pwnlib.util.misc — We could not fit it any other place

pwnlib.util.misc.align(alignment, x) → int[source]

Rounds x up to nearest multiple of the alignment.

Example

>>> [align(5, n) for n in range(15)]
[0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15]
pwnlib.util.misc.align_down(alignment, x) → int[source]

Rounds x down to nearest multiple of the alignment.

Example

>>> [align_down(5, n) for n in range(15)]
[0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10]
pwnlib.util.misc.binary_ip(host) → bytes[source]

Resolve host and return IP as four byte string.

Example

>>> binary_ip("127.0.0.1")
b'\x7f\x00\x00\x01'
pwnlib.util.misc.dealarm_shell(tube)[source]

Given a tube which is a shell, dealarm it.

pwnlib.util.misc.force_bytes(s) → bytes[source]

Ensures the given argument is of type bytes

Example

>>> force_bytes(b'abc')
b'abc'
>>> force_bytes('abc')
b'abc'
>>> force_bytes(1)
Traceback (most recent call last):
    ...
TypeError: Expecting a value of type bytes or str, got 1
pwnlib.util.misc.mkdir_p(path)[source]

Emulates the behavior of mkdir -p.

pwnlib.util.misc.parse_ldd_output(output)[source]

Parses the output from a run of ‘ldd’ on a binary. Returns a dictionary of {path: address} for each library required by the specified binary.

Parameters:output (bytes, str) – The output to parse

Example

>>> sorted(parse_ldd_output('''
...     linux-vdso.so.1 =>  (0x00007fffbf5fe000)
...     libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fe28117f000)
...     libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fe280f7b000)
...     libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe280bb4000)
...     /lib64/ld-linux-x86-64.so.2 (0x00007fe2813dd000)
... ''').keys())
['/lib/x86_64-linux-gnu/libc.so.6', '/lib/x86_64-linux-gnu/libdl.so.2', '/lib/x86_64-linux-gnu/libtinfo.so.5', '/lib64/ld-linux-x86-64.so.2']
pwnlib.util.misc.read(path, count=-1, skip=0, mode='r') → bytes or str[source]

Open file, return content.

Examples

>>> read('pwnlib/util/misc.py').split('\n')[0]
'import base64'
pwnlib.util.misc.register_sizes(regs, in_sizes)[source]

Create dictionaries over register sizes and relations

Given a list of lists of overlapping register names (e.g. [‘eax’,’ax’,’al’,’ah’]) and a list of input sizes, it returns the following:

  • all_regs : list of all valid registers
  • sizes[reg] : the size of reg in bits
  • bigger[reg] : list of overlapping registers bigger than reg
  • smaller[reg]: list of overlapping registers smaller than reg

Used in i386/AMD64 shellcode, e.g. the mov-shellcode.

Example

>>> regs = [['eax', 'ax', 'al', 'ah'],['ebx', 'bx', 'bl', 'bh'],
... ['ecx', 'cx', 'cl', 'ch'],
... ['edx', 'dx', 'dl', 'dh'],
... ['edi', 'di'],
... ['esi', 'si'],
... ['ebp', 'bp'],
... ['esp', 'sp'],
... ]
>>> all_regs, sizes, bigger, smaller = register_sizes(regs, [32, 16, 8, 8])
>>> all_regs
['eax', 'ax', 'al', 'ah', 'ebx', 'bx', 'bl', 'bh', 'ecx', 'cx', 'cl', 'ch', 'edx', 'dx', 'dl', 'dh', 'edi', 'di', 'esi', 'si', 'ebp', 'bp', 'esp', 'sp']
>>> sizes == {'ch': 8, 'cl': 8, 'ah': 8, 'edi': 32, 'al': 8, 'cx': 16, 'ebp': 32, 'ax': 16, 'edx': 32, 'ebx': 32, 'esp': 32, 'esi': 32, 'dl': 8, 'dh': 8, 'di': 16, 'bl': 8, 'bh': 8, 'eax': 32, 'bp': 16, 'dx': 16, 'bx': 16, 'ecx': 32, 'sp': 16, 'si': 16}
True
>>> bigger == {'ch': ['ecx', 'cx', 'ch'], 'cl': ['ecx', 'cx', 'cl'], 'ah': ['eax', 'ax', 'ah'], 'edi': ['edi'], 'al': ['eax', 'ax', 'al'], 'cx': ['ecx', 'cx'], 'ebp': ['ebp'], 'ax': ['eax', 'ax'], 'edx': ['edx'], 'ebx': ['ebx'], 'esp': ['esp'], 'esi': ['esi'], 'dl': ['edx', 'dx', 'dl'], 'dh': ['edx', 'dx', 'dh'], 'di': ['edi', 'di'], 'bl': ['ebx', 'bx', 'bl'], 'bh': ['ebx', 'bx', 'bh'], 'eax': ['eax'], 'bp': ['ebp', 'bp'], 'dx': ['edx', 'dx'], 'bx': ['ebx', 'bx'], 'ecx': ['ecx'], 'sp': ['esp', 'sp'], 'si': ['esi', 'si']}
True
>>> smaller == {'ch': [], 'cl': [], 'ah': [], 'edi': ['di'], 'al': [], 'cx': ['cl', 'ch'], 'ebp': ['bp'], 'ax': ['al', 'ah'], 'edx': ['dx', 'dl', 'dh'], 'ebx': ['bx', 'bl', 'bh'], 'esp': ['sp'], 'esi': ['si'], 'dl': [], 'dh': [], 'di': [], 'bl': [], 'bh': [], 'eax': ['ax', 'al', 'ah'], 'bp': [], 'dx': ['dl', 'dh'], 'bx': ['bl', 'bh'], 'ecx': ['cx', 'cl', 'ch'], 'sp': [], 'si': []}
True
pwnlib.util.misc.run_in_new_terminal(command, terminal=None) → None[source]

Run a command in a new terminal.

When terminal is not set:
  • If context.terminal is set it will be used. If it is an iterable then context.terminal[1:] are default arguments.
  • If X11 is detected (by the presence of the DISPLAY environment variable), x-terminal-emulator is used.
  • If tmux is detected (by the presence of the TMUX environment variable), a new pane will be opened.
Parameters:
  • command (str) – The command to run.
  • terminal (str) – Which terminal to use.
  • args (list) – Arguments to pass to the terminal
Returns:

None

pwnlib.util.misc.sh_string(s)[source]

Outputs a string in a format that will be understood by /bin/sh.

If the string does not contain any bad characters, it will simply be returned, possibly with quotes. If it contains bad characters, it will be escaped in a way which is compatible with most known systems.

Examples

>>> print(sh_string('foobar'))
foobar
>>> print(sh_string('foo bar'))
'foo bar'
>>> print(sh_string("foo'bar"))
"foo'bar"
>>> print(sh_string("foo\\bar"))
'foo\bar'
>>> print(sh_string("foo\\'bar"))
"foo\\'bar"
>>> print(sh_string("foo\x01'bar"))
"$( (echo Zm9vASdiYXI=|(base64 -d||openssl enc -d -base64)||echo -en 'foo\x01\x27bar') 2>/dev/null)"
>>> print(subprocess.check_output("echo -n " + sh_string("foo\\'bar"), shell=True))
b"foo\\'bar"
pwnlib.util.misc.size(n, abbriv='B', si=False) → str[source]

Convert the length of a bytestream to human readable form.

Parameters:
  • n (int,str) – The length to convert to human readable form
  • abbriv (str) –

Example

>>> size(451)
'451B'
>>> size(1000)
'1000B'
>>> size(1024)
'1.00KB'
>>> size(1024, si=True)
'1.02KB'
>>> [size(1024 ** n) for n in range(7)]
['1B', '1.00KB', '1.00MB', '1.00GB', '1.00TB', '1.00PB', '1024.00PB']
pwnlib.util.misc.uniform_strings(*args) → bytes or str list[source]

Returns all arguments casted into the less exclusive string type (bytes or str)

Example

>>> uniform_strings('a', 'b', 'c')
('a', 'b', 'c')
>>> uniform_strings('a', b'b', 'c')
(b'a', b'b', b'c')
>>> uniform_strings(b'a', b'b', b'c')
(b'a', b'b', b'c')
pwnlib.util.misc.which(name, flags=os.X_OK, all=False) → str or str set[source]

Works as the system command which; searches $PATH for name and returns a full path if found.

If all is True the set of all found locations is returned, else the first occurence or None is returned.

Parameters:
  • name (str) – The file to search for.
  • all (bool) – Whether to return all locations where name was found.
Returns:

If all is True the set of all locations where name was found, else the first location or None if not found.

Example

>>> which('sh')
'/bin/sh'
pwnlib.util.misc.write(path, data='', create_dir=False, mode='w')[source]

Create new file or truncate existing to zero length and write data.