Dev fix load interpreter (#96)

* Fix interpreter load * turn off some debug * cuack * Correct loader condition (#111) * Rm unnecessary condition We always want to run this code if there is an interpreter present, not just if the exe is ET_DYN * Add correct interp header type check
2017-03-28 15:45:08 -03:00 · 2017-03-28 15:45:08 -03:00 · 83cb4de825
commit 83cb4de825
parent dbb63cfa34
2 changed files with 17 additions and 7 deletions
--- a/manticore/models/linux.py
+++ b/manticore/models/linux.py
@ -645,7 +645,7 @@ class Linux(object):
                hint = None

            logger.debug("Loading elf offset: %08x addr:%08x %08x %s" %(offset, base+vaddr, base+vaddr+memsz, perms))
-            base = cpu.memory.mmapFile(hint,memsz,perms,elf_segment.stream.name,offset) - vaddr
+            base = cpu.memory.mmapFile(hint, memsz, perms, elf_segment.stream.name, offset) - vaddr

            if load_addr == 0 :
                load_addr = base + vaddr
@ -705,7 +705,7 @@ class Linux(object):

        reserved = cpu.memory.mmap(base+vaddr+memsz,0x1000000,'   ')
        interpreter_base = 0
-        if not interpreter is None:
+        if interpreter is not None:
            base = 0
            elf_bss = 0
            end_code = 0
@ -729,9 +729,14 @@ class Linux(object):
                vaddr = vaddr - ELF_PAGEOFFSET
                memsz = cpu.memory._ceil(memsz)

-                if base == 0 and elf.header.e_type == 'ET_DYN':
+                if base == 0 and interpreter.header.e_type == 'ET_DYN':
                    assert vaddr == 0
-                    base = stack_base - memsz 
+                    total_size = 0
+                    for _elf_segment in interpreter.iter_segments():
+                        if _elf_segment.header.p_type == 'PT_LOAD':
+                            _memsz = elf_segment.header.p_memsz + (_elf_segment.header.p_vaddr & (align-1))
+                            total_size += cpu.memory._ceil(_memsz)
+                    base = stack_base - total_size 

                if base == 0:
                    assert vaddr == 0
@ -739,8 +744,9 @@ class Linux(object):
                hint = base+vaddr
                if hint == 0:
                    hint = None
-                base = cpu.memory.mmapFile(hint, memsz, perms, elf_segment.stream.name, offset) - vaddr

+                base = cpu.memory.mmapFile(hint, memsz, perms, elf_segment.stream.name, offset) 
+                base -= vaddr
                logger.debug("Loading interpreter offset: %08x addr:%08x %08x %s%s%s" %(offset, base+vaddr, base+vaddr+memsz, (flags&1 and 'r' or ' '), (flags&2 and 'w' or ' '), (flags&4 and 'x' or ' ')))

                k = base + vaddr+ filesz;
--- a/tests/auto/make_dump.py
+++ b/tests/auto/make_dump.py
@ -71,7 +71,7 @@ class Gdb(subprocess.Popen):
        except Exception,e:
            raise e
            return 0
-    def getPid(self):
+    def get_pid(self):
        return int(self.correspond('info proc\n').split("\n")[0].split(" ")[-1])
    def getStack(self):
        maps = file("/proc/%s/maps"%self.correspond('info proc\n').split("\n")[0].split(" ")[-1]).read().split("\n")
@ -84,6 +84,10 @@ class Gdb(subprocess.Popen):
        a=self.correspond('info target\n')
        return int(a[a.find("Entry point:"):].split('\n')[0].split(' ')[-1][2:],16)

+    def get_maps(self):
+        pid = self.get_pid()
+        return file('/proc/%d/maps'%pid, 'rb').read()
+
    _arch = None
    def get_arch(self):
        if self._arch is not None:
@ -110,7 +114,7 @@ gdb.correspond("b *0\n")
 gdb.correspond("run arg1 arg2 < /dev/urandom > /dev/null\n")
 #gdb.correspond("run arg1 arg2 arg3 < input > /dev/null\n")
 gdb.correspond("d 1\n")
-
+#print gdb.get_maps()
 '''
 # Simulate no vdso (As when analized with symbemu)
 found = 0