From 082937118a8a250b866dce07f5b1921227e5c722 Mon Sep 17 00:00:00 2001 From: Thijs Raymakers Date: Wed, 28 Aug 2024 23:51:53 +0200 Subject: [PATCH 1/4] Don't skip over symbol at start of file in _populate_symbols Lets say we have an ELF with the following symbols ``` Symbol table '.symtab' contains 5 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000035 0 NOTYPE LOCAL DEFAULT 2 aaaa 2: 0000000000000022 0 NOTYPE LOCAL DEFAULT 2 bbbb 3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 2 cccc 4: 0000000000000054 0 NOTYPE GLOBAL DEFAULT 2 dddd ``` Then pwnlib's ELF(binary).symbols will be `{'aaaa': 53, 'bbbb': 34, 'dddd': 84}`. This is missing the symbol `cccc`, because its value is 0. This change checks the name instead of the value, because the value can be 0 if the symbol points to the beginning. The new and correct value of pwnlib's ELF(binary).symbols will be `{'aaaa': 53, 'cccc': 0, 'bbbb': 34, 'dddd': 84}`. --- pwnlib/elf/elf.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index acb0a2d7a..5188003e9 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -908,10 +908,9 @@ def _populate_symbols(self): continue for symbol in _iter_symbols(section): - value = symbol.entry.st_value - if not value: + if not symbol.name: continue - self.symbols[symbol.name] = value + self.symbols[symbol.name] = symbol.entry.st_value def _populate_synthetic_symbols(self): """Adds symbols from the GOT and PLT to the symbols dictionary. From bcd210af57c61fd30cf2e5f07f3462d4e3a3c90a Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 5 Mar 2025 12:14:54 +0100 Subject: [PATCH 2/4] Do not unresolve zeros --- pwnlib/rop/rop.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwnlib/rop/rop.py b/pwnlib/rop/rop.py index 4505962d7..84d8bcdae 100644 --- a/pwnlib/rop/rop.py +++ b/pwnlib/rop/rop.py @@ -841,7 +841,7 @@ def describe(self, object): """ if isinstance(object, enums): return str(object) - if isinstance(object, six.integer_types): + if isinstance(object, six.integer_types) and object: return self.unresolve(object) if isinstance(object, (bytes, six.text_type)): return repr(object) From 343d085add12fc41a7df8fc08e33b4e08f763aa1 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 5 Mar 2025 12:34:52 +0100 Subject: [PATCH 3/4] Do not add undefined symbols --- pwnlib/elf/elf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index 5188003e9..02cfbb441 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -908,7 +908,7 @@ def _populate_symbols(self): continue for symbol in _iter_symbols(section): - if not symbol.name: + if not symbol.name or symbol.entry.st_shndx == 'SHN_UNDEF': continue self.symbols[symbol.name] = symbol.entry.st_value From 53d2a518cbf9e4e8badf446032d60fa9dc63e0b3 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Tue, 18 Mar 2025 11:12:49 +0100 Subject: [PATCH 4/4] Changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcd36ff42..56cd0da92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -114,10 +114,12 @@ The table below shows which release corresponds to each branch, and what date th ## 4.14.1 (`stable`) +- [#2451][2451] Show symbols defined to value 0 (start of file) - [#2533][2533] Fix installation on Python 3.5 and lower - [#2518][2518] fix: update apport coredump path handling for CorefileFinder - [#2559][2559] Fix parsing corefile with missing auxv +[2451]: https://github.com/Gallopsled/pwntools/pull/2451 [2533]: https://github.com/Gallopsled/pwntools/pull/2533 [2518]: https://github.com/Gallopsled/pwntools/pull/2518 [2559]: https://github.com/Gallopsled/pwntools/pull/2559