dnrops
/
one_gadget
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for false positives in jmp_case_candidates (#198) 

* Check for false positives in jmp_case_candidates
This commit is contained in:
CptGibbon 2022-08-12 06:27:57 -07:00 committed by GitHub
parent acef31b387
commit 6dc634daba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/one_gadget/fetchers/amd64.rb
View File

@ -44,7 +44,10 @@ module OneGadget
jmp_addr = cand.last.scan(/jmp\s+([\da-f]+)\s/)[0][0].to_i(16)
dump = `#{@objdump.command(start: jmp_addr, stop: jmp_addr + 100)}|egrep '[0-9a-f]+:'`
remain = dump.lines.map(&:strip).reject(&:empty?)
remain = remain[0..remain.index { |r| r.match(/call.*<execve[^+]*>/) }]
call_execve = remain.index { |r| r.match(/call.*<execve[^+]*>/) }
next if call_execve.nil?
remain = remain[0..call_execve]
[cand + remain].join("\n")
end.compact
end