filler. The\n
n\'th byte in the output will be byte at index ``n % len(iterable)`` byte\nin
fillerif it has finite length or the byte at index
notherwise.\n\nIf
lengthis given, the output will padded with bytes from
fillerto be\nthis size. If the output is longer than
length, a :py:exc:
ValueError\nexception is raised.\n\nIf entries in
piecesoverlap, a :py:exc:
ValueErrorexception is\nraised.\n\nArguments:\n pieces: Offsets and values to output.\n length: The length of the output.\n filler: Iterable to use for padding.\n preprocessor (function): Gets called on every element to optionally\n transform the element before flattening. If :const:
Noneis\n returned, then the original value is used.\n word_size (int): Word size of the converted integer.\n endianness (str): Endianness of the converted integer ("little"/"big").\n sign (str): Signedness of the converted integer (False/True)\n\nExamples:\n >>> fit({12: 0x41414141,\n ... 24: \'Hello\',\n ... })\n \'aaaabaaacaaaAAAAeaaafaaaHello\'\n >>> fit({\'caaa\': \'\'})\n \'aaaabaaa\'\n >>> fit({12: \'XXXX\'}, filler = \'AB\', length = 20)\n \'ABABABABABABXXXXABAB\'\n >>> fit({ 8: [0x41414141, 0x42424242],\n ... 20: \'CCCC\'})\n \'aaaabaaaAAAABBBBeaaaCCCC\'', u'word': u'fit', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.flat', u'info': u'flat(*args, **kwargs)\n\nflat(*args, preprocessor = None, word_size = None, endianness = None, sign = None)\n\nFlattens the arguments into a string.\n\nThis function takes an arbitrary number of arbitrarily nested lists and\ntuples. It will then find every string and number inside those and flatten\nthem out. Strings are inserted directly while numbers are packed using the\n:func:
packfunction.\n\nThe three kwargs
word_size,
endiannessand
signwill default to using\nvalues in :mod:
pwnlib.contextif not specified as an argument.\n\nArguments:\n args: Values to flatten\n preprocessor (function): Gets called on every element to optionally\n transform the element before flattening. If :const:
Noneis\n returned, then the original value is uded.\n word_size (int): Word size of the converted integer.\n endianness (str): Endianness of the converted integer ("little"/"big").\n sign (str): Signedness of the converted integer (False/True)\n\nExamples:\n >>> flat(1, "test", [[["AB"]*2]*3], endianness = \'little\', word_size = 16, sign = False)\n \'\\x01\\x00testABABABABABAB\'\n >>> flat([1, [2, 3]], preprocessor = lambda x: str(x+1))\n \'234\'', u'word': u'flat', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.fmtstr.FmtStr', u'info': u"FmtStr(self, execute_fmt, offset = None, padlen = 0, numbwritten = 0)\n\nProvides an automated format string exploitation.\n\nIt takes a function which is called every time the automated\nprocess want to communicate with the vulnerable process. this\nfunction takes a parameter with the payload that you have to\nsend to the vulnerable process and must return the process\nreturns.\n\nIf the
offsetparameter is not given, then try to find the right\noffset by leaking stack data.\n\nArguments:\n execute_fmt(function): function to call for communicate with the vulnerable process\n offset(int): the first formatter's offset you control\n padlen(int): size of the pad you want to add before the payload\n numbwritten(int): number of already written bytes", u'word': u'FmtStr', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.fmtstr.fmtstr_payload', u'info': u"fmtstr_payload(offset, writes, numbwritten=0, write_size='byte')\n\nfmtstr_payload(offset, writes, numbwritten=0, write_size='byte') -> str\n\nMakes payload with given parameter.\nIt can generate payload for 32 or 64 bits architectures.\nThe size of the addr is taken from ``context.bits``\n\nArguments:\n offset(int): the first formatter's offset you control\n writes(dict): dict with addr, value ``{addr: value, addr2: value2}``\n numbwritten(int): number of byte already written by the printf function\n write_size(str): must be ``byte``, ``short`` or ``int``. Tells if you want to write byte by byte, short by short or int by int (hhn, hn or n)\nReturns:\n The payload in order to do needed writes\n\nExamples:\n >>> context.clear(arch = 'amd64')\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='int'))\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00%322419374c%1$n%3972547906c%2$n'\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='short'))\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00%47774c%1$hn%22649c%2$hn%60617c%3$hn%4$hn'\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='byte'))\n '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00%126c%1$hhn%252c%2$hhn%125c%3$hhn%220c%4$hhn%237c%5$hhn%6$hhn%7$hhn%8$hhn'\n >>> context.clear(arch = 'i386')\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='int'))\n '\\x00\\x00\\x00\\x00%322419386c%1$n'\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='short'))\n '\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00%47798c%1$hn%22649c%2$hn'\n >>> print repr(fmtstr_payload(1, {0x0: 0x1337babe}, write_size='byte'))\n '\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00%174c%1$hhn%252c%2$hhn%125c%3$hhn%220c%4$hhn'", u'word': u'fmtstr_payload', u'empty': 1}, {u'dup': 1, u'menu': u'statement: GB = 1024 * MB', u'word': u'GB', u'empty': 1}, {u'dup': 1, u'menu': u'import: from ..log import getLogger', u'word': u'getLogger', u'empty': 1}, {u'dup': 1, u'menu': u'statement: GiB = 1000 * MB', u'word': u'GiB', u'empty': 1}, {u'dup': 1, u'menu': u'function: glob.glob', u'info': u"glob(pathname)\n\nReturn a list of paths matching a pathname pattern.\n\nThe pattern may contain simple shell-style wildcards a la\nfnmatch. However, unlike fnmatch, filenames starting with a\ndot are special cases that are not matched by '*' and '?'\npatterns.", u'word': u'glob', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.group', u'info': u'group(n, lst, underfull_action = \'ignore\', fill_value = None)\n\ngroup(n, lst, underfull_action = \'ignore\', fill_value = None) -> list\n\nSplit sequence into subsequences of given size. If the values cannot be\nevenly distributed among into groups, then the last group will either be\nreturned as is, thrown out or padded with the value specified in fill_value.\n\nArguments:\n n (int): The size of resulting groups\n lst: The list, tuple or string to group\n underfull_action (str): The action to take in case of an underfull group at the end. Possible values are \'ignore\', \'drop\' or \'fill\'.\n fill_value: The value to fill into an underfull remaining group.\n\nReturns:\n A list containing the grouped values.\n\nExample:\n >>> group(3, "ABCDEFG")\n [\'ABC\', \'DEF\', \'G\']\n >>> group(3, \'ABCDEFG\', \'drop\')\n [\'ABC\', \'DEF\']\n >>> group(3, \'ABCDEFG\', \'fill\', \'Z\')\n [\'ABC\', \'DEF\', \'GZZ\']\n >>> group(3, list(\'ABCDEFG\'), \'fill\')\n [[\'A\', \'B\', \'C\'], [\'D\', \'E\', \'F\'], [\'G\', None, None]]', u'word': u'group', u'empty': 1}, {u'dup': 1, u'menu': u'module: hashlib', u'word': u'hashlib', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.hexdump', u'info': u'hexdump(s, width=16, skip=True, hexii=False, begin=0,\nstyle=None, highlight=None, cyclic=False)\n\nhexdump(s, width = 16, skip = True, hexii = False, begin = 0,\n style = None, highlight = None, cyclic = False) -> str generator\n\nReturn a hexdump-dump of a string.\n\nArguments:\n s(str): The data to hexdump.\n width(int): The number of characters per line\n skip(bool): Set to True, if repeated lines should be replaced by a "*"\n hexii(bool): Set to True, if a hexii-dump should be returned instead of a hexdump.\n begin(int): Offset of the first byte to print in the left column\n style(dict): Color scheme to use.\n highlight(iterable): Byte values to highlight.\n cyclic(bool): Attempt to skip consecutive, unmodified cyclic lines\n\nReturns:\n A hexdump-dump in the form of a string.', u'word': u'hexdump', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.hexdump_iter', u'info': u'hexdump_iter(fd, width=16, skip=True, hexii=False, begin=0, style=None,\nhighlight=None, cyclic=False)\n\nhexdump_iter(s, width = 16, skip = True, hexii = False, begin = 0,\n style = None, highlight = None, cyclic = False) -> str generator\n\nReturn a hexdump-dump of a string as a generator of lines. Unless you have\nmassive amounts of data you probably want to use :meth:
hexdump.\n\nArguments:\n fd(file): File object to dump. Use :meth:
StringIO.StringIOor :meth:
hexdumpto dump a string.\n width(int): The number of characters per line\n skip(bool): Set to True, if repeated lines should be replaced by a "*"\n hexii(bool): Set to True, if a hexii-dump should be returned instead of a hexdump.\n begin(int): Offset of the first byte to print in the left column\n style(dict): Color scheme to use.\n highlight(iterable): Byte values to highlight.\n cyclic(bool): Attempt to skip consecutive, unmodified cyclic lines\n\nReturns:\n A generator producing the hexdump-dump one line at a time.', u'word': u'hexdump_iter', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.hexii', u'info': u'hexii(s, width = 16, skip = True)\n\nhexii(s, width = 16, skip = True) -> str\n\nReturn a HEXII-dump of a string.\n\nArguments:\n s(str): The string to dump\n width(int): The number of characters per line\n skip(bool): Should repeated lines be replaced by a "*"\n\nReturns:\n A HEXII-dump in the form of a string.', u'word': u'hexii', u'empty': 1}, {u'dup': 1, u'menu': u'module: i386', u'word': u'i386', u'empty': 1}, {u'dup': 1, u'menu': u'module: importlib', u'word': u'importlib', u'empty': 1}, {u'dup': 1, u'menu': u'statement: info = log.info', u'word': u'info', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.isprint', u'info': u'isprint(c)\n\nisprint(c) -> bool\n\nReturn True if a character is printable', u'word': u'isprint', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib.util.iters', u'info': u'This module includes and extends the standard module :mod:
itertools.', u'word': u'iters', u'empty': 1}, {u'dup': 1, u'menu': u'statement: KB = 1024', u'word': u'KB', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \nKiB = 1000', u'word': u'KiB', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.line', u'info': u'line(raw_bytes, *a, **kw)\n\nline(raw_bytes) -> str\n\nEncode the shellcode ``raw_bytes`` such that it does not\ncontain any NULL bytes or whitespace.\n\nAccepts the same arguments as :func:
encode.', u'word': u'line', u'empty': 1}, {u'dup': 1, u'menu': u'class: getdents.linux_dirent', u'info': u'linux_dirent(self, buf)\n\n', u'word': u'linux_dirent', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.listen.listen', u'info': u'listen(self, port=0, bindaddr = "0.0.0.0", fam = "any",\ntyp = "tcp", *args, **kwargs)\n\nCreates an TCP or UDP-socket to receive data on. It supports\nboth IPv4 and IPv6.\n\nThe returned object supports all the methods from\n:class:
pwnlib.tubes.sockand :class:
pwnlib.tubes.tube.\n\nArguments:\n port(int): The port to connect to.\n bindaddr(str): The address to bind to.\n fam: The string "any", "ipv4" or "ipv6" or an integer to pass to :func:
socket.getaddrinfo.\n typ: The string "tcp" or "udp" or an integer to pass to :func:
socket.getaddrinfo.', u'word': u'listen', u'empty': 1}, {u'dup': 1, u'menu': u'module: lists', u'word': u'lists', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.elf.load', u'info': u'load(*args, **kwargs)\n\nCompatibility wrapper for pwntools v1', u'word': u'load', u'empty': 1}, {u'dup': 1, u'menu': u'import: from ..context import LocalContext', u'word': u'LocalContext', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \nlog = getLogger(__name__)', u'word': u'log', u'empty': 1}, {u'dup': 1, u'menu': u'module: logging', u'word': u'logging', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.make_elf', u'info': u"make_elf(data, vma = None, strip=True, extract=True, shared=False)\n\nBuilds an ELF file with the specified binary data as its\nexecutable code.\n\nArguments:\n data(str): Assembled code\n vma(int): Load address for the ELF file\n\nExamples:\n\n This example creates an i386 ELF that just does\n execve('/bin/sh',...).\n\n >>> context.clear()\n >>> context.arch = 'i386'\n >>> context.bits = 32\n >>> filename = tempfile.mktemp()\n >>> bin_sh = '6a68682f2f2f73682f62696e89e331c96a0b5899cd80'.decode('hex')\n >>> data = make_elf(bin_sh)\n >>> with open(filename,'wb+') as f:\n ... f.write(data)\n ... f.flush()\n >>> os.chmod(filename,0777)\n >>> p = process(filename)\n >>> p.sendline('echo Hello; exit')\n >>> p.recvline()\n 'Hello\\n'", u'word': u'make_elf', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.make_elf_from_assembly', u'info': u"make_elf_from_assembly(assembly, vma = None, extract=False, shared =\nFalse)\n\nBuilds an ELF file with the specified assembly as its\nexecutable code.\n\nArguments:\n\n assembly(str): Assembly\n vma(int): Load address of the binary\n extract(bool): Whether to return the data extracted from the file created,\n or the path to it.\n\nReturns:\n\n The path to the assembled ELF (extract=False), or the data\n of the assembled ELF.\n\nExample:\n\n >>> context.clear()\n >>> context.arch = 'amd64'\n >>> sc = 'push rbp; mov rbp, rsp;'\n >>> sc += shellcraft.echo('Hello\\n')\n >>> sc += 'mov rsp, rbp; pop rbp; ret'\n >>> solib = make_elf_from_assembly(sc, shared=1)\n >>> subprocess.check_output(['echo', 'World'], env={'LD_PRELOAD': solib})\n 'Hello\\nWorld\\n'", u'word': u'make_elf_from_assembly', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.make_multi', u'info': u'make_multi(op, size)\n\n', u'word': u'make_multi', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.make_packer', u'info': u'make_packer(word_size = None, sign = None, **kwargs)\n\nmake_packer(word_size = None, endianness = None, sign = None) -> number \u2192 str\n\nCreates a packer by "freezing" the given arguments.\n\nSemantically calling ``make_packer(w, e, s)(data)`` is equivalent to calling\n``pack(data, w, e, s)``. If word_size is one of 8, 16, 32 or 64, it is however\nfaster to call this function, since it will then use a specialized version.\n\nArguments:\n word_size (int): The word size to be baked into the returned packer or the string all.\n endianness (str): The endianness to be baked into the returned packer. ("little"/"big")\n sign (str): The signness to be baked into the returned packer. ("unsigned"/"signed")\n kwargs: Additional context flags, for setting by alias (e.g. ``endian=`` rather than index)\n\nReturns:\n A function, which takes a single argument in the form of a number and returns a string\n of that number in a packed form.\n\nExamples:\n >>> p = make_packer(32, endian=\'little\', sign=\'unsigned\')\n >>> p\n <function _p32lu at 0x...>\n >>> p(42)\n \'*\\x00\\x00\\x00\'\n >>> p(-1)\n Traceback (most recent call last):\n ...\n error: integer out of range for \'I\' format code\n >>> make_packer(33, endian=\'little\', sign=\'unsigned\')\n <function <lambda> at 0x...>', u'word': u'make_packer', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.make_single', u'info': u'make_single(op,size,end,sign)\n\n', u'word': u'make_single', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.make_unpacker', u'info': u'make_unpacker(word_size = None, endianness = None, sign = None,\n**kwargs)\n\nmake_unpacker(word_size = None, endianness = None, sign = None, **kwargs) -> str \u2192 number\n\nCreates a unpacker by "freezing" the given arguments.\n\nSemantically calling ``make_unpacker(w, e, s)(data)`` is equivalent to calling\n``unpack(data, w, e, s)``. If word_size is one of 8, 16, 32 or 64, it is however\nfaster to call this function, since it will then use a specialized version.\n\nArguments:\n word_size (int): The word size to be baked into the returned packer.\n endianness (str): The endianness to be baked into the returned packer. ("little"/"big")\n sign (str): The signness to be baked into the returned packer. ("unsigned"/"signed")\n kwargs: Additional context flags, for setting by alias (e.g. ``endian=`` rather than index)\n\nReturns:\n A function, which takes a single argument in the form of a string and returns a number\n of that string in an unpacked form.\n\nExamples:\n >>> u = make_unpacker(32, endian=\'little\', sign=\'unsigned\')\n >>> u\n <function _u32lu at 0x...>\n >>> hex(u(\'/bin\'))\n \'0x6e69622f\'\n >>> u(\'abcde\')\n Traceback (most recent call last):\n ...\n error: unpack requires a string argument of length 4\n >>> make_unpacker(33, endian=\'little\', sign=\'unsigned\')\n <function <lambda> at 0x...>', u'word': u'make_unpacker', u'empty': 1}, {u'dup': 1, u'menu': u'module: math', u'word': u'math', u'empty': 1}, {u'dup': 1, u'menu': u'statement: MB = 1024 * KB', u'word': u'MB', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.memleak.MemLeak', u'info': u'MemLeak(self, f, search_range = 20, reraise = True)\n\nMemLeak is a caching and heuristic tool for exploiting memory leaks.\n\nIt can be used as a decorator, around functions of the form:\n\n def some_leaker(addr):\n ...\n return data_as_string_or_None\n\nIt will cache leaked memory (which requires either non-randomized static\ndata or a continouous session). If required, dynamic or known data can be\nset with the set-functions, but this is usually not required. If a byte\ncannot be recovered, it will try to leak nearby bytes in the hope that the\nbyte is recovered as a side-effect.\n\nArguments:\n f (function): The leaker function.\n search_range (int): How many bytes to search backwards in case an address does not work.\n reraise (bool): Whether to reraise call :func:
pwnlib.log.warningin case the leaker function throws an exception.\n\nExample:\n\n .. doctest:: leaker\n\n >>> import pwnlib\n >>> binsh = pwnlib.util.misc.read(\'/bin/sh\')\n >>> @pwnlib.memleak.MemLeak\n ... def leaker(addr):\n ... print "leaking 0x%x" % addr\n ... return binsh[addr:addr+4]\n >>> leaker.s(0)[:4]\n leaking 0x0\n leaking 0x4\n \'\\x7fELF\'\n >>> leaker[:4]\n \'\\x7fELF\'\n >>> hex(leaker.d(0))\n \'0x464c457f\'\n >>> hex(leaker.clearb(1))\n \'0x45\'\n >>> hex(leaker.d(0))\n leaking 0x1\n \'0x464c457f\'\n >>> @pwnlib.memleak.MemLeak\n ... def leaker_nonulls(addr):\n ... print "leaking 0x%x" % addr\n ... if addr & 0xff == 0:\n ... return None\n ... return binsh[addr:addr+4]\n >>> leaker_nonulls.d(0) == None\n leaking 0x0\n True\n >>> leaker_nonulls[0x100:0x104] == binsh[0x100:0x104]\n leaking 0x100\n leaking 0xff\n leaking 0x103\n True', u'word': u'MemLeak', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic.metasploit_pattern', u'info': u"metasploit_pattern(sets = None)\n\nmetasploit_pattern(sets = [ string.ascii_uppercase, string.ascii_lowercase, string.digits ]) -> generator\n\nGenerator for a sequence of characters as per Metasploit Framework's\n
Rex::Text.pattern_create(aka
pattern_create.rb).\n\nThe returned generator will yield up to\n``len(sets) * reduce(lambda x,y: x*y, map(len, sets))`` elements.\n\nArguments:\n sets: List of strings to generate the sequence over.", u'word': u'metasploit_pattern', u'empty': 1}, {u'dup': 1, u'menu': u'statement: MiB = 1000 * KB', u'word': u'MiB', u'empty': 1}, {u'dup': 1, u'menu': u'module: mips', u'word': u'mips', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.mkdir_p', u'info': u'mkdir_p(path)\n\nEmulates the behavior of ``mkdir -p``.', u'word': u'mkdir_p', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \nmod = sys.modules[__name__]', u'word': u'mod', u'empty': 1}, {u'dup': 1, u'menu': u'forstmt: pwnlib', u'word': u'module', u'empty': 1}, {u'dup': 1, u'menu': u'function: ui.more', u'info': u'more(text)\n\nmore(text)\n\nShows text like the command line tool ``more``.\n\nIt not in term_mode, just prints the data to the screen.\n\nArguments:\n text(str): The text to show.\n\nReturns:\n :const:
None', u'word': u'more', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.naf', u'info': u'naf(n)\n\nnaf(int) -> int generator\n\nReturns a generator for the non-adjacent form (NAF[1]) of a number,
n. If\n
naf(n)generates
z_0, z_1, ..., then
n == z_0 + z_1 2 + z_2 22,\n....\n\n[1] https://en.wikipedia.org/wiki/Non-adjacent_form\n\nExample:\n\n >>> n = 45\n >>> m = 0\n >>> x = 1\n >>> for z in naf(n):\n ... m += x * z\n ... x *= 2\n >>> n == m\n True', u'word': u'naf', u'empty': 1}, {u'dup': 1, u'menu': u'statement: name, routine = make_multi(op,size)', u'word': u'name', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.negate', u'info': u"negate(value, width = None)\n\nReturns the two's complement of 'value'.", u'word': u'negate', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib.util.net', u'word': u'net', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.null', u'info': u'null(raw_bytes, *a, **kw)\n\nnull(raw_bytes) -> str\n\nEncode the shellcode ``raw_bytes`` such that it does not\ncontain any NULL bytes.\n\nAccepts the same arguments as :func:
encode`.', u'word': u'null', u'empty': 1}, {u'dup': 1, u'menu': u'forstmt: packing', u'word': u'op', u'empty': 1}, {u'dup': 1, u'menu': u"statement: op_verbs = {'p': 'pack', 'u': 'unpack'}", u'word': u'op_verbs', u'empty': 1}, {u'dup': 1, u'menu': u'module: operator', u'word': u'operator', u'empty': 1}, {u'dup': 1, u'menu': u"statement: ops = {'p': struct.pack, 'u': lambda a: struct.unpack(a)[0]}", u'word': u'ops', u'empty': 1}, {u'dup': 1, u'menu': u'function: ui.options', u'info': u'options(prompt, opts, default = None)\n\nPresents the user with a prompt (typically in the\nform of a question) and a number of options.\n\nArguments:\n prompt (str): The prompt to show\n opts (list): The options to show to the user\n default: The default option to choose\n\nReturns:\n The users choice in the form of an integer.', u'word': u'options', u'empty': 1}, {u'dup': 1, u'menu': u'class: collections.OrderedDict', u'info': u'OrderedDict(*args, kwds)\n\nDictionary that remembers insertion order', u'word': u'OrderedDict', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.ordlist', u'info': u'ordlist(s)\n\nordlist(s) -> list\n\nTurns a string into a list of the corresponding ascii values.\n\nExample:\n >>> ordlist("hello")\n [104, 101, 108, 108, 111]', u'word': u'ordlist', u'empty': 1}, {u'dup': 1, u'menu': u'module: os', u'word': u'os', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.pack', u'info': u'pack(number, word_size = None, endianness = None, sign = None, kwargs)\n\npack(number, word_size = None, endianness = None, sign = None, kwargs) -> str\n\nPacks arbitrary-sized integer.\n\nWord-size, endianness and signedness is done according to context.\n\nword_size
can be any positive number or the string "all". Choosing the\nstring "all" will output a string long enough to contain all the significant\nbits and thus be decodable by :func:unpack
.\n\nword_size
can be any positive number. The output will contain word_size/8\nrounded up number of bytes. If word_size is not a multiple of 8, it will be\npadded with zeroes up to a byte boundary.\n\nArguments:\n number (int): Number to convert\n word_size (int): Word size of the converted integer or the string \'all\'.\n endianness (str): Endianness of the converted integer ("little"/"big")\n sign (str): Signedness of the converted integer (False/True)\n kwargs: Anything that can be passed to context.local\n\nReturns:\n The packed number as a string.\n\nExamples:\n >>> pack(0x414243, 24, \'big\', True)\n \'ABC\'\n >>> pack(0x414243, 24, \'little\', True)\n \'CBA\'\n >>> pack(0x814243, 24, \'big\', False)\n \'\x81BC\'\n >>> pack(0x814243, 24, \'big\', True)\n Traceback (most recent call last):\n ...\n ValueError: pack(): number does not fit within word_size\n >>> pack(0x814243, 25, \'big\', True)\n \'\x00\x81BC\'\n >>> pack(-1, \'all\', \'little\', True)\n \'\xff\'\n >>> pack(-256, \'all\', \'big\', True)\n \'\xff\x00\'\n >>> pack(0x0102030405, \'all\', \'little\', True)\n \'\x05\x04\x03\x02\x01\'\n >>> pack(-1)\n \'\xff\xff\xff\xff\'\n >>> pack(0x80000000, \'all\', \'big\', True)\n \'\x00\x80\x00\x00\x00\'', u'word': u'pack', u'empty': 1}, {u'dup': 1, u'menu': u'module: packing', u'word': u'packing', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.parse_ldd_output', u'info': u"parse_ldd_output(output)\n\nParses the output from a run of 'ldd' on a binary.\nReturns a dictionary of {path: address} for\neach library required by the specified binary.\n\nArguments:\n output(str): The output to parse\n\nExample:\n >>> sorted(parse_ldd_output('''\n ... linux-vdso.so.1 => (0x00007fffbf5fe000)\n ... libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fe28117f000)\n ... libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fe280f7b000)\n ... libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe280bb4000)\n ... /lib64/ld-linux-x86-64.so.2 (0x00007fe2813dd000)\n ... ''').keys())\n ['/lib/x86_64-linux-gnu/libc.so.6', '/lib/x86_64-linux-gnu/libdl.so.2', '/lib/x86_64-linux-gnu/libtinfo.so.5', '/lib64/ld-linux-x86-64.so.2']", u'word': u'parse_ldd_output', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.partition', u'info': u'partition(lst, f, save_keys = False)\n\npartition(lst, f, save_keys = False) -> list\n\nPartitions an iterable into sublists using a function to specify which\ngroup they belong to.\n\nIt works by callingf
on every element and saving the results into\nan :class:collections.OrderedDict
.\n\nArguments:\n lst: The iterable to partition\n f(function): The function to use as the partitioner.\n save_keys(bool): Set this to True, if you want the OrderedDict\n returned instead of just the values\n\nExample:\n >>> partition([1,2,3,4,5], lambda x: x&1)\n [[1, 3, 5], [2, 4]]', u'word': u'partition', u'empty': 1}, {u'dup': 1, u'menu': u'module: os.path', u'info': u'Common pathname manipulations, OS/2 EMX version.\n\nInstead of importing this module directly, import os and refer to this\nmodule as os.path.', u'word': u'path', u'empty': 1}, {u'dup': 1, u'menu': u'function: ui.pause', u'info': u'pause(n = None)\n\nWaits for either user input or a specific number of seconds.', u'word': u'pause', u'empty': 1}, {u'dup': 1, u'menu': u'module: cPickle', u'word': u'pickle', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.util.proc.pidof', u'info': u'pidof(target)\n\npidof(target) -> int list\n\nGet PID(s) oftarget
. The returned PID(s) depends on the type oftarget
:\n\n- :class:str
: PIDs of all processes with a name matchingtarget
.\n- :class:pwnlib.tubes.process.process
: singleton list of the PID oftarget
.\n- :class:pwnlib.tubes.sock.sock
: singleton list of the PID at the\n remote end oftarget
if it is running on the host. Otherwise an\n empty list.\n\nArguments:\n target(object): The target whose PID(s) to find.\n\nReturns:\n A list of found PIDs.', u'word': u'pidof', u'empty': 1}, {u'dup': 1, u'menu': u'module: platform', u'word': u'platform', u'empty': 1}, {u'dup': 1, u'menu': u'function: pprint.pprint', u'info': u'pprint(object, stream=None, indent=1, width=80, depth=None)\n\nPretty-print a Python object to a stream [default is sys.stdout].', u'word': u'pprint', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.print_binutils_instructions', u'info': u'print_binutils_instructions(util, context)\n\nOn failure to find a binutils utility, inform the user of a way\nthey can get it easily.', u'word': u'print_binutils_instructions', u'empty': 1}, {u'dup': 1, u'menu': u'function: encoder.printable', u'info': u'printable(raw_bytes, *a, *kw)\n\nprintable(raw_bytes) -> str\n\nEncode the shellcoderaw_bytes
such that it only contains\nnon-space printable bytes.\n\nAccepts the same arguments as :func:encode
.', u'word': u'printable', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib.util.proc', u'word': u'proc', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.process.process', u'info': u'process(self, argv = None, shell = False,\nexecutable = None, cwd = None, env =\nNone, stdin = PIPE, stdout = PTY,\nstderr = STDOUT, close_fds = True,\npreexec_fn = lambda: None, raw = True,\naslr = None, setuid = None, where =\n\'local\', display = None, alarm = None,\nargs, kwargs )\n\nSpawns a new process, and wraps it with a tube for communication.\n\nArguments:\n argv(list):\n List of arguments to pass to the spawned process.\n shell(bool):\n Set toTrue
to interpretargv
as a string\n to pass to the shell for interpretation instead of as argv.\n executable(str):\n Path to the binary to execute. IfNone
, usesargv[0]
.\n Cannot be used withshell
.\n cwd(str):\n Working directory. Uses the current working directory by default.\n env(dict):\n Environment variables. By default, inherits from Python\'s environment.\n stdin(int):\n File object or file descriptor number to use forstdin
.\n By default, a pipe is used. A pty can be used instead by setting\n this toprocess.PTY
. This will cause programs to behave in an\n interactive manner (e.g..,python
will show a>>>
prompt).\n If the application reads from/dev/tty
directly, use a pty.\n stdout(int):\n File object or file descriptor number to use forstdout
.\n By default, a pty is used so that any stdout buffering by libc\n routines is disabled.\n May also besubprocess.PIPE
to use a normal pipe.\n stderr(int):\n File object or file descriptor number to use forstderr
.\n By default,stdout
is used.\n May also besubprocess.PIPE
to use a separate pipe,\n although thetube
wrapper will not be able to read this data.\n close_fds(bool):\n Close all open file descriptors except stdin, stdout, stderr.\n By default,True
is used.\n preexec_fn(callable):\n Callable to invoke immediately before callingexecve
.\n raw(bool):\n Set the created pty to raw mode (i.e. disable echo and control\n characters).True
by default. If no pty is created, this\n has no effect.\n aslr(bool):\n If set toFalse
, disable ASLR viapersonality
(setarch -R
)\n andsetrlimit
(ulimit -s unlimited
).\n\n This disables ASLR for the target process. However, thesetarch
\n changes are lost if asetuid
binary is executed.\n\n The default value is inherited fromcontext.aslr
.\n Seesetuid
below for additional options and information.\n setuid(bool):\n Used to controlsetuid
status of the target binary, and the\n corresponding actions taken.\n\n By default, this value isNone
, so no assumptions are made.\n\n IfTrue
, treat the target binary assetuid
.\n This modifies the mechanisms used to disable ASLR on the process if\naslr=False
.\n This is useful for debugging locally, when the exploit is a\nsetuid
binary.\n\n IfFalse
, preventsetuid
bits from taking effect on the\n target binary. This is only supported on Linux, with kernels v3.5\n or greater.\n where(str):\n Where the process is running, used for logging purposes.\n display(list):\n List of arguments to display, instead of the main executable name.\n alarm(int):\n Set a SIGALRM alarm timeout on the process.\n\nAttributes:\n proc(subprocess)\n\nExamples:\n\n >>> p = process(\'python2\')\n >>> p.sendline("print \'Hello world\'")\n >>> p.sendline("print \'Wow, such data\'");\n >>> \'\' == p.recv(timeout=0.01)\n True\n >>> p.shutdown(\'send\')\n >>> p.proc.stdin.closed\n True\n >>> p.connected(\'send\')\n False\n >>> p.recvline()\n \'Hello world\n\'\n >>> p.recvuntil(\',\')\n \'Wow,\'\n >>> p.recvregex(\'.data\')\n \' such data\'\n >>> p.recv()\n \'\n\'\n >>> p.recv() # doctest: +ELLIPSIS\n Traceback (most recent call last):\n ...\n EOFError\n\n >>> p = process(\'cat\')\n >>> d = open(\'/dev/urandom\').read(4096)\n >>> p.recv(timeout=0.1)\n \'\'\n >>> p.write(d)\n >>> p.recvrepeat(0.1) == d\n True\n >>> p.recv(timeout=0.1)\n \'\'\n >>> p.shutdown(\'send\')\n >>> p.wait_for_close()\n >>> p.poll()\n 0\n\n >>> p = process(\'cat /dev/zero | head -c8\', shell=True, stderr=open(\'/dev/null\', \'w+\'))\n >>> p.recv()\n \'\x00\x00\x00\x00\x00\x00\x00\x00\'\n\n >>> p = process([\'python\',\'-c\',\'import os; print os.read(2,1024)\'],\n ... preexec_fn = lambda: os.dup2(0,2))\n >>> p.sendline(\'hello\')\n >>> p.recvline()\n \'hello\n\'\n\n >>> stack_smashing = [\'python\',\'-c\',\'open("/dev/tty","wb").write("stack smashing detected")\']\n >>> process(stack_smashing).recvall()\n \'stack smashing detected\'\n\n >>> PIPE=subprocess.PIPE\n >>> process(stack_smashing, stdout=PIPE).recvall()\n \'\'\n\n >>> getpass = [\'python\',\'-c\',\'import getpass; print getpass.getpass("XXX")\']\n >>> p = process(getpass, stdin=process.PTY)\n >>> p.recv()\n \'XXX\'\n >>> p.sendline(\'hunter2\')\n >>> p.recvall()\n \'\nhunter2\n\'\n\n >>> process(\'echo hello 1>&2\', shell=True).recvall()\n \'hello\n\'\n\n >>> process(\'echo hello 1>&2\', shell=True, stderr=PIPE).recvall()\n \'\'\n\n >>> a = process([\'cat\', \'/proc/self/maps\']).recvall()\n >>> b = process([\'cat\', \'/proc/self/maps\'], aslr=False).recvall()\n >>> with context.local(aslr=False):\n ... c = process([\'cat\', \'/proc/self/maps\']).recvall()\n >>> a == b\n False\n >>> b == c\n True\n\n >>> process([\'sh\',\'-c\',\'ulimit -s\'], aslr=0).recvline()\n \'unlimited\n\'\n\n >>> io = process([\'sh\',\'-c\',\'sleep 10; exit 7\'], alarm=2)\n >>> io.poll(block=True) == -signal.SIGALRM\n True\n\n >>> binary = ELF.from_assembly(\'nop\', arch=\'mips\')\n >>> p = process(binary.path)', u'word': u'process', u'empty': 1}, {u'dup': 1, u'menu': u'module: pwnlib', u'word': u'pwnlib', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.exception.PwnlibException', u'info': u'PwnlibException(self, msg, reason = None, exit_code = None)\n\nException thrown by :func:pwnlib.log.error
.\n\nPwnlib functions that encounters unrecoverable errors should call the\n:func:pwnlib.log.error
function instead of throwing this exception directly.', u'word': u'PwnlibException', u'empty': 1}, {u'dup': 1, u'menu': u'function: random.randint', u'info': u'randint(self, a, b)\n\nReturn random integer in range [a, b], including both end points.\n ', u'word': u'randint', u'empty': 1}, {u'dup': 1, u'menu': u'module: random', u'word': u'random', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.randoms', u'info': u"randoms(count, alphabet = string.lowercase)\n\nrandoms(count, alphabet = string.lowercase) -> str\n\nReturns a random string of a given length using only the specified alphabet.\n\nArguments:\n count (int): The length of the desired string.\n alphabet: The alphabet of allowed characters. Defaults to all lowercase characters.\n\nReturns:\n A random string.\n\nExample:\n\n >>> randoms(10) #doctest: +SKIP\n 'evafjilupm'", u'word': u'randoms', u'empty': 1}, {u'dup': 1, u'menu': u'module: re', u'word': u're', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.read', u'info': u"read(path, count=-1, skip=0)\n\nread(path, count=-1, skip=0) -> str\n\nOpen file, return content.\n\nExamples:\n >>> read('/proc/self/exe')[:4]\n '\x7fELF'", u'word': u'read', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.register_sizes', u'info': u"register_sizes(regs, in_sizes)\n\nCreate dictionaries over register sizes and relations\n\nGiven a list of lists of overlapping register names (e.g. ['eax','ax','al','ah']) and a list of input sizes,\nit returns the following:\n\n all_regs : list of all valid registers\n sizes[reg] : the size of reg in bits\n bigger[reg] : list of overlapping registers bigger than reg\n smaller[reg]: list of overlapping registers smaller than reg\n\nUsed in i386/AMD64 shellcode, e.g. the mov-shellcode.\n\nExample:\n >>> regs = [['eax', 'ax', 'al', 'ah'],['ebx', 'bx', 'bl', 'bh'],\n ... ['ecx', 'cx', 'cl', 'ch'],\n ... ['edx', 'dx', 'dl', 'dh'],\n ... ['edi', 'di'],\n ... ['esi', 'si'],\n ... ['ebp', 'bp'],\n ... ['esp', 'sp'],\n ... ]\n >>> all_regs, sizes, bigger, smaller = register_sizes(regs, [32, 16, 8, 8])\n >>> all_regs\n ['eax', 'ax', 'al', 'ah', 'ebx', 'bx', 'bl', 'bh', 'ecx', 'cx', 'cl', 'ch', 'edx', 'dx', 'dl', 'dh', 'edi', 'di', 'esi', 'si', 'ebp', 'bp', 'esp', 'sp']\n >>> sizes\n {'ch': 8, 'cl': 8, 'ah': 8, 'edi': 32, 'al': 8, 'cx': 16, 'ebp': 32, 'ax': 16, 'edx': 32, 'ebx': 32, 'esp': 32, 'esi': 32, 'dl': 8, 'dh': 8, 'di': 16, 'bl': 8, 'bh': 8, 'eax': 32, 'bp': 16, 'dx': 16, 'bx': 16, 'ecx': 32, 'sp': 16, 'si': 16}\n >>> bigger\n {'ch': ['ecx', 'cx', 'ch'], 'cl': ['ecx', 'cx', 'cl'], 'ah': ['eax', 'ax', 'ah'], 'edi': ['edi'], 'al': ['eax', 'ax', 'al'], 'cx': ['ecx', 'cx'], 'ebp': ['ebp'], 'ax': ['eax', 'ax'], 'edx': ['edx'], 'ebx': ['ebx'], 'esp': ['esp'], 'esi': ['esi'], 'dl': ['edx', 'dx', 'dl'], 'dh': ['edx', 'dx', 'dh'], 'di': ['edi', 'di'], 'bl': ['ebx', 'bx', 'bl'], 'bh': ['ebx', 'bx', 'bh'], 'eax': ['eax'], 'bp': ['ebp', 'bp'], 'dx': ['edx', 'dx'], 'bx': ['ebx', 'bx'], 'ecx': ['ecx'], 'sp': ['esp', 'sp'], 'si': ['esi', 'si']}\n >>> smaller\n {'ch': [], 'cl': [], 'ah': [], 'edi': ['di'], 'al': [], 'cx': ['cl', 'ch'], 'ebp': ['bp'], 'ax': ['al', 'ah'], 'edx': ['dx', 'dl', 'dh'], 'ebx': ['bx', 'bl', 'bh'], 'esp': ['sp'], 'esi': ['si'], 'dl': [], 'dh': [], 'di': [], 'bl': [], 'bh': [], 'eax': ['ax', 'al', 'ah'], 'bp': [], 'dx': ['dl', 'dh'], 'bx': ['bl', 'bh'], 'ecx': ['cx', 'cl', 'ch'], 'sp': [], 'si': []}", u'word': u'register_sizes', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.regsort', u'info': u"regsort(in_out, all_regs, tmp = None, xchg = True, randomize = None)\n\nSorts register dependencies.\n\nGiven a dictionary of registers to desired register contents,\nreturn the optimal order in which to set the registers to\nthose contents.\n\nThe implementation assumes that it is possible to move from\nany register to any other register.\n\nIf a dependency cycle is encountered, one of the following will\noccur:\n\n- Ifxchg
isTrue
, it is assumed that dependency cyles can\n be broken by swapping the contents of two register (a la the\nxchg
instruction on i386).\n- Ifxchg
is not set, but not all destination registers in\nin_out
are involved in a cycle, one of the registers\n outside the cycle will be used as a temporary register,\n and then overwritten with its final value.\n- Ifxchg
is not set, and all registers are involved in\n a dependency cycle, the named registertemporary
is used\n as a temporary register.\n- If the dependency cycle cannot be resolved as described above,\n an exception is raised.\n\nArguments:\n\n in_out(dict):\n Dictionary of desired register states.\n Keys are registers, values are either registers or any other value.\n all_regs(list):\n List of all possible registers.\n Used to determine which values inin_out
are registers, versus\n regular values.\n tmp(obj, str):\n Named register (or other sentinel value) to use as a temporary\n register. Iftmp
is a named register and appears\n as a source value inin_out
, dependencies are handled\n appropriately.tmp
cannot be a destination register\n inin_out
.\n Ifbool(tmp)==True
, this mode is enabled.\n xchg(obj):\n Indicates the existence of an instruction which can swap the\n contents of two registers without use of a third register.\n Ifbool(xchg)==False
, this mode is disabled.\n random(bool):\n Randomize as much as possible about the order or registers.\n\nReturns:\n\n A list of tuples of(src, dest)
.\n\n Each register may appear more than once, if a register is used\n as a temporary register, and later overwritten with its final\n value.\n\n Ifxchg
isTrue
and it is used to break a dependency cycle,\n thenreg_name
will beNone
andvalue
will be a tuple\n of the instructions to swap.\n\nExample:\n\n >>> R = ['a', 'b', 'c', 'd', 'x', 'y', 'z']\n\n If order doesn't matter for any subsequence, alphabetic\n order is used.\n\n >>> regsort({'a': 1, 'b': 2}, R)\n [('mov', 'a', 1), ('mov', 'b', 2)]\n >>> regsort({'a': 'b', 'b': 'a'}, R)\n [('xchg', 'a', 'b')]\n >>> regsort({'a': 'b', 'b': 'a'}, R, tmp='X') #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'X', 'a'),\n ('mov', 'a', 'b'),\n ('mov', 'b', 'X')]\n >>> regsort({'a': 1, 'b': 'a'}, R) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'b', 'a'),\n ('mov', 'a', 1)]\n >>> regsort({'a': 'b', 'b': 'a', 'c': 3}, R) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'c', 3),\n ('xchg', 'a', 'b')]\n >>> regsort({'a': 'b', 'b': 'a', 'c': 'b'}, R) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'c', 'b'),\n ('xchg', 'a', 'b')]\n >>> regsort({'a':'b', 'b':'a', 'x':'b'}, R, tmp='y', xchg=False) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'x', 'b'),\n ('mov', 'y', 'a'),\n ('mov', 'a', 'b'),\n ('mov', 'b', 'y')]\n >>> regsort({'a':'b', 'b':'a', 'x':'b'}, R, tmp='x', xchg=False) #doctest: +ELLIPSIS\n Traceback (most recent call last):\n ...\n PwnlibException: Cannot break dependency cycles ...\n >>> regsort({'a':'b','b':'c','c':'a','x':'1','y':'z','z':'c'}, R) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'x', '1'),\n ('mov', 'y', 'z'),\n ('mov', 'z', 'c'),\n ('xchg', 'a', 'b'),\n ('xchg', 'b', 'c')]\n >>> regsort({'a':'b','b':'c','c':'a','x':'1','y':'z','z':'c'}, R, tmp='x') #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'y', 'z'),\n ('mov', 'z', 'c'),\n ('mov', 'x', 'a'),\n ('mov', 'a', 'b'),\n ('mov', 'b', 'c'),\n ('mov', 'c', 'x'),\n ('mov', 'x', '1')]\n >>> regsort({'a':'b','b':'c','c':'a','x':'1','y':'z','z':'c'}, R, xchg=0) #doctest: +NORMALIZE_WHITESPACE\n [('mov', 'y', 'z'),\n ('mov', 'z', 'c'),\n ('mov', 'x', 'a'),\n ('mov', 'a', 'b'),\n ('mov', 'b', 'c'),\n ('mov', 'c', 'x'),\n ('mov', 'x', '1')]\n >>> regsort({'a': 'b', 'b': 'c'}, ['a','b','c'], xchg=0)\n [('mov', 'a', 'b'), ('mov', 'b', 'c')]", u'word': u'regsort', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.remote.remote', u'info': u'remote(self, host, port, fam = "any", typ = "tcp",\nssl=False, sock=None, args, kwargs)\n\nCreates a TCP or UDP-connection to a remote host. It supports\nboth IPv4 and IPv6.\n\nThe returned object supports all the methods from\n:class:pwnlib.tubes.sock
and :class:pwnlib.tubes.tube
.\n\nArguments:\n host(str): The host to connect to.\n port(int): The port to connect to.\n fam: The string "any", "ipv4" or "ipv6" or an integer to pass to :func:socket.getaddrinfo
.\n typ: The string "tcp" or "udp" or an integer to pass to :func:socket.getaddrinfo
.\n timeout: A positive number, None or the string "default".\n ssl(bool): Wrap the socket with SSL\n sock(socket): Socket to inherit, rather than connecting\n\nExamples:\n\n >>> r = remote(\'google.com\', 443, ssl=True)\n >>> r.send(\'GET /\r\n\r\n\')\n >>> r.recvn(4)\n \'HTTP\'\n >>> r = remote(\'127.0.0.1\', 1)\n Traceback (most recent call last):\n ...\n PwnlibException: Could not connect to 127.0.0.1 on port 1\n >>> import socket\n >>> s = socket.socket()\n >>> s.connect((\'google.com\', 80))\n >>> s.send(\'GET /\' + \'\r\n\'2)\n 9\n >>> r = remote.fromsocket(s)\n >>> r.recvn(4)\n \'HTTP\'', u'word': u'remote', u'empty': 1}, {u'dup': 1, u'menu': u'function: regsort.resolve_order', u'info': u"resolve_order(reg, deps)\n\nResolve the order of all dependencies starting at a given register.\n\nExample:\n\n >>> want = {'a': 1, 'b': 'c', 'c': 'd', 'd': 7, 'x': 'd'}\n >>> deps = {'a': [], 'b': [], 'c': ['b'], 'd': ['c', 'x'], 'x': []}\n >>> resolve_order('a', deps)\n ['a']\n >>> resolve_order('b', deps)\n ['b']\n >>> resolve_order('c', deps)\n ['b', 'c']\n >>> resolve_order('d', deps)\n ['b', 'c', 'x', 'd']", u'word': u'resolve_order', u'empty': 1}, {u'dup': 1, u'menu': u"statement: \nreturn_types = {'p': 'str', 'u': 'int'}", u'word': u'return_types', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.rol', u'info': u"rol(n, k, word_size = None)\n\nReturns a rotation byk
ofn
.\n\nWhenn
is a number, then means((n << k) | (n >> (word_size - k)))
truncated toword_size
bits.\n\nWhenn
is a list, tuple or string, this isn[k % len(n):] + n[:k % len(n)]
.\n\nArguments:\n n: The value to rotate.\n k(int): The rotation amount. Can be a positive or negative number.\n word_size(int): Ifn
is a number, then this is the assumed bitsize ofn
. Defaults to :data:pwnlib.context.word_size
ifNone
.\n\nExample:\n\n >>> rol('abcdefg', 2)\n 'cdefgab'\n >>> rol('abcdefg', -2)\n 'fgabcde'\n >>> hex(rol(0x86, 3, 8))\n '0x34'\n >>> hex(rol(0x86, -3, 8))\n '0xd0'", u'word': u'rol', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.rop.ROP', u'info': u'ROP(self, elfs, base = None, kwargs)\n\nClass which simplifies the generation of ROP-chains.\n\nExample:\n\n.. code-block:: python\n\n elf = ELF(\'ropasaurusrex\')\n rop = ROP(elf)\n rop.read(0, elf.bss(0x80))\n rop.dump()\n # [\'0x0000: 0x80482fc (read)\',\n # \'0x0004: 0xdeadbeef\',\n # \'0x0008: 0x0\',\n # \'0x000c: 0x80496a8\']\n str(rop)\n # \'\xfc\x82\x04\x08\xef\xbe\xad\xde\x00\x00\x00\x00\xa8\x96\x04\x08\'\n\n>>> context.clear(arch = "i386", kernel = \'amd64\')\n>>> assembly = \'int 0x80; ret; add esp, 0x10; ret; pop eax; ret\'\n>>> e = ELF.from_assembly(assembly)\n>>> e.symbols[\'funcname\'] = e.address + 0x1234\n>>> r = ROP(e)\n>>> r.funcname(1, 2)\n>>> r.funcname(3)\n>>> r.execve(4, 5, 6)\n>>> print r.dump()\n0x0000: 0x10001234 funcname(1, 2)\n0x0004: 0x10000003 <adjust: add esp, 0x10; ret>\n0x0008: 0x1 arg0\n0x000c: 0x2 arg1\n0x0010: \'eaaa\'rol
, which negates the values ofk
.', u'word': u'ror', u'empty': 1}, {u'dup': 1, u'menu': u'statement: name, routine = make_multi(op,size)', u'word': u'routine', u'empty': 1}, {u'dup': 1, u'menu': u'function: runner.run_assembly', u'info': u"run_assembly(assembly)\n\nGiven an assembly listing, assemble and execute it.\n\nReturns:\n\n Aprocess
tube to interact with the process.\n\nExample:\n\n >>> p = run_assembly('mov ebx, 3; mov eax, SYS_exit; int 0x80;')\n >>> p.wait_for_close()\n >>> p.poll()\n 3\n\n >>> p = run_assembly('mov r0, #12; mov r7, #1; svc #0', arch='arm')\n >>> p.wait_for_close()\n >>> p.poll()\n 12", u'word': u'run_assembly', u'empty': 1}, {u'dup': 1, u'menu': u'function: runner.run_assembly_exitcode', u'info': u"run_assembly_exitcode(assembly)\n\nGiven an assembly listing, assemble and execute it, and wait for\nthe process to die.\n\nReturns:\n\n The exit code of the process.\n\nExample:\n\n >>> run_assembly_exitcode('mov ebx, 3; mov eax, SYS_exit; int 0x80;')\n 3", u'word': u'run_assembly_exitcode', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.run_in_new_terminal', u'info': u'run_in_new_terminal(command, terminal = None, args = None)\n\nrun_in_new_terminal(command, terminal = None) -> None\n\nRun a command in a new terminal.\n\nWhenterminal
is not set:\n - Ifcontext.terminal
is set it will be used. If it is an iterable then\ncontext.terminal[1:]
are default arguments.\n - If X11 is detected (by the presence of theDISPLAY
environment\n variable),x-terminal-emulator
is used.\n - If tmux is detected (by the presence of theTMUX
environment\n variable), a new pane will be opened.\n\nArguments:\n command (str): The command to run.\n terminal (str): Which terminal to use.\n args (list): Arguments to pass to the terminal\n\nReturns:\n None', u'word': u'run_in_new_terminal', u'empty': 1}, {u'dup': 1, u'menu': u'function: runner.run_shellcode', u'info': u"run_shellcode(bytes,encode
.', u'word': u'scramble', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.sequential_lines', u'info': u'sequential_lines(a,b)\n\n', u'word': u'sequential_lines', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.serialtube.serialtube', u'info': u"serialtube( self, port = None, baudrate = 115200,\nconvert_newlines = True, bytesize = 8, parity='N',\nstopbits=1, xonxoff = False, rtscts = False, dsrdtr = False,\n*a, *kw)\n\n", u'word': u'serialtube', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.util.sh_string.sh_command_with', u'info': u'sh_command_with(f, args)\n\nsh_command_with(f, arg0, ..., argN) -> command\n\nReturns a command create by evaluatingf(new_arg0, ..., new_argN)
\nwheneverf
is a function andf % (new_arg0, ..., new_argN)
otherwise.\n\nIf the arguments are purely alphanumeric, then they are simply passed to\nfunction. If they are simple to escape, they will be escaped and passed to\nthe function.\n\nIf the arguments contain trailing newlines, then it is hard to use them\ndirectly because of a limitation in the posix shell. In this case the\noutput fromf
is prepended with a bit of code to create the variables.\n\nExamples:\n\n >>> sh_command_with(lambda: "echo hello")\n \'echo hello\'\n >>> sh_command_with(lambda x: "echo " + x, "hello")\n \'echo hello\'\n >>> sh_command_with(lambda x: "/bin/echo " + x, "\\x01")\n "/bin/echo \'\\x01\'"\n >>> sh_command_with(lambda x: "/bin/echo " + x, "\\x01\\n")\n "/bin/echo \'\\x01\\n\'"\n >>> sh_command_with("/bin/echo %s", "\\x01\\n")\n "/bin/echo \'\\x01\\n\'"', u'word': u'sh_command_with', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.util.sh_string.sh_prepare', u'info': u'sh_prepare(variables, export = False)\n\nOutputs a posix compliant shell command that will put the data specified\nby the dictionary into the environment.\n\nIt is assumed that the keys in the dictionary are valid variable names that\ndoes not need any escaping.\n\nArguments:\n variables(dict): The variables to set.\n export(bool): Should the variables be exported or only stored in the shell environment?\n output(str): A valid posix shell command that will set the given variables.\n\nIt is assumed thatvar
is a valid name for a variable in the shell.\n\nExamples:\n\n >>> sh_prepare({\'X\': \'foobar\'})\n \'X=foobar\'\n >>> r = sh_prepare({\'X\': \'foobar\', \'Y\': \'cookies\'})\n >>> r == \'X=foobar;Y=cookies\' or r == \'Y=cookies;X=foobar\'\n True\n >>> sh_prepare({\'X\': \'foo bar\'})\n "X=\'foo bar\'"\n >>> sh_prepare({\'X\': "foo\'bar"})\n "X=\'foo\'\\\'\'bar\'"\n >>> sh_prepare({\'X\': "foo\\\\bar"})\n "X=\'foo\\\\bar\'"\n >>> sh_prepare({\'X\': "foo\\\\\'bar"})\n "X=\'foo\\\\\'\\\'\'bar\'"\n >>> sh_prepare({\'X\': "foo\\x01\'bar"})\n "X=\'foo\\x01\'\\\'\'bar\'"\n >>> sh_prepare({\'X\': "foo\\x01\'bar"}, export = True)\n "export X=\'foo\\x01\'\\\'\'bar\'"\n >>> sh_prepare({\'X\': "foo\\x01\'bar\\n"})\n "X=\'foo\\x01\'\\\'\'bar\\n\'"\n >>> sh_prepare({\'X\': "foo\\x01\'bar\\n"})\n "X=\'foo\\x01\'\\\'\'bar\\n\'"\n >>> sh_prepare({\'X\': "foo\\x01\'bar\\n"}, export = True)\n "export X=\'foo\\x01\'\\\'\'bar\\n\'"', u'word': u'sh_prepare', u'empty': 1}, {u'dup': 1, u'menu': u'function: pwnlib.util.sh_string.sh_string', u'info': u'sh_string(s)\n\nOutputs a string in a format that will be understood by /bin/sh.\n\nIf the string does not contain any bad characters, it will simply be\nreturned, possibly with quotes. If it contains bad characters, it will\nbe escaped in a way which is compatible with most known systems.\n\nWarning:\n This does not play along well with the shell\'s built-in "echo".\n It works exactly as expected to set environment variables and\n arguments, unless it\'s the shell-builtin echo.\n\nArgument:\n s(str): String to escape.\n\nExamples:\n\n >>> sh_string(\'foobar\')\n \'foobar\'\n >>> sh_string(\'foo bar\')\n "\'foo bar\'"\n >>> sh_string("foo\'bar")\n "\'foo\'\\\'\'bar\'"\n >>> sh_string("foo\\\\bar")\n "\'foo\\\\bar\'"\n >>> sh_string("foo\\\\\'bar")\n "\'foo\\\\\'\\\'\'bar\'"\n >>> sh_string("foo\\x01\'bar")\n "\'foo\\x01\'\\\'\'bar\'"', u'word': u'sh_string', u'empty': 1}, {u'dup': 1, u'menu': u'module: shellcraft', u'word': u'shellcraft', u'empty': 1}, {u'dup': 1, u'menu': u'function: random.shuffle', u'info': u'shuffle(self, x, random=None)\n\nx, random=random.random -> shuffle list x in place; return None.\n\nOptional arg random is a 0-argument function returning a random\nfloat in [0.0, 1.0); by default, the standard random.random.', u'word': u'shuffle', u'empty': 1}, {u'dup': 1, u'menu': u'module: shutil', u'word': u'shutil', u'empty': 1}, {u'dup': 1, u'menu': u'forstmt: packing', u'word': u'sign', u'empty': 1}, {u'dup': 1, u'menu': u'module: signal', u'word': u'signal', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.signed', u'info': u'signed(integer)\n\n', u'word': u'signed', u'empty': 1}, {u'dup': 1, u'menu': u"statement: signs = ['s','u']", u'word': u'signs', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.rop.srop.SigreturnFrame', u'info': u'SigreturnFrame(self)\n\nCrafts a sigreturn frame with values that are loaded up into\nregisters.\n\nArguments:\n arch(str):\n The architecture. Currentlyi386
andamd64
are\n supported.\n\nExamples:\n\n Crafting a SigreturnFrame that calls mprotect on amd64\n\n >>> context.clear(arch=\'amd64\')\n >>> s = SigreturnFrame()\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 51, 0, 0, 0, 0, 0, 0, 0]\n >>> assert len(s) == 248\n >>> s.rax = 0xa\n >>> s.rdi = 0x00601000\n >>> s.rsi = 0x1000\n >>> s.rdx = 0x7\n >>> assert len(str(s)) == 248\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6295552, 4096, 0, 0, 7, 10, 0, 0, 0, 0, 51, 0, 0, 0, 0, 0, 0, 0]\n\n Crafting a SigreturnFrame that calls mprotect on i386\n\n >>> context.clear(arch=\'i386\')\n >>> s = SigreturnFrame(kernel=\'i386\')\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, 0, 123, 0]\n >>> assert len(s) == 80\n >>> s.eax = 125\n >>> s.ebx = 0x00601000\n >>> s.ecx = 0x1000\n >>> s.edx = 0x7\n >>> assert len(str(s)) == 80\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 6295552, 7, 4096, 125, 0, 0, 0, 115, 0, 0, 123, 0]\n\n Crafting a SigreturnFrame that calls mprotect on ARM\n\n >>> s = SigreturnFrame(arch=\'arm\')\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1073741840, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1447448577, 288]\n >>> s.r0 = 125\n >>> s.r1 = 0x00601000\n >>> s.r2 = 0x1000\n >>> s.r3 = 0x7\n >>> assert len(str(s)) == 240\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 6, 0, 0, 125, 6295552, 4096, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1073741840, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1447448577, 288]\n\n Crafting a SigreturnFrame that calls mprotect on MIPS\n\n >>> context.clear()\n >>> context.endian = "big"\n >>> s = SigreturnFrame(arch=\'mips\')\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n >>> s.v0 = 0x101d\n >>> s.a0 = 0x00601000\n >>> s.a1 = 0x1000\n >>> s.a2 = 0x7\n >>> assert len(str(s)) == 296\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4125, 0, 0, 0, 6295552, 0, 4096, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n\n Crafting a SigreturnFrame that calls mprotect on MIPSel\n\n >>> context.clear()\n >>> context.endian = "little"\n >>> s = SigreturnFrame(arch=\'mips\')\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n >>> s.v0 = 0x101d\n >>> s.a0 = 0x00601000\n >>> s.a1 = 0x1000\n >>> s.a2 = 0x7\n >>> assert len(str(s)) == 292\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4125, 0, 0, 0, 6295552, 0, 4096, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n\n Crafting a SigreturnFrame that calls mprotect on Aarch64\n\n >>> context.clear()\n >>> context.endian = "little"\n >>> s = SigreturnFrame(arch=\'aarch64\')\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1179680769, 528]\n >>> s.x8 = 0xe2\n >>> s.x0 = 0x4000\n >>> s.x1 = 0x1000\n >>> s.x2 = 0x7\n >>> assert len(str(s)) == 600\n >>> unpack_many(str(s))\n [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16384, 0, 4096, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 226, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1179680769, 528]', u'word': u'SigreturnFrame', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.size', u'info': u"size(n, abbriv = 'B', si = False)\n\nsize(n, abbriv = 'B', si = False) -> str\n\nConvert the length of a bytestream to human readable form.\n\nArguments:\n n(int,str): The length to convert to human readable form\n abbriv(str):\n\nExample:\n >>> size(451)\n '451B'\n >>> size(1000)\n '1000B'\n >>> size(1024)\n '1.00KB'\n >>> size(1024, si = True)\n '1.02KB'\n >>> [size(1024 n) for n in range(7)]\n ['1B', '1.00KB', '1.00MB', '1.00GB', '1.00TB', '1.00PB', '1024.00PB']", u'word': u'size', u'empty': 1}, {u'dup': 1, u'menu': u"statement: sizes = {8:'b', 16:'h', 32:'i', 64:'q'}", u'word': u'sizes', u'empty': 1}, {u'dup': 1, u'menu': u'function: replacements.sleep', u'info': u'sleep(n)\n\nsleep(n)\n\nReplacement for :func:time.sleep()
, which does not return if a signal is received.\n\nArguments:\n n (int): Number of seconds to sleep.', u'word': u'sleep', u'empty': 1}, {u'dup': 1, u'menu': u'module: socket', u'word': u'socket', u'empty': 1}, {u'dup': 1, u'menu': u'module: socks', u'word': u'socks', u'empty': 1}, {u'dup': 1, u'menu': u'function: splash.splash', u'info': u'splash()\n\nPut this at the beginning of your exploit to create the illusion that\nyour sploit is enterprisey and top notch quality', u'word': u'splash', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.ssh.ssh', u'info': u'ssh(self, user, host, port = 22, password = None, key = None,\nkeyfile = None, proxy_command = None, proxy_sock = None,\nlevel = None, cache = True, ssh_agent = False, *a, kw)\n\n', u'word': u'ssh', u'empty': 1}, {u'dup': 1, u'menu': u'module: stat', u'word': u'stat', u'empty': 1}, {u'dup': 1, u'menu': u'module: string', u'word': u'string', u'empty': 1}, {u'dup': 1, u'menu': u'class: StringIO.StringIO', u'info': u"StringIO(self, buf = '')\n\nclass StringIO([buffer])\n\nWhen a StringIO object is created, it can be initialized to an existing\nstring by passing the string to the constructor. If no string is given,\nthe StringIO will start empty.\n\nThe StringIO object can accept either Unicode or 8-bit strings, but\nmixing the two may take some care. If both are used, 8-bit strings that\ncannot be interpreted as 7-bit ASCII (that use the 8th bit) will cause\na UnicodeError to be raised when getvalue() is called.", u'word': u'StringIO', u'empty': 1}, {u'dup': 1, u'menu': u'module: struct', u'word': u'struct', u'empty': 1}, {u'dup': 1, u'menu': u'function: flag.submit_flag', u'info': u"submit_flag(flag, exploit=env_exploit_name,\ntarget=env_target_host, server=env_server,\nport=env_port, proto=env_proto,\nteam=env_teamname)\n\nSubmits a flag to the game server\n\nArguments:\n flag(str): The flag to submit.\n exploit(str): Exploit identifier, optional\n target(str): Target identifier, optional\n server(str): Flag server host name, optional\n port(int): Flag server port, optional\n proto(str), Flag server protocol, optional\n\nOptional arguments are inferred from the environment,\nor omitted if none is set.\n\nReturns:\n A string indicating the status of the key submission,\n or an error code.\n\nDoctest:\n\n >>> l = listen()\n >>> = submit_flag('flag', server='localhost', port=l.lport)\n >>> c = l.wait_for_connection()\n >>> c.recvall().split()\n ['flag', 'unnamed-exploit', 'unknown-target', 'unknown-team']", u'word': u'submit_flag', u'empty': 1}, {u'dup': 1, u'menu': u'module: subprocess', u'word': u'subprocess', u'empty': 1}, {u'dup': 1, u'menu': u'statement: success = log.success', u'word': u'success', u'empty': 1}, {u'dup': 1, u'menu': u'module: sys', u'word': u'sys', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.remote.tcp', u'info': u'tcp(self, host, port, *a, *kw)\n\n', u'word': u'tcp', u'empty': 1}, {u'dup': 1, u'menu': u'module: tempfile', u'word': u'tempfile', u'empty': 1}, {u'dup': 1, u'menu': u'module: term', u'word': u'term', u'empty': 1}, {u'dup': 1, u'menu': u'import: from ..term import text', u'word': u'text', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.context.Thread', u'info': u"Thread(self, args, kwargs)\n\nInstantiates a context-aware thread, which inherit its context when it is\ninstantiated. The class can be accessed both on the context module as\npwnlib.context.Thread
and on the context singleton object inside the\ncontext module aspwnlib.context.context.Thread
.\n\nThreads created by using the native :classthreading
.Threadwill have a\nclean (default) context.\n\nRegardless of the mechanism used to create any thread, the context\nis de-coupled from the parent thread, so changes do not cascade\nto child or parent.\n\nSaves a copy of the context when instantiated (at ``__init__``)\nand updates the new thread's context before passing control\nto the user code via ``run`` or ``target=``.\n\nExamples:\n\n >>> context.clear()\n >>> context.update(arch='arm')\n >>> def p():\n ... print context.arch\n ... context.arch = 'mips'\n ... print context.arch\n >>> # Note that a normal Thread starts with a clean context\n >>> # (i386 is the default architecture)\n >>> t = threading.Thread(target=p)\n >>> _=(t.start(), t.join())\n i386\n mips\n >>> # Note that the main Thread's context is unchanged\n >>> print context.arch\n arm\n >>> # Note that a context-aware Thread receives a copy of the context\n >>> t = pwnlib.context.Thread(target=p)\n >>> _=(t.start(), t.join())\n arm\n mips\n >>> # Again, the main thread is unchanged\n >>> print context.arch\n arm\n\nImplementation Details:\n\n This class implemented by hooking the private function\n :func:
threading.Thread._Thread_bootstrap, which is called before\n passing control to :func:
threading.Thread.run.\n\n This could be done by overriding ``run`` itself, but we would have to\n ensure that all uses of the class would only ever use the keyword\n ``target=`` for ``__init__``, or that all subclasses invoke\n ``super(Subclass.self).set_up_context()`` or similar.", u'word': u'Thread', u'empty': 1}, {u'dup': 1, u'menu': u'module: threading', u'word': u'threading', u'empty': 1}, {u'dup': 1, u'menu': u'module: time', u'word': u'time', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.timeout.Timeout', u'info': u'Timeout(self, timeout=default)\n\nImplements a basic class which has a timeout, and support for\nscoped timeout countdowns.\n\nValid timeout values are:\n\n- ``Timeout.default`` use the global default value (``context.default``)\n- ``Timeout.forever`` or ``None`` never time out\n- Any positive float, indicates timeouts in seconds\n\nExample:\n\n >>> context.timeout = 30\n >>> t = Timeout()\n >>> t.timeout == 30\n True\n >>> t = Timeout(5)\n >>> t.timeout == 5\n True\n >>> i = 0\n >>> with t.countdown():\n ... print (4 <= t.timeout and t.timeout <= 5)\n ...\n True\n >>> with t.countdown(0.5):\n ... while t.timeout:\n ... print round(t.timeout,1)\n ... time.sleep(0.1)\n 0.5\n 0.4\n 0.3\n 0.2\n 0.1\n >>> print t.timeout\n 5.0\n >>> with t.local(0.5):\n ... for i in range(5):\n ... print round(t.timeout,1)\n ... time.sleep(0.1)\n 0.5\n 0.5\n 0.5\n 0.5\n 0.5\n >>> print t.timeout\n 5.0', u'word': u'Timeout', u'empty': 1}, {u'dup': 1, u'menu': u'module: toplevel', u'word': u'toplevel', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.tube.tube', u'info': u'tube(self, timeout = default, level = None, *a, **kw)\n\nContainer of all the tube functions common to sockets, TTYs and SSH connetions.', u'word': u'tube', u'empty': 1}, {u'dup': 1, u'menu': u'module: types', u'word': u'types', u'empty': 1}, {u'dup': 1, u'menu': u'class: pwnlib.tubes.remote.udp', u'info': u'udp(self, host, port, *a, **kw)\n\n', u'word': u'udp', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.unbits', u'info': u'unbits(s, endian = \'big\')\n\nunbits(s, endian = \'big\') -> str\n\nConverts an iterable of bits into a string.\n\nArguments:\n s: Iterable of bits\n endian (str): The string "little" or "big", which specifies the bits endianness.\n\nReturns:\n A string of the decoded bits.\n\nExample:\n >>> unbits([1])\n \'\\x80\'\n >>> unbits([1], endian = \'little\')\n \'\\x01\'\n >>> unbits(bits(\'hello\'), endian = \'little\')\n \'\\x16\\xa666\\xf6\'', u'word': u'unbits', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.unhex', u'info': u'unhex(s)\n\nunhex(s) -> str\n\nHex-decodes a string.\n\nExample:\n\n >>> unhex("74657374")\n \'test\'\n >>> unhex("F\\n")\n \'\\x0f\'', u'word': u'unhex', u'empty': 1}, {u'dup': 1, u'menu': u'function: lists.unordlist', u'info': u"unordlist(cs)\n\nunordlist(cs) -> str\n\nTakes a list of ascii values and returns the corresponding string.\n\nExample:\n >>> unordlist([104, 101, 108, 108, 111])\n 'hello'", u'word': u'unordlist', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.unpack', u'info': u'unpack(data, word_size = None)\n\nunpack(data, word_size = None, endianness = None, sign = None, **kwargs) -> int\n\nPacks arbitrary-sized integer.\n\nWord-size, endianness and signedness is done according to context.\n\n
word_sizecan be any positive number or the string "all". Choosing the\nstring "all" is equivalent to ``len(data)*8``.\n\nIf
word_sizeis not a multiple of 8, then the bits used for padding\nare discarded.\n\nArguments:\n number (int): String to convert\n word_size (int): Word size of the converted integer or the string "all".\n endianness (str): Endianness of the converted integer ("little"/"big")\n sign (str): Signedness of the converted integer (False/True)\n kwargs: Anything that can be passed to context.local\n\nReturns:\n The unpacked number.\n\nExamples:\n >>> hex(unpack(\'\\xaa\\x55\', 16, endian=\'little\', sign=False))\n \'0x55aa\'\n >>> hex(unpack(\'\\xaa\\x55\', 16, endian=\'big\', sign=False))\n \'0xaa55\'\n >>> hex(unpack(\'\\xaa\\x55\', 16, endian=\'big\', sign=True))\n \'-0x55ab\'\n >>> hex(unpack(\'\\xaa\\x55\', 15, endian=\'big\', sign=True))\n \'0x2a55\'\n >>> hex(unpack(\'\\xff\\x02\\x03\', \'all\', endian=\'little\', sign=True))\n \'0x302ff\'\n >>> hex(unpack(\'\\xff\\x02\\x03\', \'all\', endian=\'big\', sign=True))\n \'-0xfdfd\'', u'word': u'unpack', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.unpack_many', u'info': u'unpack_many(data, word_size = None)\n\nunpack(data, word_size = None, endianness = None, sign = None) -> int list\n\nSplits
datainto groups of ``word_size//8`` bytes and calls :func:
unpackon each group. Returns a list of the results.\n\n
word_sizemust be a multiple of
8or the string "all". In the latter case a singleton list will always be returned.\n\nArgs\n number (int): String to convert\n word_size (int): Word size of the converted integers or the string "all".\n endianness (str): Endianness of the converted integer ("little"/"big")\n sign (str): Signedness of the converted integer (False/True)\n kwargs: Anything that can be passed to context.local\n\nReturns:\n The unpacked numbers.\n\nExamples:\n >>> map(hex, unpack_many(\'\\xaa\\x55\\xcc\\x33\', 16, endian=\'little\', sign=False))\n [\'0x55aa\', \'0x33cc\']\n >>> map(hex, unpack_many(\'\\xaa\\x55\\xcc\\x33\', 16, endian=\'big\', sign=False))\n [\'0xaa55\', \'0xcc33\']\n >>> map(hex, unpack_many(\'\\xaa\\x55\\xcc\\x33\', 16, endian=\'big\', sign=True))\n [\'-0x55ab\', \'-0x33cd\']\n >>> map(hex, unpack_many(\'\\xff\\x02\\x03\', \'all\', endian=\'little\', sign=True))\n [\'0x302ff\']\n >>> map(hex, unpack_many(\'\\xff\\x02\\x03\', \'all\', endian=\'big\', sign=True))\n [\'-0xfdfd\']', u'word': u'unpack_many', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing.unsigned', u'info': u'unsigned(integer)\n\n', u'word': u'unsigned', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.update_cyclic_pregenerated', u'info': u'update_cyclic_pregenerated(size)\n\n', u'word': u'update_cyclic_pregenerated', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.urldecode', u'info': u'urldecode(s, ignore_invalid = False)\n\nurldecode(s, ignore_invalid = False) -> str\n\nURL-decodes a string.\n\nExample:\n\n >>> urldecode("test%20%41")\n \'test A\'\n >>> urldecode("%qq")\n Traceback (most recent call last):\n ...\n ValueError: Invalid input to urldecode\n >>> urldecode("%qq", ignore_invalid = True)\n \'%qq\'', u'word': u'urldecode', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.urlencode', u'info': u'urlencode(s)\n\nurlencode(s) -> str\n\nURL-encodes a string.\n\nExample:\n\n >>> urlencode("test")\n \'%74%65%73%74\'', u'word': u'urlencode', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \nversion = __version__', u'word': u'version', u'empty': 1}, {u'dup': 1, u'menu': u'statement: warn = log.warning', u'word': u'warn', u'empty': 1}, {u'dup': 1, u'menu': u'statement: warning = log.warning', u'word': u'warning', u'empty': 1}, {u'dup': 1, u'menu': u'function: web.wget', u'info': u"wget(url, save=None, timeout=5, **kwargs)\n\nwget(url, save=None, timeout=5) -> str\n\nDownloads a file via HTTP/HTTPS.\n\nArguments:\n url (str): URL to download\n save (str or bool): Name to save as. Any truthy value\n will auto-generate a name based on the URL.\n timeout (int): Timeout, in seconds\n\nExample:\n\n >>> url = 'https://httpbin.org/robots.txt'\n >>> result = wget(url, timeout=60)\n >>> result\n 'User-agent: *\\nDisallow: /deny\\n'\n >>> result2 = wget(url, True, timeout=60)\n >>> result == file('robots.txt').read()\n True", u'word': u'wget', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.which', u'info': u"which(name, all = False)\n\nwhich(name, flags = os.X_OK, all = False) -> str or str set\n\nWorks as the system command ``which``; searches $PATH for ``name`` and\nreturns a full path if found.\n\nIf
allis :const:
Truethe set of all found locations is returned, else\nthe first occurence or :const:
Noneis returned.\n\nArguments:\n
name(str): The file to search for.\n
all(bool): Whether to return all locations where
namewas found.\n\nReturns:\n If
allis :const:
Truethe set of all locations where
namewas found,\n else the first location or :const:
Noneif not found.\n\nExample:\n >>> which('sh')\n '/bin/sh'", u'word': u'which', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm.which_binutils', u'info': u"which_binutils(util)\n\nFinds a binutils in the PATH somewhere.\nExpects that the utility is prefixed with the architecture name.\n\nExamples:\n\n >>> import platform\n >>> which_binutils('as', arch=platform.machine())\n '.../bin/as'\n >>> which_binutils('as', arch='arm') #doctest: +ELLIPSIS\n '.../bin/arm-...-as'\n >>> which_binutils('as', arch='powerpc') #doctest: +ELLIPSIS\n '.../bin/powerpc...-as'\n >>> which_binutils('as', arch='msp430') #doctest: +SKIP\n ...\n Traceback (most recent call last):\n ...\n Exception: Could not find 'as' installed for ContextType(arch = 'msp430')", u'word': u'which_binutils', u'empty': 1}, {u'dup': 1, u'menu': u'function: misc.write', u'info': u"write(path, data = '', create_dir = False, mode = 'w')\n\nCreate new file or truncate existing to zero length and write data.", u'word': u'write', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.xor', u'info': u"xor(*args, **kwargs)\n\nxor(*args, cut = 'max') -> str\n\nFlattens its arguments using :func:
pwnlib.util.packing.flatand\nthen xors them together. If the end of a string is reached, it wraps\naround in the string.\n\nArguments:\n args: The arguments to be xor'ed together.\n cut: How long a string should be returned.\n Can be either 'min'/'max'/'left'/'right' or a number.\n\nReturns:\n The string of the arguments xor'ed together.\n\nExample:\n >>> xor('lol', 'hello', 42)\n '. ***'", u'word': u'xor', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.xor_key', u'info': u'xor_key(data, avoid=\'\\x00\\n\', size=None)\n\nxor_key(data, size=None, avoid=\'\\x00\\n\') -> None or (int, str)\n\nFinds a ``size``-width value that can be XORed with a string\nto produce ``data``, while neither the XOR value or XOR string\ncontain any bytes in ``avoid``.\n\nArguments:\n data (str): The desired string.\n avoid: The list of disallowed characters. Defaults to nulls and newlines.\n size (int): Size of the desired output value, default is word size.\n\nReturns:\n A tuple containing two strings; the XOR key and the XOR string.\n If no such pair exists, None is returned.\n\nExample:\n\n >>> xor_key("Hello, world")\n (\'\\x01\\x01\\x01\\x01\', \'Idmmn-!vnsme\')', u'word': u'xor_key', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling.xor_pair', u'info': u'xor_pair(data, avoid = \'\\x00\\n\')\n\nxor_pair(data, avoid = \'\\x00\\n\') -> None or (str, str)\n\nFinds two strings that will xor into a given string, while only\nusing a given alphabet.\n\nArguments:\n data (str): The desired string.\n avoid: The list of disallowed characters. Defaults to nulls and newlines.\n\nReturns:\n Two strings which will xor to the given string. If no such two strings exist, then None is returned.\n\nExample:\n\n >>> xor_pair("test")\n (\'\\x01\\x01\\x01\\x01\', \'udru\')', u'word': u'xor_pair', u'empty': 1}, {u'dup': 1, u'menu': u'function: ui.yesno', u'info': u'yesno(prompt, default = None)\n\nPresents the user with prompt (typically in the form of question) which\nthe user must answer yes or no.\n\nArguments:\n prompt (str): The prompt to show\n default: The default option;
Truemeans "yes"\n\nReturns:\n
Trueif the answer was "yes",
Falseif "no"', u'word': u'yesno', u'empty': 1}, {u'dup': 1, u'menu': u'forstmt: hashes', u'word': u'_algo', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._arch_header', u'info': u'_arch_header()\n\n', u'word': u'_arch_header', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._assembler', u'info': u'_assembler()\n\n', u'word': u'_assembler', u'empty': 1}, {u'dup': 1, u'menu': u"statement: \n\n_banner = r'''\n .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.\n ) _____ _ _ )\n ( | _ |___ _ _ _ ___ ___ ___ _| | | |_ _ _ (\n ) | __| . | | | | -_| _| -_| . | | . | | | )\n ( |__| |___|_____|___|_| |___|___| |___|_ | (\n ) _____ __ |___| __ )\n ( /\\ __
\ /\ \ /\ \ (\n ) \ \ \/\ \ __ \ \ \ /\\ \ \ )\n ( \ \ ,/\ \/\ \/\ \ / _\\ \\ \\ \\ \\/\\ \\ \\ __
\ (\n ) \ \ \/\ \ \/ \/ \ \ \/\ \ \ \ \____\ \ \ \ \/\ \ )\n ( \ \\ \ \^/'\ \_\ \\ \ \___\\ \\ \____/ (\n ) \// \//// \//\// \/_/ \//\// )\n ( (\n .:~:..:~:..:~:..:~:..:~:..:~:..:~:..:~:..:~:.\n'''", u'word': u'_banner', u'empty': 1}, {u'dup': 1, u'menu': u'statement: \n_basedir = path.split(file)[0]', u'word': u'_basedir', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._bfdarch', u'info': u'_bfdarch()\n\n', u'word': u'_bfdarch', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._bfdname', u'info': u'_bfdname()\n\n', u'word': u'_bfdname', u'empty': 1}, {u'dup': 1, u'menu': u'function: hashes._closure', u'info': u'_closure()\n\n', u'word': u'_closure', u'empty': 1}, {u'dup': 1, u'menu': u'function: packing._flat', u'info': u'_flat(args, preprocessor, packer)\n\n', u'word': u'_flat', u'empty': 1}, {u'dup': 1, u'menu': u'function: cyclic._gen_find', u'info': u'_gen_find(subseq, generator)\n\nReturns the first position ofsubseq
in the generator or -1 if there is no such position.', u'word': u'_gen_find', u'empty': 1}, {u'dup': 1, u'menu': u'function: fiddling._hexiichar', u'info': u'_hexiichar(c)\n\n', u'word': u'_hexiichar', u'empty': 1}, {u'dup': 1, u'menu': u"statement: _incdir = path.join(_basedir, 'data', 'includes')", u'word': u'_incdir', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._include_header', u'info': u'_include_header()\n\n', u'word': u'_include_header', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._linker', u'info': u'_linker()\n\n', u'word': u'_linker', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._objcopy', u'info': u'_objcopy()\n\n', u'word': u'_objcopy', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._objdump', u'info': u'_objdump()\n\n', u'word': u'_objdump', u'empty': 1}, {u'dup': 1, u'menu': u'function: asm._run', u'info': u'_run(cmd, stdin = None)\n\n', u'word': u'_run', u'empty': 1}, {u'dup': 1, u'menu': u"statement: \nall = ['asm', 'cpp', 'disasm', 'make_elf', 'make_elf_from_assembly']", u'word': u'all', u'empty': 1}, {u'dup': 1, u'menu': u'instance: builtins.str', u'info': u"str(object='') -> string\n\nReturn a nice string representation of the object.\nIf the argument is a string, the return value is the same object.", u'word': u'doc', u'empty': 1}, {u'dup': 1, u'menu': u'instance: builtins.str', u'info': u"str(object='') -> string\n\nReturn a nice string representation of the object.\nIf the argument is a string, the return value is the same object.", u'word': u'file', u'empty': 1}, {u'dup': 1, u'menu': u'instance: builtins.str', u'info': u"str(object='') -> string\n\nReturn a nice string representation of the object.\nIf the argument is a string, the return value is the same object.", u'word': u'name', u'empty': 1}, {u'dup': 1, u'menu': u'instance: builtins.str', u'info': u"str(object='') -> string\n\nReturn a nice string representation of the object.\nIf the argument is a string, the return value is the same object.", u'word': u'package', u'empty': 1}, {u'dup': 1, u'menu': u'module: time', u'word': u'time', u'empty': 1}, {u'dup': 1, u'menu': u'instance: version.version', u'info': u"str(object='') -> string\n\nReturn a nice string representation of the object.\nIf the argument is a string, the return value is the same object.", u'word': u'version', u'empty': 1}]