Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Getting right amount of data for search fix #2281

Merged
merged 2 commits into from
Oct 1, 2023
Merged

FIX: Getting right amount of data for search fix #2281

merged 2 commits into from
Oct 1, 2023

Conversation

gordiig
Copy link
Contributor

@gordiig gordiig commented Sep 26, 2023

PR for #2266 and #2269

Description

As far as I researched ELF and your code, memory layout is looking something like this:


                                                            +-----------------------+
                                                            |         zeroes        | 
      |-----------------------------------------------------|-----------------------|
p_vaddr                                             p_vaddr + p_filesz      p_vaddr + p_memsz

If it is true, you are reading more data than needed ([offset:offset+memsz] instead of [offset:offset+filesz]).

@gordiig gordiig mentioned this pull request Sep 26, 2023
Closed
@peace-maker
Copy link
Member

Hm, looking at your readelf output in #2266 (comment), there are multiple segments with the same file offset but different virtual addresses and page flags, but only one of them is actually captured in the core dump file. What I'm wondering is if those addresses were actually valid and were really mapped to the same memory? Then this info of finding the needle in an executable section is important if you e.g. look for some gadget and the lookup using core.string(addr) might be misleading?

I'll try to replicate your setup and debug a bit.

peace-maker
peace-maker approved these changes Sep 26, 2023
View reviewed changes
Copy link
Member

@peace-maker peace-maker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, no, this looks right. Finding something in data you don't have is a bug.

This was linked to issues Sep 27, 2023
Mixed usage of p_memsz and p_filesz in ELF.search() #2266
Closed
Mixed usage of p_memsz and p_filesz in ELF.search() #2266 #2269
Closed
@Arusekk Arusekk merged commit 32840ad into Gallopsled:dev Oct 1, 2023
Arusekk pushed a commit that referenced this pull request Oct 1, 2023
@gordiig @Arusekk
FIX: Getting right amount of data for search fix (#2281)
045b8c2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peace-maker peace-maker peace-maker approved these changes

@Arusekk Arusekk Arusekk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@gordiig @peace-maker @Arusekk