New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a "got-all" command #1101
base: main
Are you sure you want to change the base?
Add a "got-all" command #1101
Conversation
This draft is functional, but incomplete. It does not include documentation or tests. In its current condition, it exists only to ask whether the maintainers are interested in expanding the "got" command to provide information about relocations in mapped shared object files or not. And, if so, what the output from that command might look like. The current implementation merely prints relocations for all files, without indicating which file's relocations are being printed. I'm also not sure whether such a command needs to accept a filter, allowing the user to print relocations for specific files, other than the primary executable file. Please let me know what you think, and whether or not I should finish work on this command. |
Can you please show its use? Couldn't you just add this as an argument to the existing got command? |
I can show its output, but it tends to be quite long. I'll try attaching it as a file. The existing got command will show the state of relocatable symbols present in the primary binary executable. That's not all of the relocations, though. For example, the Arguments to the current |
Attaching got-all and got output for the login process |
Yes I understand, but we could add an argument to have it run got 'deeper'. I see this as a recursive GOT command, but with depth one. We could add a |
You could do that, but since the existing behavior is for all arguments to act as filters, the change would not be fully backward compatible, which is largely why I didn't pursue that path. If that's your preference, I can continue developing in that direction. |
I believe it would be, but maybe it would be breaking searching for symbols that contain |
I'm with @Grazfather on this, I don't feel like this doesn't deserve its own standalone command, but if you wish to make it so, then I'd suggest moving it to |
I've modified the implementation to use an optional flag to the got command. The current implementation prints the GOT for each shared object without labeling them, which isn't very user-friendly. What would be idiomatic for GEF? |
else: | ||
self.do_invoke_for(gef.session.file, args.symbols) | ||
|
||
def do_invoke_for(self, file: str, argv: List[str]) -> None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's name this something better. It might not even need to be a separate function, but you might want to still break some of the functionality into helper functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any suggestions?
tests/commands/got.py
Outdated
|
||
res = gdb.execute("got --all printf", to_string=True) | ||
self.assertIn("printf", res) | ||
self.assertNotIn("strcpy", res) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What can we test that will show up in got --all
but won't show up without it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably the C library path, which is why I'd asked how to label the shared objects in a way that would be idiomatic for GEF.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These checks should make sure that they show up UNDER the libc part.
You could get the res, assert /libc
is in there, split on it, and then make sure printf
and strcpy
are on the second part.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Split doesn't really work, because it would return two sections: everything before libc and everything after. AFAIK, the order isn't guaranteed, so the program binary could be in either one.
(Also, printf and strcpy are expected in the program's section, but not in libc's, because those aren't relocatable symbols in libc.)
If you'd like, I can rewrite this to parse the sections... I'll upload a commit that does that. If you don't like it, I'll drop that commit and roll back to the current state.
you could do something like title = Color.colorify(lib_name, "yellow bold") # idc about the colour much, but should be bold or maybe title = titlify(lib_name) though this is used more for drawing the context window. |
Using titlify:
|
That looks pretty good to me. |
I'm happier with this test setup. There's still the matter of the do_invoke_for function name, if that's important to you. Otherwise, if you are happy with this, I can squash it before merging... |
Description
This change adds a "got-all" command which expands on the existing "got" command by providing data about relocations in mapped shared object files in addition to the relocations specific to the main executable.
Particularly for auditing purposes, users may be interested in the state of all relocations, not only those for the primary executable file.