diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 8f8e0fb65..258c51299 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -39,7 +39,7 @@ You should see `[DEBUG]` statements that show what's happening behind the scenes ## Verify on Ubuntu -If possible, please verify that your issue occurs on 64-bit Ubuntu 18.04. We provide a Dockerfile based on Ubuntu 18.04 via `docker.io` to make this super simple, no VM required! +If possible, please verify that your issue occurs on 64-bit Ubuntu 22.04. We provide a Dockerfile based on Ubuntu 22.04 via `docker.io` to make this super simple, no VM required! ```sh # Download the Docker image diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index d8e64c172..e066f94e2 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -6,24 +6,21 @@ jobs: android-test: strategy: matrix: - python-version: [3.8] + python-version: ['3.10'] os: [ubuntu-latest] runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - uses: actions/checkout@v4 - - name: Cache for pip - uses: actions/cache@v4 - id: cache-pip - with: - path: ~/.cache/pip - key: ${{ matrix.os }}-cache-pip - - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} + cache: 'pip' + cache-dependency-path: | + **/pyproject.toml + **/requirements*.txt - name: Install Linux dependencies run: | @@ -35,6 +32,19 @@ jobs: binutils-arm-linux-gnueabihf \ libc6-dbg + - name: Cache for avd + uses: actions/cache@v4 + id: cache-avd + with: + path: | + ~/.android + /usr/local/lib/android/sdk/emulator + /usr/local/lib/android/sdk/platform-tools + /usr/local/lib/android/sdk/system-images + key: ${{ matrix.os }}-cache-avd-${{ hashFiles('travis/setup_avd*.sh') }} + restore-keys: | + ${{ matrix.os }}-cache-avd- + - name: Install Android AVD run: | sudo usermod -aG kvm $USER diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7cfe71039..ca1da827c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,10 +5,28 @@ jobs: test: strategy: matrix: - python_version: ['2.7', '3.10'] + python_version: ['3.10', '3.12'] os: [ubuntu-latest] + include: + - python_version: '2.7' + os: ubuntu-22.04 runs-on: ${{ matrix.os }} timeout-minutes: 30 + services: + libcdb-cache: + image: nginx + volumes: + - /home/runner/libcdb-cache:/var/cache/nginx + ports: + - 3000:3000 # https://debuginfod.elfutils.org proxy cache + - 3001:3001 # https://libc.rip/ proxy cache + - 3002:3002 # http://archive.ubuntu.com/ proxy cache + - 3003:3003 # https://gitlab.com/ proxy cache + env: + DEBUGINFOD_URLS: http://localhost:3000/ + PWN_LIBCRIP_URL: http://localhost:3001/ + PWN_UBUNTU_ARCHIVE_URL: http://localhost:3002/ + PWN_GITLAB_LIBCDB_URL: http://localhost:3003/ steps: - uses: actions/checkout@v4 with: @@ -18,26 +36,54 @@ jobs: run: | git fetch origin git log --oneline --graph -10 + + - name: Fix libcdb-cache permissions + id: fix-perms + run: | + sudo chown -R runner:runner /home/runner/libcdb-cache + echo "date=$(/bin/date -u "+%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT + + - name: Cache for libcdb requests + uses: actions/cache@v4 + with: + path: ~/libcdb-cache + key: libcdb-python${{ matrix.python_version }}-${{ steps.fix-perms.outputs.date }} + restore-keys: | + libcdb-python${{ matrix.python_version }}- + libcdb- + + - name: Install libcdb-cache service config + run: | + sudo chown -R 101:101 /home/runner/libcdb-cache + container_id=$(docker ps --all --filter volume=/home/runner/libcdb-cache --no-trunc --format "{{.ID}}") + docker cp ./travis/libcdb_nginx_cache.conf $container_id:/etc/nginx/nginx.conf + docker restart $container_id - name: Install RPyC for gdb run: | - # The version packaged in python3-rpyc is too old on Ubuntu 22.04 + # The version packaged in python3-rpyc is too old on Ubuntu 24.04 + # We use ^6.0 from pip. sudo apt-get update && sudo apt-get install -y python3-pip gdb gdbserver - /usr/bin/python -m pip install rpyc + /usr/bin/python -m pip install --break-system-packages rpyc || /usr/bin/python -m pip install rpyc gdb --batch --quiet --nx --nh --ex 'py import rpyc; print(rpyc.version.version)' - + - name: Cache for pip uses: actions/cache@v4 - id: cache-pip + if: matrix.python_version == '2.7' with: path: ~/.cache/pip - key: ${{ matrix.os }}-cache-pip + key: ${{ matrix.os }}-${{ matrix.python_version }}-cache-pip-${{ hashFiles('**/pyproject.toml', '**/requirements*.txt') }} + restore-keys: ${{ matrix.os }}-${{ matrix.python_version }}-cache-pip- - name: Set up Python ${{ matrix.python_version }} if: matrix.python_version != '2.7' uses: actions/setup-python@v5 with: python-version: ${{ matrix.python_version }} + cache: 'pip' + cache-dependency-path: | + **/pyproject.toml + **/requirements*.txt - name: Set up Python 2.7 if: matrix.python_version == '2.7' @@ -78,6 +124,7 @@ jobs: binutils-powerpc-linux-gnu \ binutils-s390x-linux-gnu \ binutils-sparc64-linux-gnu \ + binutils-riscv64-linux-gnu \ gcc-multilib \ libc6-dbg \ elfutils \ @@ -149,11 +196,18 @@ jobs: pwn shellcraft --list |tail pwn shellcraft -l --syscalls |tail pwn shellcraft -l execve + pwn shellcraft -l execve + exit pwn shellcraft --show i386.linux.loader_append + pwn shellcraft --show i386.linux.loader_append + i386.linux.sh pwn shellcraft -f asm --color amd64.linux.sh + pwn shellcraft -f asm --color amd64.linux.setreuid + amd64.linux.cat /etc/passwd + pwn shellcraft -f asm --color amd64.linux.setreuid = amd64.linux.cat /key+secret --delim = pwn shellcraft -f elf amd64.linux.syscalls.exit 0 =0.18; python_version>='3' intervaltree isort mako>=1.0.0 @@ -18,6 +19,6 @@ psutil requests>=2.5.1 ropgadget>=5.3 sphinx==1.8.6; python_version<'3' -sphinx>=4.5.0; python_version>='3' +sphinx>=7.0.0; python_version>='3' sphinx_rtd_theme sphinxcontrib-autoprogram<=0.1.5 diff --git a/docs/source/conf.py b/docs/source/conf.py index 6d72a01af..d908e2436 100755 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -360,6 +360,9 @@ def linkcode_resolve(domain, info): else: filename = info['module'].replace('.', '/') + '.py' + if isinstance(val, property): + val = val.fget + if isinstance(val, (types.ModuleType, types.MethodType, types.FunctionType, types.TracebackType, types.FrameType, types.CodeType) + six.class_types): try: lines, first = inspect.getsourcelines(val) diff --git a/docs/source/index.rst b/docs/source/index.rst index 596cf738a..051ece0af 100755 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -77,6 +77,7 @@ Each of the ``pwntools`` modules is documented here. update useragents util/* + windbg .. toctree:: :hidden: diff --git a/docs/source/install.rst b/docs/source/install.rst index d63e67523..2087826a6 100644 --- a/docs/source/install.rst +++ b/docs/source/install.rst @@ -15,6 +15,9 @@ following system libraries installed. install/* + +Note: For Mac OS X you will need to have cmake ``brew install cmake`` and pkg-config ``brew install pkg-config`` installed. + Released Version ----------------- @@ -25,8 +28,8 @@ Python3 .. code-block:: bash - $ apt-get update - $ apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential + $ sudo apt-get update + $ sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential $ python3 -m pip install --upgrade pip $ python3 -m pip install --upgrade pwntools @@ -40,8 +43,8 @@ Additionally, due to `pip` dropping support for Python2, a specfic version of `p .. code-block:: bash - $ apt-get update - $ apt-get install python python-pip python-dev git libssl-dev libffi-dev build-essential + $ sudo apt-get update + $ sudo apt-get install python python-pip python-dev git libssl-dev libffi-dev build-essential $ python2 -m pip install --upgrade pip==20.3.4 $ python2 -m pip install --upgrade pwntools diff --git a/docs/source/install/binutils.rst b/docs/source/install/binutils.rst index d802701bb..1bb409697 100644 --- a/docs/source/install/binutils.rst +++ b/docs/source/install/binutils.rst @@ -18,28 +18,35 @@ Ubuntu Xenial (16.04) has official packages for most architectures, and does not .. code-block:: bash - $ apt-get install software-properties-common - $ apt-add-repository ppa:pwntools/binutils - $ apt-get update + $ sudo apt-get install software-properties-common + $ sudo apt-add-repository ppa:pwntools/binutils + $ sudo apt-get update Then, install the binutils for your architecture. .. code-block:: bash - $ apt-get install binutils-$ARCH-linux-gnu + $ sudo apt-get install binutils-$ARCH-linux-gnu Mac OS X ^^^^^^^^^^^^^^^^ Mac OS X is just as easy, but requires building binutils from source. -However, we've made ``homebrew`` recipes to make this a single command. +However, we've made ``homebrew`` recipes to make this just two commands. After installing `brew `__, grab the appropriate recipe from our `binutils repo `__. .. code-block:: bash - $ brew install https://raw.githubusercontent.com/Gallopsled/pwntools-binutils/master/macos/binutils-$ARCH.rb + $ wget https://raw.githubusercontent.com/Gallopsled/pwntools-binutils/master/macos/binutils-$ARCH.rb + $ brew install ./binutils-$ARCH.rb + +Windows +^^^^^^^^^^^^^^^^ + +Windows support is experimental. You can try installing a prebuilt version of binutils +for your desired architecture from the `GNU Toolchains `__ project. Alternate OSes ^^^^^^^^^^^^^^^^ diff --git a/docs/source/install/headers.rst b/docs/source/install/headers.rst index bfed6bfff..d884e8599 100644 --- a/docs/source/install/headers.rst +++ b/docs/source/install/headers.rst @@ -10,7 +10,7 @@ Ubuntu .. code-block:: bash - $ apt-get install python-dev + $ sudo apt-get install python-dev Mac OS X ^^^^^^^^^^^^^^^^ diff --git a/docs/source/protocols.rst b/docs/source/protocols.rst index 8b1378917..f4ed4099e 100644 --- a/docs/source/protocols.rst +++ b/docs/source/protocols.rst @@ -1 +1,10 @@ +.. testsetup:: * + from pwn import * + + +:mod:`pwnlib.protocols.adb` --- Protocol implementations +======================================================== + +.. automodule:: pwnlib.protocols.adb + :members: \ No newline at end of file diff --git a/docs/source/shellcraft/riscv64.rst b/docs/source/shellcraft/riscv64.rst new file mode 100644 index 000000000..6e4a01148 --- /dev/null +++ b/docs/source/shellcraft/riscv64.rst @@ -0,0 +1,19 @@ +.. testsetup:: * + + from pwn import * + context.clear(arch='riscv64') + +:mod:`pwnlib.shellcraft.riscv64` --- Shellcode for RISCV64 +========================================================== + +:mod:`pwnlib.shellcraft.riscv64` +-------------------------------- + +.. automodule:: pwnlib.shellcraft.riscv64 + :members: + +:mod:`pwnlib.shellcraft.riscv64.linux` +-------------------------------------- + +.. automodule:: pwnlib.shellcraft.riscv64.linux + :members: diff --git a/docs/source/windbg.rst b/docs/source/windbg.rst new file mode 100644 index 000000000..3a713f09a --- /dev/null +++ b/docs/source/windbg.rst @@ -0,0 +1,9 @@ +.. testsetup:: * + + from pwn import * + +:mod:`pwnlib.windbg` --- Working with WinDbg +============================================ + +.. automodule:: pwnlib.windbg + :members: \ No newline at end of file diff --git a/pwnlib/__init__.py b/pwnlib/__init__.py index e39741bcd..7a951d16e 100644 --- a/pwnlib/__init__.py +++ b/pwnlib/__init__.py @@ -37,6 +37,7 @@ 'util', 'update', 'version', + 'windbg', ] from . import args diff --git a/pwnlib/adb/adb.py b/pwnlib/adb/adb.py index 84bb89213..45d27875c 100644 --- a/pwnlib/adb/adb.py +++ b/pwnlib/adb/adb.py @@ -123,7 +123,7 @@ def current_device(any=False): >>> device = adb.current_device(any=True) >>> device # doctest: +ELLIPSIS - AdbDevice(serial='emulator-5554', type='device', port='emulator', product='sdk_...phone_...', model='...', device='generic...') + AdbDevice(serial='emulator-5554', type='device', port='emulator', product='sdk_...phone..._...', model='...', device='...') >>> device.port 'emulator' """ @@ -259,7 +259,7 @@ class AdbDevice(Device): >>> device.os 'android' >>> device.product # doctest: +ELLIPSIS - 'sdk_...phone_...' + 'sdk_...phone..._...' >>> device.serial 'emulator-5554' """ @@ -880,7 +880,7 @@ def which(name, all = False, *a, **kw): >>> adb.which('sh') '/system/bin/sh' >>> adb.which('sh', all=True) - ['/system/bin/sh'] + ['/system/bin/sh', '/vendor/bin/sh'] >>> adb.which('foobar') is None True @@ -988,7 +988,7 @@ def proc_exe(pid): :skipif: skip_android >>> adb.proc_exe(1) - b'/init' + b'/system/bin/init' """ with context.quiet: io = process(['realpath','/proc/%d/exe' % pid]) @@ -1365,7 +1365,7 @@ def compile(source): >>> filename = adb.compile(temp) >>> sent = adb.push(filename, "/data/local/tmp") >>> adb.process(sent).recvall() # doctest: +ELLIPSIS - b'... /system/lib64/libc.so\n...' + b'... /system/lib64/libc++.so\n...' """ ndk_build = misc.which('ndk-build') diff --git a/pwnlib/asm.py b/pwnlib/asm.py index 34b3457ee..139ab6726 100644 --- a/pwnlib/asm.py +++ b/pwnlib/asm.py @@ -59,6 +59,9 @@ from pwnlib.context import LocalContext from pwnlib.context import context from pwnlib.log import getLogger +from pwnlib.util.hashes import sha1sumhex +from pwnlib.util.packing import _encode +from pwnlib.version import __version__ log = getLogger(__name__) @@ -206,6 +209,9 @@ def which_binutils(util, check_version=False): if platform.system() == 'Darwin': utils = ['g'+util, util] + if platform.system() == 'Windows': + utils = [util + '.exe'] + for arch in arches: for gutil in utils: # e.g. objdump @@ -220,7 +226,7 @@ def which_binutils(util, check_version=False): '%s-%s' % (arch, gutil)] for pattern in patterns: - for dir in environ['PATH'].split(':'): + for dir in environ['PATH'].split(os.pathsep): for res in sorted(glob(path.join(dir, pattern))): if check_version: ver = check_binutils_version(res) @@ -457,15 +463,19 @@ def cpp(shellcode): >>> cpp("SYS_setresuid", os = "freebsd") '311\n' """ + if platform.system() == 'Windows': + cpp = which_binutils('cpp') + else: + cpp = 'cpp' + code = _include_header() + shellcode cmd = [ - 'cpp', + cpp, '-C', '-nostdinc', '-undef', '-P', '-I' + _incdir, - '/dev/stdin' ] return _run(cmd, code).strip('\n').rstrip() + '\n' @@ -751,8 +761,23 @@ def asm(shellcode, vma = 0, extract = True, shared = False): b'0@*\x00' >>> asm("la %r0, 42", arch = 's390', bits=64) b'A\x00\x00*' + + The output is cached: + + >>> start = time.time() + >>> asm("lea rax, [rip+0]", arch = 'amd64', cache_dir = None) # force uncached time + b'H\x8d\x05\x00\x00\x00\x00' + >>> uncached_time = time.time() - start + >>> asm("lea rax, [rip+0]", arch = 'amd64') # cache it + b'H\x8d\x05\x00\x00\x00\x00' + >>> start = time.time() + >>> asm("lea rax, [rip+0]", arch = 'amd64') + b'H\x8d\x05\x00\x00\x00\x00' + >>> cached_time = time.time() - start + >>> uncached_time > cached_time + True """ - result = '' + result = b'' assembler = _assembler() linker = _linker() @@ -763,6 +788,30 @@ def asm(shellcode, vma = 0, extract = True, shared = False): log.debug('Assembling\n%s' % code) + cache_file = None + if context.cache_dir: + cache_dir = os.path.join(context.cache_dir, 'asm-cache') + if not os.path.isdir(cache_dir): + os.makedirs(cache_dir) + + # Include the context in the hash in addition to the shellcode + hash_params = '{}_{}_{}_{}'.format(vma, extract, shared, __version__) + fingerprint_params = _encode(code) + _encode(hash_params) + _encode(' '.join(assembler)) + _encode(' '.join(linker)) + _encode(' '.join(objcopy)) + asm_hash = sha1sumhex(fingerprint_params) + cache_file = os.path.join(cache_dir, asm_hash) + if os.path.exists(cache_file): + log.debug('Using cached assembly output from %r', cache_file) + if extract: + with open(cache_file, 'rb') as f: + return f.read() + + # Create a temporary copy of the cached file to avoid modification. + tmpdir = tempfile.mkdtemp(prefix = 'pwn-asm-') + atexit.register(shutil.rmtree, tmpdir) + step3 = os.path.join(tmpdir, 'step3') + shutil.copy(cache_file, step3) + return step3 + tmpdir = tempfile.mkdtemp(prefix = 'pwn-asm-') step1 = path.join(tmpdir, 'step1') step2 = path.join(tmpdir, 'step2') @@ -810,6 +859,8 @@ def asm(shellcode, vma = 0, extract = True, shared = False): shutil.copy(step2, step3) if not extract: + if cache_file is not None: + shutil.copy(step3, cache_file) return step3 _run(objcopy + [step3, step4]) @@ -823,6 +874,10 @@ def asm(shellcode, vma = 0, extract = True, shared = False): else: atexit.register(lambda: shutil.rmtree(tmpdir)) + if cache_file is not None and result != b'': + with open(cache_file, 'wb') as f: + f.write(result) + return result @LocalContext @@ -855,8 +910,8 @@ def disasm(data, vma = 0, byte = True, offset = True, instructions = True): 0: b8 17 00 00 00 mov eax, 0x17 >>> print(disasm(unhex('48c7c017000000'), arch = 'amd64')) 0: 48 c7 c0 17 00 00 00 mov rax, 0x17 - >>> print(disasm(unhex('04001fe552009000'), arch = 'arm')) - 0: e51f0004 ldr r0, [pc, #-4] ; 0x4 + >>> print(disasm(unhex('04001fe552009000'), arch = 'arm')) # doctest: +ELLIPSIS + 0: e51f0004 ldr r0, [pc, #-4] ... 4: 00900052 addseq r0, r0, r2, asr r0 >>> print(disasm(unhex('4ff00500'), arch = 'thumb', bits=32)) 0: f04f 0005 mov.w r0, #5 diff --git a/pwnlib/commandline/asm.py b/pwnlib/commandline/asm.py index 03c51a6a2..b130228ae 100644 --- a/pwnlib/commandline/asm.py +++ b/pwnlib/commandline/asm.py @@ -137,4 +137,4 @@ def main(args): args.output.write(b'\n') if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/checksec.py b/pwnlib/commandline/checksec.py index da0d7b49d..30e3d5dce 100644 --- a/pwnlib/commandline/checksec.py +++ b/pwnlib/commandline/checksec.py @@ -4,7 +4,7 @@ import argparse import sys -from pwnlib.elf import ELF +from pwn import * from pwnlib.commandline import common parser = common.parser_commands.add_parser( @@ -35,7 +35,10 @@ def main(args): return for f in files: - e = ELF(f.name) + try: + e = ELF(f.name) + except Exception as e: + print("{name}: {error}".format(name=f.name, error=e)) if __name__ == '__main__': - common.main(__file__) + common.main(__file__, main) diff --git a/pwnlib/commandline/common.py b/pwnlib/commandline/common.py index 75edfdcb8..3ce0a0fad 100644 --- a/pwnlib/commandline/common.py +++ b/pwnlib/commandline/common.py @@ -25,8 +25,18 @@ def context_arg(arg): prog='pwn') parser_commands = parser.add_subparsers(dest='command') -def main(file=sys.argv[0]): - import pwnlib.commandline.main +def main(file=sys.argv[0], command_main=None): name = os.path.splitext(os.path.basename(file))[0] + if command_main is None: + import importlib + command_main = importlib.import_module('pwnlib.commandline.%s' % name).main sys.argv.insert(1, name) - pwnlib.commandline.main.main() + entrypoint({name: command_main}) + +def entrypoint(commands): + if len(sys.argv) < 2: + parser.print_usage() + sys.exit() + args = parser.parse_args() + with context.local(log_console = sys.stderr): + commands[args.command](args) diff --git a/pwnlib/commandline/constgrep.py b/pwnlib/commandline/constgrep.py index d9341f5c4..ace70f4ed 100644 --- a/pwnlib/commandline/constgrep.py +++ b/pwnlib/commandline/constgrep.py @@ -133,4 +133,4 @@ def main(args): print('(%s) == %s' % (' | '.join(k for v, k in good), args.constant)) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/cyclic.py b/pwnlib/commandline/cyclic.py index ff012a359..c7a5060f6 100644 --- a/pwnlib/commandline/cyclic.py +++ b/pwnlib/commandline/cyclic.py @@ -107,4 +107,4 @@ def main(args): out.write(b'\n') if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/debug.py b/pwnlib/commandline/debug.py index fe5fca6f5..15593f915 100644 --- a/pwnlib/commandline/debug.py +++ b/pwnlib/commandline/debug.py @@ -102,4 +102,4 @@ def main(args): gdb.debug(target, gdbscript=gdbscript, sysroot=args.sysroot).interactive() if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/disablenx.py b/pwnlib/commandline/disablenx.py index 29839c0f8..14a7d6531 100644 --- a/pwnlib/commandline/disablenx.py +++ b/pwnlib/commandline/disablenx.py @@ -24,4 +24,4 @@ def main(args): ELF(e.path) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/disasm.py b/pwnlib/commandline/disasm.py index b304393d2..3cf60b148 100644 --- a/pwnlib/commandline/disasm.py +++ b/pwnlib/commandline/disasm.py @@ -110,4 +110,4 @@ def main(args): print(disasm(dat, vma=safeeval.const(args.address))) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/elfdiff.py b/pwnlib/commandline/elfdiff.py index 48afef09f..2ea307ad9 100644 --- a/pwnlib/commandline/elfdiff.py +++ b/pwnlib/commandline/elfdiff.py @@ -59,4 +59,4 @@ def main(a): print(diff(x, y)) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/elfpatch.py b/pwnlib/commandline/elfpatch.py index 10a5adc24..ee8584a9e 100644 --- a/pwnlib/commandline/elfpatch.py +++ b/pwnlib/commandline/elfpatch.py @@ -34,4 +34,4 @@ def main(a): getattr(sys.stdout, 'buffer', sys.stdout).write(elf.get_data()) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/errno.py b/pwnlib/commandline/errno.py index d3a05e37a..2090fbbe2 100644 --- a/pwnlib/commandline/errno.py +++ b/pwnlib/commandline/errno.py @@ -46,4 +46,4 @@ def main(args): print(os.strerror(value)) if __name__ == '__main__': - common.main(__file__) + common.main(__file__, main) diff --git a/pwnlib/commandline/hex.py b/pwnlib/commandline/hex.py index d538af246..d36291054 100644 --- a/pwnlib/commandline/hex.py +++ b/pwnlib/commandline/hex.py @@ -50,4 +50,4 @@ def main(args): print(encoded) if __name__ == '__main__': - common.main(__file__) + common.main(__file__, main) diff --git a/pwnlib/commandline/libcdb.py b/pwnlib/commandline/libcdb.py index 30ee47f07..70ccaa1a6 100644 --- a/pwnlib/commandline/libcdb.py +++ b/pwnlib/commandline/libcdb.py @@ -37,19 +37,12 @@ ) lookup_parser.add_argument( - '--download-libc', + '-d', '--download-libc', action = 'store_true', default = False, help = 'Attempt to download the matching libc.so' ) -lookup_parser.add_argument( - '--unstrip', - action = 'store_true', - default = True, - help = 'Attempt to unstrip the libc binary with debug symbols from a debuginfod server' -) - lookup_parser.add_argument( '--no-unstrip', action = 'store_false', @@ -57,6 +50,14 @@ help = 'Do NOT attempt to unstrip the libc binary with debug symbols from a debuginfod server' ) +lookup_parser.add_argument( + '--offline-only', + action = 'store_true', + default = False, + dest = 'offline_only', + help = 'Attempt to searching with offline only mode' +) + hash_parser = libc_commands.add_parser( 'hash', help = 'Display information of a libc version given an unique hash', @@ -80,19 +81,12 @@ ) hash_parser.add_argument( - '--download-libc', + '-d', '--download-libc', action = 'store_true', default = False, help = 'Attempt to download the matching libc.so' ) -hash_parser.add_argument( - '--unstrip', - action = 'store_true', - default = True, - help = 'Attempt to unstrip the libc binary with debug symbols from a debuginfod server' -) - hash_parser.add_argument( '--no-unstrip', action = 'store_false', @@ -100,6 +94,14 @@ help = 'Do NOT attempt to unstrip the libc binary with debug symbols from a debuginfod server' ) +hash_parser.add_argument( + '--offline-only', + action = 'store_true', + default = False, + dest = 'offline_only', + help = 'Attempt to searching with offline only mode' +) + file_parser = libc_commands.add_parser( 'file', help = 'Dump information about a libc binary', @@ -130,25 +132,34 @@ file_parser.add_argument( '--unstrip', action = 'store_true', - default = False, + dest = 'unstrip', help = 'Attempt to unstrip the libc binary inplace with debug symbols from a debuginfod server' ) -common_symbols = ['dup2', 'printf', 'puts', 'read', 'system', 'write'] +fetch_parser = libc_commands.add_parser( + 'fetch', + help = 'Fetch libc database', + description = 'Fetch libc database. If no argument passed, it will init and upgrade libc-database repository', +) -def find_libc(params): - import requests - url = "https://libc.rip/api/find" - result = requests.post(url, json=params, timeout=20) - log.debug('Request: %s', params) - log.debug('Result: %s', result.json()) - if result.status_code != 200 or len(result.json()) == 0: - log.failure("Could not find libc for %s on libc.rip", params) - return [] +fetch_parser.add_argument( + 'path', + nargs = '?', + default = context.local_libcdb, + help = 'Set libc-database path, If it is empty, the default path will be `context.local_libcdb` (%s)' % context.local_libcdb +) - return result.json() +fetch_parser.add_argument( + '-u', '--update', + metavar = 'update', + nargs = '+', + choices = ['all', 'ubuntu', 'debian', 'rpm', 'centos', 'arch', 'alpine', 'kali', 'parrotsec', 'launchpad'], + help = 'Fetch the desired libc categories' +) -def print_libc(libc): +common_symbols = ['dup2', 'printf', 'puts', 'read', 'system', 'write'] + +def print_libc_info(libc): log.info('%s', text.red(libc['id'])) log.indented('\t%-20s %s', text.green('BuildID:'), libc['buildid']) log.indented('\t%-20s %s', text.green('MD5:'), libc['md5']) @@ -158,14 +169,39 @@ def print_libc(libc): for symbol in libc['symbols'].items(): log.indented('\t%25s = %s', symbol[0], symbol[1]) -def handle_remote_libc(args, libc): - print_libc(libc) - if args.download_libc: - path = libcdb.search_by_build_id(libc['buildid'], args.unstrip) - if path: - if args.unstrip: - libcdb.unstrip_libc(path) - shutil.copy(path, './{}.so'.format(libc['id'])) +def print_libc_elf(exe): + from hashlib import md5, sha1, sha256 + + log.info('%s', text.red(os.path.basename(exe.path))) + + libc_version = get_libc_version(exe) + if libc_version: + log.indented('%-20s %s', text.green('Version:'), libc_version) + + if exe.buildid: + log.indented('%-20s %s', text.green('BuildID:'), enhex(exe.buildid)) + + log.indented('%-20s %s', text.green('MD5:'), md5(exe.data).hexdigest()) + log.indented('%-20s %s', text.green('SHA1:'), sha1(exe.data).hexdigest()) + log.indented('%-20s %s', text.green('SHA256:'), sha256(exe.data).hexdigest()) + + # Always dump the basic list of common symbols + log.indented('%s', text.green('Symbols:')) + synthetic_symbols = collect_synthetic_symbols(exe) + + symbols = common_symbols + (args.symbols or []) + synthetic_symbols + symbols.sort() + for symbol in symbols: + if symbol not in exe.symbols: + log.indented('%25s = %s', symbol, text.red('not found')) + else: + log.indented('%25s = %#x', symbol, translate_offset(exe.symbols[symbol], args, exe)) + +def get_libc_version(exe): + res = re.search(br'libc[ -](\d+\.\d+)', exe.data) + if res: + return res.group(1).decode() + return None def translate_offset(offs, args, exe): if args.offset: @@ -182,7 +218,7 @@ def collect_synthetic_symbols(exe): available_symbols.append('str_bin_sh') except StopIteration: pass - + libc_start_main_return = exe.libc_start_main_return if libc_start_main_return > 0: exe.symbols['__libc_start_main_ret'] = libc_start_main_return @@ -200,52 +236,56 @@ def main(args): if len(pairs) % 2 != 0: log.failure('Uneven number of arguments. Please provide "symbol offset" pairs') return - + symbols = {pairs[i]:pairs[i+1] for i in range(0, len(pairs), 2)} - matched_libcs = find_libc({'symbols': symbols}) + matched_libcs = libcdb.search_by_symbol_offsets(symbols, offline_only=args.offline_only, return_raw=True) + for libc in matched_libcs: - handle_remote_libc(args, libc) + print_libc_info(libc) + if args.download_libc: + path = libcdb.search_by_build_id(libc['buildid'], args.unstrip) + if path: + shutil.copy(path, './{}.so'.format(libc['id'])) elif args.libc_command == 'hash': + inverted_map = {v: k for k, v in libcdb.MAP_TYPES.items()} + hash_type = inverted_map.get(args.hash_type, args.hash_type) + for hash_value in args.hash_value: - matched_libcs = find_libc({args.hash_type: hash_value}) - for libc in matched_libcs: - handle_remote_libc(args, libc) + path = libcdb.search_by_hash(hash_value, hash_type, unstrip=args.unstrip, offline_only=args.offline_only) + exe = ELF(path, checksec=False) + print_libc_elf(exe) + + if args.download_libc: + # if we cannot get actual libc version then copy with cache name + shutil.copy(path, './libc-{}.so'.format(get_libc_version(exe) or Path(path).stem)) elif args.libc_command == 'file': - from hashlib import md5, sha1, sha256 for file in args.files: if not os.path.exists(file) or not os.path.isfile(file): log.failure('File does not exist %s', args.file) continue - + if args.unstrip: libcdb.unstrip_libc(file) - exe = ELF(file, checksec=False) - log.info('%s', text.red(os.path.basename(file))) + print_libc_elf(ELF(file, checksec=False)) - libc_version = re.search(br'libc[ -](\d+\.\d+)', exe.data) - if libc_version: - log.indented('%-20s %s', text.green('Version:'), libc_version.group(1).decode()) + elif args.libc_command == 'fetch': - if exe.buildid: - log.indented('%-20s %s', text.green('BuildID:'), enhex(exe.buildid)) - log.indented('%-20s %s', text.green('MD5:'), md5(exe.data).hexdigest()) - log.indented('%-20s %s', text.green('SHA1:'), sha1(exe.data).hexdigest()) - log.indented('%-20s %s', text.green('SHA256:'), sha256(exe.data).hexdigest()) + if args.update: + subprocess.check_call(['./get'] + args.update, cwd=args.path) - # Always dump the basic list of common symbols - log.indented('%s', text.green('Symbols:')) - synthetic_symbols = collect_synthetic_symbols(exe) + else: + if not Path(args.path).exists(): + if yesno("Would you like to initialize the libc-database repository? " + "If the path already exists, this prompt will not display, and automatically upgrade repository."): + log.waitfor("init libc-database repository") + subprocess.check_call(['git', 'clone', 'https://github.com/niklasb/libc-database/', args.path]) + else: + log.waitfor("upgrade libc-database repository") + subprocess.check_call(['git', 'pull'], cwd=args.path) - symbols = common_symbols + (args.symbols or []) + synthetic_symbols - symbols.sort() - for symbol in symbols: - if symbol not in exe.symbols: - log.indented('%25s = %s', symbol, text.red('not found')) - else: - log.indented('%25s = %#x', symbol, translate_offset(exe.symbols[symbol], args, exe)) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/main.py b/pwnlib/commandline/main.py index 5cfbdd5b7..9382c43c7 100644 --- a/pwnlib/commandline/main.py +++ b/pwnlib/commandline/main.py @@ -1,7 +1,5 @@ from __future__ import absolute_import -import sys - from pwnlib.commandline import asm from pwnlib.commandline import checksec from pwnlib.commandline import common @@ -23,8 +21,7 @@ from pwnlib.commandline import unhex from pwnlib.commandline import update from pwnlib.commandline import version -from pwnlib.commandline.common import parser -from pwnlib.context import context +from pwnlib.commandline.common import parser as parser commands = { 'asm': asm.main, @@ -50,12 +47,7 @@ } def main(): - if len(sys.argv) < 2: - parser.print_usage() - sys.exit() - args = parser.parse_args() - with context.local(log_console = sys.stderr): - commands[args.command](args) + common.entrypoint(commands) if __name__ == '__main__': main() diff --git a/pwnlib/commandline/phd.py b/pwnlib/commandline/phd.py index 7f3891e0f..1be34d969 100644 --- a/pwnlib/commandline/phd.py +++ b/pwnlib/commandline/phd.py @@ -109,4 +109,4 @@ def main(args): pass if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/pwnstrip.py b/pwnlib/commandline/pwnstrip.py index fcc8df171..b7601b605 100644 --- a/pwnlib/commandline/pwnstrip.py +++ b/pwnlib/commandline/pwnstrip.py @@ -53,4 +53,4 @@ def main(args): args.output.write(result) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/scramble.py b/pwnlib/commandline/scramble.py index 8b5043be4..4d4b31cda 100644 --- a/pwnlib/commandline/scramble.py +++ b/pwnlib/commandline/scramble.py @@ -110,4 +110,4 @@ def main(args): if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/shellcraft.py b/pwnlib/commandline/shellcraft.py index 9f5fe36ae..ae24e4c1f 100644 --- a/pwnlib/commandline/shellcraft.py +++ b/pwnlib/commandline/shellcraft.py @@ -71,17 +71,9 @@ def _string(s): p.add_argument( 'shellcode', - nargs = '?', - help = 'The shellcode you want', - type = str -) - -p.add_argument( - 'args', nargs = '*', - metavar = 'arg', - default = (), - help = 'Argument to the chosen shellcode', + help = 'The shellcodes you want. shellcode [args ...] [+ shellcode [args ...]]', + type = str ) p.add_argument( @@ -91,6 +83,12 @@ def _string(s): action='store_true' ) +p.add_argument( + '--delim', + help='Set the delimiter between multilple shellcodes', + default='+' +) + p.add_argument( '-b', '--before', @@ -172,24 +170,50 @@ def _string(s): help='Generated ELF is a shared library' ) -def get_template(name): - func = shellcraft - for attr in name.split('.'): - func = getattr(func, attr) - return func +def get_template(shellcodes): + funcs = [] + for shellcode in shellcodes: + func = shellcraft + cur_name = shellcode[0] + args = [] + if len(shellcode) > 1: + args = shellcode[1:] + for attr in cur_name.split('.'): + func = getattr(func, attr) + funcs.append((cur_name, func, args)) + return funcs def is_not_a_syscall_template(name): template_src = shellcraft._get_source(name) return '/syscalls' not in template_src def main(args): + delim = '+' + if args.delim: + delim = args.delim.strip() + + shellcodes = [] + if args.shellcode: + current = [] + for s in args.shellcode: + if s.strip() == delim: + shellcodes.append(current) + current = [] + else: + current.append(s) + if len(current) > 0: + shellcodes.append(current) + if args.list: templates = shellcraft.templates if args.shellcode: - templates = filter(lambda a: args.shellcode in a, templates) + template_array = [] + for s in shellcodes: + template_array.extend(list(filter(lambda a: s[0] in a, templates))) + templates = template_array elif not args.syscalls: - templates = filter(is_not_a_syscall_template, templates) + templates = list(filter(is_not_a_syscall_template, templates)) print('\n'.join(templates)) exit() @@ -199,84 +223,92 @@ def main(args): exit() try: - func = get_template(args.shellcode) + funcs = get_template(shellcodes) except AttributeError: log.error("Unknown shellcraft template %r. Use --list to see available shellcodes." % args.shellcode) if args.show: - # remove doctests - doc = [] - in_doctest = False - block_indent = None - caption = None - lines = func.__doc__.splitlines() - i = 0 - while i < len(lines): - line = lines[i] - if line.lstrip().startswith('>>>'): - # this line starts a doctest - in_doctest = True - block_indent = None - if caption: - # delete back up to the caption - doc = doc[:caption - i] - caption = None - elif line == '': - # skip blank lines - pass - elif in_doctest: - # indentation marks the end of a doctest - indent = len(line) - len(line.lstrip()) - if block_indent is None: - if not line.lstrip().startswith('...'): - block_indent = indent - elif indent < block_indent: - in_doctest = False + for (name, func, _args) in funcs: + # remove doctests + doc = [] + in_doctest = False + block_indent = None + caption = None + lines = func.__doc__.splitlines() + i = 0 + if len(funcs) > 1: + print('%s:' % name) + while i < len(lines): + line = lines[i] + if line.lstrip().startswith('>>>'): + # this line starts a doctest + in_doctest = True block_indent = None - # re-evalutate this line - continue - elif line.endswith(':'): - # save index of caption - caption = i - else: - # this is not blank space and we're not in a doctest, so the - # previous caption (if any) was not for a doctest - caption = None - - if not in_doctest: - doc.append(line) - i += 1 - print('\n'.join(doc).rstrip()) + if caption: + # delete back up to the caption + doc = doc[:caption - i] + caption = None + elif line == '': + # skip blank lines + pass + elif in_doctest: + # indentation marks the end of a doctest + indent = len(line) - len(line.lstrip()) + if block_indent is None: + if not line.lstrip().startswith('...'): + block_indent = indent + elif indent < block_indent: + in_doctest = False + block_indent = None + # re-evalutate this line + continue + elif line.endswith(':'): + # save index of caption + caption = i + else: + # this is not blank space and we're not in a doctest, so the + # previous caption (if any) was not for a doctest + caption = None + + if not in_doctest: + doc.append(line) + i += 1 + print('\n'.join(doc).rstrip()) + if len(funcs) > 1: + print('') exit() - defargs = len(six.get_function_defaults(func) or ()) - reqargs = six.get_function_code(func).co_argcount - defargs - if len(args.args) < reqargs: - if defargs > 0: - log.critical('%s takes at least %d arguments' % (args.shellcode, reqargs)) - sys.exit(1) - else: - log.critical('%s takes exactly %d arguments' % (args.shellcode, reqargs)) - sys.exit(1) + code_array = [] + for (name, func, func_args) in funcs: + defargs = len(six.get_function_defaults(func) or ()) + reqargs = six.get_function_code(func).co_argcount - defargs - # Captain uglyness saves the day! - for i, val in enumerate(args.args): - try: - args.args[i] = util.safeeval.expr(val) - except ValueError: - pass + if len(func_args) < reqargs: + if defargs > 0: + log.critical('%s takes at least %d arguments' % (name, reqargs)) + sys.exit(1) + else: + log.critical('%s takes exactly %d arguments' % (name, reqargs)) + sys.exit(1) + + # Captain uglyness saves the day! + for i, val in enumerate(func_args): + try: + func_args[i] = util.safeeval.expr(val) + except ValueError: + pass - # And he strikes again! - list(map(common.context_arg, args.shellcode.split('.'))) - code = func(*args.args) + # And he strikes again! + list(map(common.context_arg, name.split('.'))) + code_array.append(func(*func_args)) + code = "".join(code_array) if args.before: code = shellcraft.trap() + code if args.after: code = code + shellcraft.trap() - if args.format in ['a', 'asm', 'assembly']: if args.color: from pygments import highlight @@ -319,7 +351,7 @@ def main(args): else: args.format = 'raw' - arch = args.shellcode.split('.')[0] + arch = name.split('.')[0] if args.debug: if not args.avoid: @@ -352,4 +384,4 @@ def main(args): args.out.write(code) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/template.py b/pwnlib/commandline/template.py index 5cd6c7341..faea7ca1d 100644 --- a/pwnlib/commandline/template.py +++ b/pwnlib/commandline/template.py @@ -1,9 +1,12 @@ from __future__ import absolute_import from __future__ import division +from __future__ import print_function from pwn import * from pwnlib.commandline import common +from pwnlib.util.misc import which, parse_ldd_output, write +from sys import stderr from mako.lookup import TemplateLookup, Template parser = common.parser_commands.add_parser( @@ -32,18 +35,100 @@ os.path.join(printable_data_path, "templates", "pwnup.mako")) parser.add_argument('--no-auto', help='Do not automatically detect missing binaries', action='store_false', dest='auto') +def get_docker_image_libraries(): + """Tries to retrieve challenge libraries from a Docker image built from the Dockerfile in the current working directory. + + The libraries are retrieved by parsing the output of running ldd on /bin/sh. + Supports regular Docker images as well as jail images. + """ + with log.progress("Extracting challenge libraries from Docker image") as progress: + if not which("docker"): + progress.failure("docker command not found") + return None, None + # maps jail image name to the root directory of the child image + jail_image_to_chroot_dir = { + "pwn.red/jail": "/srv", + } + dockerfile = open("Dockerfile", "r").read() + jail = None + chroot_dir = "/" + for jail_image in jail_image_to_chroot_dir: + if re.search(r"^FROM %s" % jail_image, dockerfile, re.MULTILINE): + jail = jail_image + chroot_dir = jail_image_to_chroot_dir[jail_image] + break + try: + progress.status("Building image") + image_sha = subprocess.check_output(["docker", "build", "-q", "."], stderr=subprocess.PIPE, shell=False).decode().strip() + + progress.status("Retrieving library paths") + ldd_command = ["-c", "chroot %s /bin/sh -c 'ldd /bin/sh'" % chroot_dir] + ldd_output = subprocess.check_output([ + "docker", + "run", + "--rm", + "--entrypoint", + "/bin/sh", + ] + (["--privileged"] if jail else []) + [ + image_sha, + ] + ldd_command, + stderr=subprocess.PIPE, + shell=False + ).decode() + + libc, ld = None, None + libc_basename, ld_basename = None, None + for lib_path in parse_ldd_output(ldd_output): + if "libc." in lib_path: + libc = lib_path + libc_basename = os.path.basename(lib_path) + if "ld-" in lib_path: + ld = lib_path + ld_basename = os.path.basename(lib_path) + + if not (libc and ld): + progress.failure("Could not find libraries") + return None, None + + progress.status("Copying libraries to current directory") + for filename, basename in zip((libc, ld), (libc_basename, ld_basename)): + cat_command = ["-c", "chroot %s /bin/sh -c '/bin/cat %s'" % (chroot_dir, filename)] + contents = subprocess.check_output([ + "docker", + "run", + "--rm", + "--entrypoint", + "/bin/sh", + ] + (["--privileged"] if jail else []) + [ + image_sha + ] + cat_command, + stderr=subprocess.PIPE, + shell=False + ) + write(basename, contents) + + except subprocess.CalledProcessError as e: + print(e.stderr.decode()) + log.error("docker failed with status: %d" % e.returncode) + + progress.success("Retrieved libraries from Docker image") + return libc_basename, ld_basename + def detect_missing_binaries(args): log.info("Automatically detecting challenge binaries...") # look for challenge binary, libc, and ld in current directory exe, libc, ld = args.exe, args.libc, None + has_dockerfile = False other_files = [] - for filename in os.listdir(): + for filename in os.listdir("."): if not os.path.isfile(filename): continue if not libc and ('libc-' in filename or 'libc.' in filename): libc = filename elif not ld and 'ld-' in filename: ld = filename + elif filename == "Dockerfile": + has_dockerfile = True else: if os.access(filename, os.X_OK): other_files.append(filename) @@ -52,6 +137,9 @@ def detect_missing_binaries(args): exe = other_files[0] elif len(other_files) > 1: log.warning("Failed to find challenge binary. There are multiple binaries in the current directory: %s", other_files) + + if has_dockerfile and exe and not (libc or ld): + libc, ld = get_docker_image_libraries() if exe != args.exe: log.success("Found challenge binary %r", exe) @@ -122,5 +210,5 @@ def main(args): except OSError: pass if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/unhex.py b/pwnlib/commandline/unhex.py index a254e6b3f..99dad8efd 100644 --- a/pwnlib/commandline/unhex.py +++ b/pwnlib/commandline/unhex.py @@ -30,4 +30,4 @@ def main(args): raise if __name__ == '__main__': - common.main(__file__) + common.main(__file__, main) diff --git a/pwnlib/commandline/update.py b/pwnlib/commandline/update.py index 38ef19a76..2670c0c31 100644 --- a/pwnlib/commandline/update.py +++ b/pwnlib/commandline/update.py @@ -30,4 +30,4 @@ def main(a): subprocess.check_call(result, shell=False) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/commandline/version.py b/pwnlib/commandline/version.py index 9b820160d..ad25a7570 100644 --- a/pwnlib/commandline/version.py +++ b/pwnlib/commandline/version.py @@ -29,4 +29,4 @@ def main(a): log.info("Pwntools v%s" % version) if __name__ == '__main__': - pwnlib.commandline.common.main(__file__) + pwnlib.commandline.common.main(__file__, main) diff --git a/pwnlib/constants/darwin/aarch64.py b/pwnlib/constants/darwin/aarch64.py index 974670014..b00fa5492 100644 --- a/pwnlib/constants/darwin/aarch64.py +++ b/pwnlib/constants/darwin/aarch64.py @@ -88,6 +88,7 @@ VOL_CAP_FMT_SHARED_SPACE = Constant('VOL_CAP_FMT_SHARED_SPACE',0x00800000) VOL_CAP_FMT_VOL_GROUPS = Constant('VOL_CAP_FMT_VOL_GROUPS',0x01000000) VOL_CAP_FMT_SEALED = Constant('VOL_CAP_FMT_SEALED',0x02000000) +VOL_CAP_FMT_CLONE_MAPPING = Constant('VOL_CAP_FMT_CLONE_MAPPING',0x04000000) VOL_CAP_INT_SEARCHFS = Constant('VOL_CAP_INT_SEARCHFS',0x00000001) VOL_CAP_INT_ATTRLIST = Constant('VOL_CAP_INT_ATTRLIST',0x00000002) VOL_CAP_INT_NFSEXPORT = Constant('VOL_CAP_INT_NFSEXPORT',0x00000004) @@ -109,6 +110,8 @@ VOL_CAP_INT_RENAME_EXCL = Constant('VOL_CAP_INT_RENAME_EXCL',0x00080000) VOL_CAP_INT_RENAME_OPENFAIL = Constant('VOL_CAP_INT_RENAME_OPENFAIL',0x00100000) VOL_CAP_INT_RENAME_SECLUDE = Constant('VOL_CAP_INT_RENAME_SECLUDE',0x00200000) +VOL_CAP_INT_ATTRIBUTION_TAG = Constant('VOL_CAP_INT_ATTRIBUTION_TAG',0x00400000) +VOL_CAP_INT_PUNCHHOLE = Constant('VOL_CAP_INT_PUNCHHOLE',0x00800000) ATTR_CMN_NAME = Constant('ATTR_CMN_NAME',0x00000001) ATTR_CMN_DEVID = Constant('ATTR_CMN_DEVID',0x00000002) ATTR_CMN_FSID = Constant('ATTR_CMN_FSID',0x00000004) @@ -293,6 +296,8 @@ IO_SWAP_DISPATCH = Constant('IO_SWAP_DISPATCH',0x200000) IO_SKIP_ENCRYPTION = Constant('IO_SKIP_ENCRYPTION',0x400000) IO_EVTONLY = Constant('IO_EVTONLY',0x800000) +IO_NOCACHE_SYSSPACE = Constant('IO_NOCACHE_SYSSPACE',0x1000000) +IO_NOCACHE_SWRITE = Constant('IO_NOCACHE_SWRITE',0x2000000) LOOKUP = Constant('LOOKUP',0) CREATE = Constant('CREATE',1) DELETE = Constant('DELETE',2) @@ -347,6 +352,7 @@ VNODE_LOOKUP_NOFOLLOW = Constant('VNODE_LOOKUP_NOFOLLOW',0x01) VNODE_LOOKUP_NOCROSSMOUNT = Constant('VNODE_LOOKUP_NOCROSSMOUNT',0x02) VNODE_LOOKUP_CROSSMOUNTNOWAIT = Constant('VNODE_LOOKUP_CROSSMOUNTNOWAIT',0x04) +VNODE_LOOKUP_NOFOLLOW_ANY = Constant('VNODE_LOOKUP_NOFOLLOW_ANY',0x08) VNODE_RELOAD = Constant('VNODE_RELOAD',0x01) VNODE_WAIT = Constant('VNODE_WAIT',0x02) VNODE_WRITEABLE = Constant('VNODE_WRITEABLE',0x04) @@ -425,7 +431,7 @@ WANTPARENT = Constant('WANTPARENT',0x0010) UIO_MAXIOV = Constant('UIO_MAXIOV',1024) UIO_SMALLIOV = Constant('UIO_SMALLIOV',8) -EVFILT_SYSCOUNT = Constant('EVFILT_SYSCOUNT',17) +EVFILT_SYSCOUNT = Constant('EVFILT_SYSCOUNT',18) KEVENT_FLAG_NONE = Constant('KEVENT_FLAG_NONE',0x000000) KEVENT_FLAG_IMMEDIATE = Constant('KEVENT_FLAG_IMMEDIATE',0x000001) KEVENT_FLAG_ERROR_EVENTS = Constant('KEVENT_FLAG_ERROR_EVENTS',0x000002) @@ -503,6 +509,7 @@ IMGPF_SPAWN = Constant('IMGPF_SPAWN',0x00000010) IMGPF_DISABLE_ASLR = Constant('IMGPF_DISABLE_ASLR',0x00000020) IMGPF_ALLOW_DATA_EXEC = Constant('IMGPF_ALLOW_DATA_EXEC',0x00000040) +IMGPF_3P_PLUGINS = Constant('IMGPF_3P_PLUGINS',0x00000080) IMGPF_EXEC = Constant('IMGPF_EXEC',0x00000100) IMGPF_HIGH_BITS_ASLR = Constant('IMGPF_HIGH_BITS_ASLR',0x00000200) IMGPF_IS_64BIT_DATA = Constant('IMGPF_IS_64BIT_DATA',0x00000400) @@ -512,6 +519,7 @@ IMGPF_HW_TPRO = Constant('IMGPF_HW_TPRO',0x00004000) IMGPF_ROSETTA = Constant('IMGPF_ROSETTA',0x10000000) IMGPF_ALT_ROSETTA = Constant('IMGPF_ALT_ROSETTA',0x20000000) +IMGPF_RESERVED_2 = Constant('IMGPF_RESERVED_2',0x40000000) IMGPF_NOJOP = Constant('IMGPF_NOJOP',0x80000000) IMGPF_SB_DEFAULT = Constant('IMGPF_SB_DEFAULT',0) IMGPF_SB_TRUE = Constant('IMGPF_SB_TRUE',1) @@ -560,9 +568,34 @@ WCONTINUED = Constant('WCONTINUED',0x00000010) WNOWAIT = Constant('WNOWAIT',0x00000020) WAIT_MYPGRP = Constant('WAIT_MYPGRP',0) +PRIO_DARWIN_GPU = Constant('PRIO_DARWIN_GPU',5) +PRIO_DARWIN_GPU_ALLOW = Constant('PRIO_DARWIN_GPU_ALLOW',0x1) +PRIO_DARWIN_GPU_DENY = Constant('PRIO_DARWIN_GPU_DENY',0x2) +PRIO_DARWIN_ROLE = Constant('PRIO_DARWIN_ROLE',6) +PRIO_DARWIN_ROLE_DEFAULT = Constant('PRIO_DARWIN_ROLE_DEFAULT',0x0) +PRIO_DARWIN_ROLE_UI_FOCAL = Constant('PRIO_DARWIN_ROLE_UI_FOCAL',0x1) +PRIO_DARWIN_ROLE_UI = Constant('PRIO_DARWIN_ROLE_UI',0x2) +PRIO_DARWIN_ROLE_NON_UI = Constant('PRIO_DARWIN_ROLE_NON_UI',0x3) +PRIO_DARWIN_ROLE_UI_NON_FOCAL = Constant('PRIO_DARWIN_ROLE_UI_NON_FOCAL',0x4) +PRIO_DARWIN_ROLE_TAL_LAUNCH = Constant('PRIO_DARWIN_ROLE_TAL_LAUNCH',0x5) +PRIO_DARWIN_ROLE_DARWIN_BG = Constant('PRIO_DARWIN_ROLE_DARWIN_BG',0x6) PRIO_DARWIN_GAME_MODE = Constant('PRIO_DARWIN_GAME_MODE',7) +PRIO_DARWIN_CARPLAY_MODE = Constant('PRIO_DARWIN_CARPLAY_MODE',8) PRIO_DARWIN_GAME_MODE_OFF = Constant('PRIO_DARWIN_GAME_MODE_OFF',0x0) PRIO_DARWIN_GAME_MODE_ON = Constant('PRIO_DARWIN_GAME_MODE_ON',0x1) +PRIO_DARWIN_CARPLAY_MODE_OFF = Constant('PRIO_DARWIN_CARPLAY_MODE_OFF',0x0) +PRIO_DARWIN_CARPLAY_MODE_ON = Constant('PRIO_DARWIN_CARPLAY_MODE_ON',0x1) +IOMON_ENABLE = Constant('IOMON_ENABLE',0x01) +IOMON_DISABLE = Constant('IOMON_DISABLE',0x02) +IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY = Constant('IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY',1) +IOPOL_TYPE_VFS_ALTLINK = Constant('IOPOL_TYPE_VFS_ALTLINK',11) +IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE = Constant('IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE',12) +IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT = Constant('IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT',0) +IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE = Constant('IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE',1) +IOPOL_VFS_ALTLINK_DISABLED = Constant('IOPOL_VFS_ALTLINK_DISABLED',0) +IOPOL_VFS_ALTLINK_ENABLED = Constant('IOPOL_VFS_ALTLINK_ENABLED',1) +IOPOL_CMD_GET = Constant('IOPOL_CMD_GET',0x00000001) +IOPOL_CMD_SET = Constant('IOPOL_CMD_SET',0x00000002) IPC_CREAT = Constant('IPC_CREAT',0o001000) IPC_EXCL = Constant('IPC_EXCL',0o002000) IPC_NOWAIT = Constant('IPC_NOWAIT',0o004000) @@ -677,6 +710,7 @@ F_GETLEASE = Constant('F_GETLEASE',107) F_TRANSFEREXTENTS = Constant('F_TRANSFEREXTENTS',110) F_ATTRIBUTION_TAG = Constant('F_ATTRIBUTION_TAG',111) +F_ADDSIGS_MAIN_BINARY = Constant('F_ADDSIGS_MAIN_BINARY',113) FCNTL_FS_SPECIFIC_BASE = Constant('FCNTL_FS_SPECIFIC_BASE',0x00010000) F_DUPFD_CLOEXEC = Constant('F_DUPFD_CLOEXEC',67) FD_CLOEXEC = Constant('FD_CLOEXEC',1) @@ -904,6 +938,7 @@ MADV_FREE_REUSE = Constant('MADV_FREE_REUSE',8) MADV_CAN_REUSE = Constant('MADV_CAN_REUSE',9) MADV_PAGEOUT = Constant('MADV_PAGEOUT',10) +MADV_ZERO = Constant('MADV_ZERO',11) MINCORE_INCORE = Constant('MINCORE_INCORE',0x1) MINCORE_REFERENCED = Constant('MINCORE_REFERENCED',0x2) MINCORE_MODIFIED = Constant('MINCORE_MODIFIED',0x4) @@ -1111,6 +1146,9 @@ DBG_MACH_IHDLR = Constant('DBG_MACH_IHDLR',0x10) DBG_MACH_IPC = Constant('DBG_MACH_IPC',0x20) DBG_MACH_RESOURCE = Constant('DBG_MACH_RESOURCE',0x25) +DBG_MACH_EXCLAVES = Constant('DBG_MACH_EXCLAVES',0x2A) +DBG_MACH_EXCLAVES_SCHEDULER = Constant('DBG_MACH_EXCLAVES_SCHEDULER',0x2B) +DBG_MACH_EPOCH_SYNC = Constant('DBG_MACH_EPOCH_SYNC',0x2C) DBG_MACH_VM = Constant('DBG_MACH_VM',0x30) DBG_MACH_LEAKS = Constant('DBG_MACH_LEAKS',0x31) DBG_MACH_WORKINGSET = Constant('DBG_MACH_WORKINGSET',0x32) @@ -1136,6 +1174,7 @@ DBG_MACH_KCOV = Constant('DBG_MACH_KCOV',0xAD) DBG_MACH_MACHDEP_EXCP_SC_x86 = Constant('DBG_MACH_MACHDEP_EXCP_SC_x86',0xAE) DBG_MACH_MACHDEP_EXCP_SC_ARM = Constant('DBG_MACH_MACHDEP_EXCP_SC_ARM',0xAF) +DBG_MACH_VM_RECLAIM = Constant('DBG_MACH_VM_RECLAIM',0xB0) DBC_MACH_IO_MMIO_READ = Constant('DBC_MACH_IO_MMIO_READ',0x1) DBC_MACH_IO_MMIO_WRITE = Constant('DBC_MACH_IO_MMIO_WRITE',0x2) DBC_MACH_IO_PHYS_READ = Constant('DBC_MACH_IO_PHYS_READ',0x3) @@ -1177,7 +1216,6 @@ MACH_SCHED_MAINTENANCE = Constant('MACH_SCHED_MAINTENANCE',0x1f) MACH_DISPATCH = Constant('MACH_DISPATCH',0x20) MACH_QUANTUM_HANDOFF = Constant('MACH_QUANTUM_HANDOFF',0x21) -MACH_MULTIQ_DEQUEUE = Constant('MACH_MULTIQ_DEQUEUE',0x22) MACH_SCHED_THREAD_SWITCH = Constant('MACH_SCHED_THREAD_SWITCH',0x23) MACH_SCHED_SMT_BALANCE = Constant('MACH_SCHED_SMT_BALANCE',0x24) MACH_REMOTE_DEFERRED_AST = Constant('MACH_REMOTE_DEFERRED_AST',0x25) @@ -1229,6 +1267,7 @@ MACH_SCHED_WI_EXTERNAL_WAKEUP = Constant('MACH_SCHED_WI_EXTERNAL_WAKEUP',0x61) MACH_SCHED_AST_CHECK = Constant('MACH_SCHED_AST_CHECK',0x62) MACH_SCHED_PREEMPT_TIMER_ACTIVE = Constant('MACH_SCHED_PREEMPT_TIMER_ACTIVE',0x63) +MACH_PROCESSOR_SHUTDOWN = Constant('MACH_PROCESSOR_SHUTDOWN',0x64) MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE = Constant('MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE',0x0) MACH_SCHED_CLUTCH_TG_BUCKET_STATE = Constant('MACH_SCHED_CLUTCH_TG_BUCKET_STATE',0x1) MACH_SCHED_CLUTCH_THREAD_SELECT = Constant('MACH_SCHED_CLUTCH_THREAD_SELECT',0x2) @@ -1254,20 +1293,83 @@ WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME = Constant('WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME',0x7) KCOV_STKSZ_THRESHOLD_ABOVE = Constant('KCOV_STKSZ_THRESHOLD_ABOVE',0x0) KCOV_STKSZ_THRESHOLD_BELOW = Constant('KCOV_STKSZ_THRESHOLD_BELOW',0x1) -MACH_MULTIQ_BOUND = Constant('MACH_MULTIQ_BOUND',1) -MACH_MULTIQ_GROUP = Constant('MACH_MULTIQ_GROUP',2) -MACH_MULTIQ_GLOBAL = Constant('MACH_MULTIQ_GLOBAL',3) -DBG_ZERO_FILL_FAULT = Constant('DBG_ZERO_FILL_FAULT',1) -DBG_PAGEIN_FAULT = Constant('DBG_PAGEIN_FAULT',2) -DBG_COW_FAULT = Constant('DBG_COW_FAULT',3) -DBG_CACHE_HIT_FAULT = Constant('DBG_CACHE_HIT_FAULT',4) -DBG_NZF_PAGE_FAULT = Constant('DBG_NZF_PAGE_FAULT',5) -DBG_GUARD_FAULT = Constant('DBG_GUARD_FAULT',6) -DBG_PAGEINV_FAULT = Constant('DBG_PAGEINV_FAULT',7) -DBG_PAGEIND_FAULT = Constant('DBG_PAGEIND_FAULT',8) -DBG_COMPRESSOR_FAULT = Constant('DBG_COMPRESSOR_FAULT',9) -DBG_COMPRESSOR_SWAPIN_FAULT = Constant('DBG_COMPRESSOR_SWAPIN_FAULT',10) -DBG_COR_FAULT = Constant('DBG_COR_FAULT',11) +DBG_VM_VNODE_PAGEOUT = Constant('DBG_VM_VNODE_PAGEOUT',0x001) +DBG_VM_FAULT_INTERNAL = Constant('DBG_VM_FAULT_INTERNAL',0x002) +DBG_VM_PURGEABLE_TOKEN_ADD = Constant('DBG_VM_PURGEABLE_TOKEN_ADD',0x040) +DBG_VM_PURGEABLE_TOKEN_DELETE = Constant('DBG_VM_PURGEABLE_TOKEN_DELETE',0x041) +DBG_VM_PURGEABLE_TOKEN_RIPEN = Constant('DBG_VM_PURGEABLE_TOKEN_RIPEN',0x042) +DBG_VM_PURGEABLE_OBJECT_ADD = Constant('DBG_VM_PURGEABLE_OBJECT_ADD',0x048) +DBG_VM_PURGEABLE_OBJECT_REMOVE = Constant('DBG_VM_PURGEABLE_OBJECT_REMOVE',0x049) +DBG_VM_PURGEABLE_OBJECT_PURGE = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE',0x04a) +DBG_VM_PURGEABLE_OBJECT_PURGE_ALL = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_ALL',0x04b) +DBG_VM_PURGEABLE_OBJECT_PURGE_ONE = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_ONE',0x04c) +DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP',0x04e) +DBG_VM_MAP_PARTIAL_REAP = Constant('DBG_VM_MAP_PARTIAL_REAP',0x054) +DBG_VM_MAP_WILLNEED = Constant('DBG_VM_MAP_WILLNEED',0x055) +DBG_VM_FAULT_CHECK_ZFDELAY = Constant('DBG_VM_FAULT_CHECK_ZFDELAY',0x100) +DBG_VM_FAULT_COWDELAY = Constant('DBG_VM_FAULT_COWDELAY',0x101) +DBG_VM_FAULT_ZFDELAY = Constant('DBG_VM_FAULT_ZFDELAY',0x102) +DBG_VM_FAULT_COMPRESSORDELAY = Constant('DBG_VM_FAULT_COMPRESSORDELAY',0x103) +DBG_VM_PAGEOUT_SCAN = Constant('DBG_VM_PAGEOUT_SCAN',0x104) +DBG_VM_PAGEOUT_BALANCE = Constant('DBG_VM_PAGEOUT_BALANCE',0x105) +DBG_VM_PAGEOUT_FREELIST = Constant('DBG_VM_PAGEOUT_FREELIST',0x106) +DBG_VM_PAGEOUT_PURGEONE = Constant('DBG_VM_PAGEOUT_PURGEONE',0x107) +DBG_VM_PAGEOUT_CACHE_EVICT = Constant('DBG_VM_PAGEOUT_CACHE_EVICT',0x108) +DBG_VM_PAGEOUT_THREAD_BLOCK = Constant('DBG_VM_PAGEOUT_THREAD_BLOCK',0x109) +DBG_VM_PAGEOUT_JETSAM = Constant('DBG_VM_PAGEOUT_JETSAM',0x10A) +DBG_VM_INFO1 = Constant('DBG_VM_INFO1',0x10B) +DBG_VM_INFO2 = Constant('DBG_VM_INFO2',0x10C) +DBG_VM_INFO3 = Constant('DBG_VM_INFO3',0x10D) +DBG_VM_INFO4 = Constant('DBG_VM_INFO4',0x10E) +DBG_VM_INFO5 = Constant('DBG_VM_INFO5',0x10F) +DBG_VM_INFO6 = Constant('DBG_VM_INFO6',0x110) +DBG_VM_INFO7 = Constant('DBG_VM_INFO7',0x111) +DBG_VM_INFO8 = Constant('DBG_VM_INFO8',0x112) +DBG_VM_INFO9 = Constant('DBG_VM_INFO9',0x113) +DBG_VM_INFO10 = Constant('DBG_VM_INFO10',0x114) +DBG_VM_UPL_PAGE_WAIT = Constant('DBG_VM_UPL_PAGE_WAIT',0x120) +DBG_VM_IOPL_PAGE_WAIT = Constant('DBG_VM_IOPL_PAGE_WAIT',0x121) +DBG_VM_PAGE_WAIT_BLOCK = Constant('DBG_VM_PAGE_WAIT_BLOCK',0x122) +DBG_VM_PAGE_SLEEP = Constant('DBG_VM_PAGE_SLEEP',0x123) +DBG_VM_PAGE_EXPEDITE = Constant('DBG_VM_PAGE_EXPEDITE',0x124) +DBG_VM_PAGE_EXPEDITE_NO_MEMORY = Constant('DBG_VM_PAGE_EXPEDITE_NO_MEMORY',0x125) +DBG_VM_PAGE_GRAB = Constant('DBG_VM_PAGE_GRAB',0x126) +DBG_VM_PAGE_RELEASE = Constant('DBG_VM_PAGE_RELEASE',0x127) +DBG_VM_COMPRESSOR_COMPACT_AND_SWAP = Constant('DBG_VM_COMPRESSOR_COMPACT_AND_SWAP',0x128) +DBG_VM_COMPRESSOR_DELAYED_COMPACT = Constant('DBG_VM_COMPRESSOR_DELAYED_COMPACT',0x129) +DBG_VM_OBJECT_SLEEP = Constant('DBG_VM_OBJECT_SLEEP',0x12a) +DBG_VM_PAGE_WAKEUP = Constant('DBG_VM_PAGE_WAKEUP',0x12b) +DBG_VM_PAGE_WAKEUP_DONE = Constant('DBG_VM_PAGE_WAKEUP_DONE',0x12c) +DBG_VM_PRESSURE_EVENT = Constant('DBG_VM_PRESSURE_EVENT',0x130) +DBG_VM_EXECVE = Constant('DBG_VM_EXECVE',0x131) +DBG_VM_WAKEUP_COMPACTOR_SWAPPER = Constant('DBG_VM_WAKEUP_COMPACTOR_SWAPPER',0x132) +DBG_VM_UPL_REQUEST = Constant('DBG_VM_UPL_REQUEST',0x133) +DBG_VM_IOPL_REQUEST = Constant('DBG_VM_IOPL_REQUEST',0x134) +DBG_VM_KERN_REQUEST = Constant('DBG_VM_KERN_REQUEST',0x135) +DBG_VM_DATA_WRITE = Constant('DBG_VM_DATA_WRITE',0x140) +DBG_VM_PRESSURE_LEVEL_CHANGE = Constant('DBG_VM_PRESSURE_LEVEL_CHANGE',0x141) +DBG_VM_PHYS_WRITE_ACCT = Constant('DBG_VM_PHYS_WRITE_ACCT',0x142) +DBG_VM_MAP_LOOKUP_ENTRY_FAILURE = Constant('DBG_VM_MAP_LOOKUP_ENTRY_FAILURE',0x143) +VM_DISCONNECT_ALL_PAGE_MAPPINGS = Constant('VM_DISCONNECT_ALL_PAGE_MAPPINGS',0x00) +VM_DISCONNECT_TASK_PAGE_MAPPINGS = Constant('VM_DISCONNECT_TASK_PAGE_MAPPINGS',0x01) +VM_REAL_FAULT_ADDR_INTERNAL = Constant('VM_REAL_FAULT_ADDR_INTERNAL',0x02) +VM_REAL_FAULT_ADDR_PURGABLE = Constant('VM_REAL_FAULT_ADDR_PURGABLE',0x03) +VM_REAL_FAULT_ADDR_EXTERNAL = Constant('VM_REAL_FAULT_ADDR_EXTERNAL',0x04) +VM_REAL_FAULT_ADDR_SHAREDCACHE = Constant('VM_REAL_FAULT_ADDR_SHAREDCACHE',0x05) +VM_REAL_FAULT_FAST = Constant('VM_REAL_FAULT_FAST',0x06) +VM_REAL_FAULT_SLOW = Constant('VM_REAL_FAULT_SLOW',0x07) +VM_MAP_LOOKUP_OBJECT = Constant('VM_MAP_LOOKUP_OBJECT',0x08) +DBG_ZERO_FILL_FAULT = Constant('DBG_ZERO_FILL_FAULT',0x01) +DBG_PAGEIN_FAULT = Constant('DBG_PAGEIN_FAULT',0x02) +DBG_COW_FAULT = Constant('DBG_COW_FAULT',0x03) +DBG_CACHE_HIT_FAULT = Constant('DBG_CACHE_HIT_FAULT',0x04) +DBG_NZF_PAGE_FAULT = Constant('DBG_NZF_PAGE_FAULT',0x05) +DBG_GUARD_FAULT = Constant('DBG_GUARD_FAULT',0x06) +DBG_PAGEINV_FAULT = Constant('DBG_PAGEINV_FAULT',0x07) +DBG_PAGEIND_FAULT = Constant('DBG_PAGEIND_FAULT',0x08) +DBG_COMPRESSOR_FAULT = Constant('DBG_COMPRESSOR_FAULT',0x09) +DBG_COMPRESSOR_SWAPIN_FAULT = Constant('DBG_COMPRESSOR_SWAPIN_FAULT',0x0a) +DBG_COR_FAULT = Constant('DBG_COR_FAULT',0x0b) MACH_TASK_SUSPEND = Constant('MACH_TASK_SUSPEND',0x0) MACH_TASK_RESUME = Constant('MACH_TASK_RESUME',0x1) MACH_THREAD_SET_VOUCHER = Constant('MACH_THREAD_SET_VOUCHER',0x2) @@ -1282,6 +1384,31 @@ MACH_IPC_KMSG_LINK = Constant('MACH_IPC_KMSG_LINK',0xb) MACH_IPC_PORT_ENTRY_MODIFY = Constant('MACH_IPC_PORT_ENTRY_MODIFY',0xc) MACH_IPC_DESTROY_GUARDED_DESC = Constant('MACH_IPC_DESTROY_GUARDED_DESC',0xd) +MACH_THREAD_SUSPEND = Constant('MACH_THREAD_SUSPEND',0xe) +MACH_THREAD_RESUME = Constant('MACH_THREAD_RESUME',0xf) +MACH_EXCLAVES_SWITCH = Constant('MACH_EXCLAVES_SWITCH',0x0) +MACH_EXCLAVES_XNUPROXY = Constant('MACH_EXCLAVES_XNUPROXY',0x1) +MACH_EXCLAVES_RPC = Constant('MACH_EXCLAVES_RPC',0x2) +MACH_EXCLAVES_UPCALL = Constant('MACH_EXCLAVES_UPCALL',0x3) +MACH_EXCLAVES_BOOT_TASK = Constant('MACH_EXCLAVES_BOOT_TASK',0x4) +MACH_EXCLAVES_SCHEDULER_YIELD = Constant('MACH_EXCLAVES_SCHEDULER_YIELD',0x0) +MACH_EXCLAVES_SCHEDULER_SPAWNED = Constant('MACH_EXCLAVES_SCHEDULER_SPAWNED',0x1) +MACH_EXCLAVES_SCHEDULER_TERMINATED = Constant('MACH_EXCLAVES_SCHEDULER_TERMINATED',0x2) +MACH_EXCLAVES_SCHEDULER_WAIT = Constant('MACH_EXCLAVES_SCHEDULER_WAIT',0x3) +MACH_EXCLAVES_SCHEDULER_WAKE = Constant('MACH_EXCLAVES_SCHEDULER_WAKE',0x4) +MACH_EXCLAVES_SCHEDULER_SUSPENDED = Constant('MACH_EXCLAVES_SCHEDULER_SUSPENDED',0x5) +MACH_EXCLAVES_SCHEDULER_RESUMED = Constant('MACH_EXCLAVES_SCHEDULER_RESUMED',0x6) +MACH_EXCLAVES_SCHEDULER_INTERRUPTED = Constant('MACH_EXCLAVES_SCHEDULER_INTERRUPTED',0x7) +MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED = Constant('MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED',0x8) +MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED = Constant('MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED',0x9) +MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC = Constant('MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC',0xa) +MACH_EPOCH_SYNC_WAIT_STALE = Constant('MACH_EPOCH_SYNC_WAIT_STALE',0x0) +MACH_EPOCH_SYNC_WAIT = Constant('MACH_EPOCH_SYNC_WAIT',0x1) +MACH_EPOCH_SYNC_WAKE_NO_WAITERS = Constant('MACH_EPOCH_SYNC_WAKE_NO_WAITERS',0x2) +MACH_EPOCH_SYNC_WAKE_ONE = Constant('MACH_EPOCH_SYNC_WAKE_ONE',0x3) +MACH_EPOCH_SYNC_WAKE_ALL = Constant('MACH_EPOCH_SYNC_WAKE_ALL',0x4) +MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER = Constant('MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER',0x5) +MACH_EPOCH_SYNC_WAKE_THREAD = Constant('MACH_EPOCH_SYNC_WAKE_THREAD',0x6) MACH_THREAD_GROUP_NEW = Constant('MACH_THREAD_GROUP_NEW',0x0) MACH_THREAD_GROUP_FREE = Constant('MACH_THREAD_GROUP_FREE',0x1) MACH_THREAD_GROUP_SET = Constant('MACH_THREAD_GROUP_SET',0x2) @@ -1424,6 +1551,13 @@ HV_X86_VM_PROTECT_TRAP = Constant('HV_X86_VM_PROTECT_TRAP',0x2b) HV_X86_VM_UNMAP_TRAP = Constant('HV_X86_VM_UNMAP_TRAP',0x2c) HV_X86_TSC_OFFSET_SET = Constant('HV_X86_TSC_OFFSET_SET',0x2d) +VM_RECLAIM_UPDATE_ACCOUNTING = Constant('VM_RECLAIM_UPDATE_ACCOUNTING',0x01) +VM_RECLAIM_ENTRIES = Constant('VM_RECLAIM_ENTRIES',0x02) +VM_RECLAIM_CHUNK = Constant('VM_RECLAIM_CHUNK',0x03) +VM_RECLAIM_ENTRY = Constant('VM_RECLAIM_ENTRY',0x04) +VM_RECLAIM_ALL_MEMORY = Constant('VM_RECLAIM_ALL_MEMORY',0x05) +VM_RECLAIM_ASYNC_MEMORY = Constant('VM_RECLAIM_ASYNC_MEMORY',0x06) +VM_RECLAIM_INIT = Constant('VM_RECLAIM_INIT',0x07) DBG_NETIP = Constant('DBG_NETIP',1) DBG_NETARP = Constant('DBG_NETARP',2) DBG_NETUDP = Constant('DBG_NETUDP',3) @@ -2109,6 +2243,7 @@ XATTR_NOSECURITY = Constant('XATTR_NOSECURITY',0x0008) XATTR_NODEFAULT = Constant('XATTR_NODEFAULT',0x0010) XATTR_SHOWCOMPRESSION = Constant('XATTR_SHOWCOMPRESSION',0x0020) +XATTR_NOFOLLOW_ANY = Constant('XATTR_NOFOLLOW_ANY',0x0040) XATTR_MAXNAMELEN = Constant('XATTR_MAXNAMELEN',127) PR_SLOWHZ = Constant('PR_SLOWHZ',2) PRC_IFDOWN = Constant('PRC_IFDOWN',0) @@ -2142,6 +2277,7 @@ CTL_FLAG_REG_SOCK_STREAM = Constant('CTL_FLAG_REG_SOCK_STREAM',0x4) CTL_DATA_NOWAKEUP = Constant('CTL_DATA_NOWAKEUP',0x1) CTL_DATA_EOR = Constant('CTL_DATA_EOR',0x2) +__has_safe_buffers = Constant('__has_safe_buffers',0) __DARWIN_ONLY_64_BIT_INO_T = Constant('__DARWIN_ONLY_64_BIT_INO_T',0) __DARWIN_ONLY_UNIX_CONFORMANCE = Constant('__DARWIN_ONLY_UNIX_CONFORMANCE',0) __DARWIN_ONLY_VERS_1050 = Constant('__DARWIN_ONLY_VERS_1050',0) @@ -2479,7 +2615,8 @@ VQ_NEARLOWDISK = Constant('VQ_NEARLOWDISK',0x2000) VQ_DESIRED_DISK = Constant('VQ_DESIRED_DISK',0x4000) VQ_FREE_SPACE_CHANGE = Constant('VQ_FREE_SPACE_CHANGE',0x8000) -VQ_FLAG10000 = Constant('VQ_FLAG10000',0x10000) +VQ_PURGEABLE_SPACE_CHANGE = Constant('VQ_PURGEABLE_SPACE_CHANGE',0x10000) +VQ_FLAG20000 = Constant('VQ_FLAG20000',0x20000) VFS_IOATTR_FLAGS_FUA = Constant('VFS_IOATTR_FLAGS_FUA',0x00000001) VFS_IOATTR_FLAGS_UNMAP = Constant('VFS_IOATTR_FLAGS_UNMAP',0x00000002) VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED = Constant('VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED',0x00000010) @@ -2510,7 +2647,7 @@ NFSV4_MAX_FH_SIZE = Constant('NFSV4_MAX_FH_SIZE',128) NFSV3_MAX_FH_SIZE = Constant('NFSV3_MAX_FH_SIZE',64) NFSV2_MAX_FH_SIZE = Constant('NFSV2_MAX_FH_SIZE',32) -CRYPTEX_AUTH_STRUCT_VERSION = Constant('CRYPTEX_AUTH_STRUCT_VERSION',1) +CRYPTEX_AUTH_STRUCT_VERSION = Constant('CRYPTEX_AUTH_STRUCT_VERSION',2) EV_FD = Constant('EV_FD',1) EV_RE = Constant('EV_RE',1) EV_WR = Constant('EV_WR',2) @@ -2534,6 +2671,10 @@ KDEBUG_LEVEL_FULL = Constant('KDEBUG_LEVEL_FULL',3) KDBG_FLAG_FILTERED = Constant('KDBG_FLAG_FILTERED',0x01) KDBG_FLAG_NOPROCFILT = Constant('KDBG_FLAG_NOPROCFILT',0x02) +__DARWIN_LITTLE_ENDIAN = Constant('__DARWIN_LITTLE_ENDIAN',1234) +__DARWIN_BIG_ENDIAN = Constant('__DARWIN_BIG_ENDIAN',4321) +__DARWIN_PDP_ENDIAN = Constant('__DARWIN_PDP_ENDIAN',3412) +USE_CLANG_TYPES = Constant('USE_CLANG_TYPES',0) __DARWIN_NULL = Constant('__DARWIN_NULL',0) UBC_PUSHDIRTY = Constant('UBC_PUSHDIRTY',0x01) UBC_PUSHALL = Constant('UBC_PUSHALL',0x02) @@ -3069,7 +3210,9 @@ SYS_mkfifoat = Constant('SYS_mkfifoat',553) SYS_mknodat = Constant('SYS_mknodat',554) SYS_ungraftdmg = Constant('SYS_ungraftdmg',555) -SYS_MAXSYSCALL = Constant('SYS_MAXSYSCALL',556) +SYS_coalition_policy_set = Constant('SYS_coalition_policy_set',556) +SYS_coalition_policy_get = Constant('SYS_coalition_policy_get',557) +SYS_MAXSYSCALL = Constant('SYS_MAXSYSCALL',558) SYS_invalid = Constant('SYS_invalid',63) SOCK_STREAM = Constant('SOCK_STREAM',1) SOCK_DGRAM = Constant('SOCK_DGRAM',2) @@ -3117,6 +3260,7 @@ SO_NET_SERVICE_TYPE = Constant('SO_NET_SERVICE_TYPE',0x1116) SO_NETSVC_MARKING_LEVEL = Constant('SO_NETSVC_MARKING_LEVEL',0x1119) SO_RESOLVER_SIGNATURE = Constant('SO_RESOLVER_SIGNATURE',0x1131) +SO_BINDTODEVICE = Constant('SO_BINDTODEVICE',0x1134) NET_SERVICE_TYPE_BE = Constant('NET_SERVICE_TYPE_BE',0) NET_SERVICE_TYPE_BK = Constant('NET_SERVICE_TYPE_BK',1) NET_SERVICE_TYPE_SIG = Constant('NET_SERVICE_TYPE_SIG',2) diff --git a/pwnlib/constants/darwin/amd64.py b/pwnlib/constants/darwin/amd64.py index 9c7f28401..a0b105848 100644 --- a/pwnlib/constants/darwin/amd64.py +++ b/pwnlib/constants/darwin/amd64.py @@ -88,6 +88,7 @@ VOL_CAP_FMT_SHARED_SPACE = Constant('VOL_CAP_FMT_SHARED_SPACE',0x00800000) VOL_CAP_FMT_VOL_GROUPS = Constant('VOL_CAP_FMT_VOL_GROUPS',0x01000000) VOL_CAP_FMT_SEALED = Constant('VOL_CAP_FMT_SEALED',0x02000000) +VOL_CAP_FMT_CLONE_MAPPING = Constant('VOL_CAP_FMT_CLONE_MAPPING',0x04000000) VOL_CAP_INT_SEARCHFS = Constant('VOL_CAP_INT_SEARCHFS',0x00000001) VOL_CAP_INT_ATTRLIST = Constant('VOL_CAP_INT_ATTRLIST',0x00000002) VOL_CAP_INT_NFSEXPORT = Constant('VOL_CAP_INT_NFSEXPORT',0x00000004) @@ -109,6 +110,8 @@ VOL_CAP_INT_RENAME_EXCL = Constant('VOL_CAP_INT_RENAME_EXCL',0x00080000) VOL_CAP_INT_RENAME_OPENFAIL = Constant('VOL_CAP_INT_RENAME_OPENFAIL',0x00100000) VOL_CAP_INT_RENAME_SECLUDE = Constant('VOL_CAP_INT_RENAME_SECLUDE',0x00200000) +VOL_CAP_INT_ATTRIBUTION_TAG = Constant('VOL_CAP_INT_ATTRIBUTION_TAG',0x00400000) +VOL_CAP_INT_PUNCHHOLE = Constant('VOL_CAP_INT_PUNCHHOLE',0x00800000) ATTR_CMN_NAME = Constant('ATTR_CMN_NAME',0x00000001) ATTR_CMN_DEVID = Constant('ATTR_CMN_DEVID',0x00000002) ATTR_CMN_FSID = Constant('ATTR_CMN_FSID',0x00000004) @@ -293,6 +296,8 @@ IO_SWAP_DISPATCH = Constant('IO_SWAP_DISPATCH',0x200000) IO_SKIP_ENCRYPTION = Constant('IO_SKIP_ENCRYPTION',0x400000) IO_EVTONLY = Constant('IO_EVTONLY',0x800000) +IO_NOCACHE_SYSSPACE = Constant('IO_NOCACHE_SYSSPACE',0x1000000) +IO_NOCACHE_SWRITE = Constant('IO_NOCACHE_SWRITE',0x2000000) LOOKUP = Constant('LOOKUP',0) CREATE = Constant('CREATE',1) DELETE = Constant('DELETE',2) @@ -347,6 +352,7 @@ VNODE_LOOKUP_NOFOLLOW = Constant('VNODE_LOOKUP_NOFOLLOW',0x01) VNODE_LOOKUP_NOCROSSMOUNT = Constant('VNODE_LOOKUP_NOCROSSMOUNT',0x02) VNODE_LOOKUP_CROSSMOUNTNOWAIT = Constant('VNODE_LOOKUP_CROSSMOUNTNOWAIT',0x04) +VNODE_LOOKUP_NOFOLLOW_ANY = Constant('VNODE_LOOKUP_NOFOLLOW_ANY',0x08) VNODE_RELOAD = Constant('VNODE_RELOAD',0x01) VNODE_WAIT = Constant('VNODE_WAIT',0x02) VNODE_WRITEABLE = Constant('VNODE_WRITEABLE',0x04) @@ -425,7 +431,7 @@ WANTPARENT = Constant('WANTPARENT',0x0010) UIO_MAXIOV = Constant('UIO_MAXIOV',1024) UIO_SMALLIOV = Constant('UIO_SMALLIOV',8) -EVFILT_SYSCOUNT = Constant('EVFILT_SYSCOUNT',17) +EVFILT_SYSCOUNT = Constant('EVFILT_SYSCOUNT',18) KEVENT_FLAG_NONE = Constant('KEVENT_FLAG_NONE',0x000000) KEVENT_FLAG_IMMEDIATE = Constant('KEVENT_FLAG_IMMEDIATE',0x000001) KEVENT_FLAG_ERROR_EVENTS = Constant('KEVENT_FLAG_ERROR_EVENTS',0x000002) @@ -503,6 +509,7 @@ IMGPF_SPAWN = Constant('IMGPF_SPAWN',0x00000010) IMGPF_DISABLE_ASLR = Constant('IMGPF_DISABLE_ASLR',0x00000020) IMGPF_ALLOW_DATA_EXEC = Constant('IMGPF_ALLOW_DATA_EXEC',0x00000040) +IMGPF_3P_PLUGINS = Constant('IMGPF_3P_PLUGINS',0x00000080) IMGPF_EXEC = Constant('IMGPF_EXEC',0x00000100) IMGPF_HIGH_BITS_ASLR = Constant('IMGPF_HIGH_BITS_ASLR',0x00000200) IMGPF_IS_64BIT_DATA = Constant('IMGPF_IS_64BIT_DATA',0x00000400) @@ -512,6 +519,7 @@ IMGPF_HW_TPRO = Constant('IMGPF_HW_TPRO',0x00004000) IMGPF_ROSETTA = Constant('IMGPF_ROSETTA',0x10000000) IMGPF_ALT_ROSETTA = Constant('IMGPF_ALT_ROSETTA',0x20000000) +IMGPF_RESERVED_2 = Constant('IMGPF_RESERVED_2',0x40000000) IMGPF_NOJOP = Constant('IMGPF_NOJOP',0x80000000) IMGPF_SB_DEFAULT = Constant('IMGPF_SB_DEFAULT',0) IMGPF_SB_TRUE = Constant('IMGPF_SB_TRUE',1) @@ -560,9 +568,34 @@ WCONTINUED = Constant('WCONTINUED',0x00000010) WNOWAIT = Constant('WNOWAIT',0x00000020) WAIT_MYPGRP = Constant('WAIT_MYPGRP',0) +PRIO_DARWIN_GPU = Constant('PRIO_DARWIN_GPU',5) +PRIO_DARWIN_GPU_ALLOW = Constant('PRIO_DARWIN_GPU_ALLOW',0x1) +PRIO_DARWIN_GPU_DENY = Constant('PRIO_DARWIN_GPU_DENY',0x2) +PRIO_DARWIN_ROLE = Constant('PRIO_DARWIN_ROLE',6) +PRIO_DARWIN_ROLE_DEFAULT = Constant('PRIO_DARWIN_ROLE_DEFAULT',0x0) +PRIO_DARWIN_ROLE_UI_FOCAL = Constant('PRIO_DARWIN_ROLE_UI_FOCAL',0x1) +PRIO_DARWIN_ROLE_UI = Constant('PRIO_DARWIN_ROLE_UI',0x2) +PRIO_DARWIN_ROLE_NON_UI = Constant('PRIO_DARWIN_ROLE_NON_UI',0x3) +PRIO_DARWIN_ROLE_UI_NON_FOCAL = Constant('PRIO_DARWIN_ROLE_UI_NON_FOCAL',0x4) +PRIO_DARWIN_ROLE_TAL_LAUNCH = Constant('PRIO_DARWIN_ROLE_TAL_LAUNCH',0x5) +PRIO_DARWIN_ROLE_DARWIN_BG = Constant('PRIO_DARWIN_ROLE_DARWIN_BG',0x6) PRIO_DARWIN_GAME_MODE = Constant('PRIO_DARWIN_GAME_MODE',7) +PRIO_DARWIN_CARPLAY_MODE = Constant('PRIO_DARWIN_CARPLAY_MODE',8) PRIO_DARWIN_GAME_MODE_OFF = Constant('PRIO_DARWIN_GAME_MODE_OFF',0x0) PRIO_DARWIN_GAME_MODE_ON = Constant('PRIO_DARWIN_GAME_MODE_ON',0x1) +PRIO_DARWIN_CARPLAY_MODE_OFF = Constant('PRIO_DARWIN_CARPLAY_MODE_OFF',0x0) +PRIO_DARWIN_CARPLAY_MODE_ON = Constant('PRIO_DARWIN_CARPLAY_MODE_ON',0x1) +IOMON_ENABLE = Constant('IOMON_ENABLE',0x01) +IOMON_DISABLE = Constant('IOMON_DISABLE',0x02) +IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY = Constant('IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY',1) +IOPOL_TYPE_VFS_ALTLINK = Constant('IOPOL_TYPE_VFS_ALTLINK',11) +IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE = Constant('IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE',12) +IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT = Constant('IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT',0) +IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE = Constant('IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE',1) +IOPOL_VFS_ALTLINK_DISABLED = Constant('IOPOL_VFS_ALTLINK_DISABLED',0) +IOPOL_VFS_ALTLINK_ENABLED = Constant('IOPOL_VFS_ALTLINK_ENABLED',1) +IOPOL_CMD_GET = Constant('IOPOL_CMD_GET',0x00000001) +IOPOL_CMD_SET = Constant('IOPOL_CMD_SET',0x00000002) IPC_CREAT = Constant('IPC_CREAT',0o001000) IPC_EXCL = Constant('IPC_EXCL',0o002000) IPC_NOWAIT = Constant('IPC_NOWAIT',0o004000) @@ -677,6 +710,7 @@ F_GETLEASE = Constant('F_GETLEASE',107) F_TRANSFEREXTENTS = Constant('F_TRANSFEREXTENTS',110) F_ATTRIBUTION_TAG = Constant('F_ATTRIBUTION_TAG',111) +F_ADDSIGS_MAIN_BINARY = Constant('F_ADDSIGS_MAIN_BINARY',113) FCNTL_FS_SPECIFIC_BASE = Constant('FCNTL_FS_SPECIFIC_BASE',0x00010000) F_DUPFD_CLOEXEC = Constant('F_DUPFD_CLOEXEC',67) FD_CLOEXEC = Constant('FD_CLOEXEC',1) @@ -904,6 +938,7 @@ MADV_FREE_REUSE = Constant('MADV_FREE_REUSE',8) MADV_CAN_REUSE = Constant('MADV_CAN_REUSE',9) MADV_PAGEOUT = Constant('MADV_PAGEOUT',10) +MADV_ZERO = Constant('MADV_ZERO',11) MINCORE_INCORE = Constant('MINCORE_INCORE',0x1) MINCORE_REFERENCED = Constant('MINCORE_REFERENCED',0x2) MINCORE_MODIFIED = Constant('MINCORE_MODIFIED',0x4) @@ -1111,6 +1146,9 @@ DBG_MACH_IHDLR = Constant('DBG_MACH_IHDLR',0x10) DBG_MACH_IPC = Constant('DBG_MACH_IPC',0x20) DBG_MACH_RESOURCE = Constant('DBG_MACH_RESOURCE',0x25) +DBG_MACH_EXCLAVES = Constant('DBG_MACH_EXCLAVES',0x2A) +DBG_MACH_EXCLAVES_SCHEDULER = Constant('DBG_MACH_EXCLAVES_SCHEDULER',0x2B) +DBG_MACH_EPOCH_SYNC = Constant('DBG_MACH_EPOCH_SYNC',0x2C) DBG_MACH_VM = Constant('DBG_MACH_VM',0x30) DBG_MACH_LEAKS = Constant('DBG_MACH_LEAKS',0x31) DBG_MACH_WORKINGSET = Constant('DBG_MACH_WORKINGSET',0x32) @@ -1136,6 +1174,7 @@ DBG_MACH_KCOV = Constant('DBG_MACH_KCOV',0xAD) DBG_MACH_MACHDEP_EXCP_SC_x86 = Constant('DBG_MACH_MACHDEP_EXCP_SC_x86',0xAE) DBG_MACH_MACHDEP_EXCP_SC_ARM = Constant('DBG_MACH_MACHDEP_EXCP_SC_ARM',0xAF) +DBG_MACH_VM_RECLAIM = Constant('DBG_MACH_VM_RECLAIM',0xB0) DBC_MACH_IO_MMIO_READ = Constant('DBC_MACH_IO_MMIO_READ',0x1) DBC_MACH_IO_MMIO_WRITE = Constant('DBC_MACH_IO_MMIO_WRITE',0x2) DBC_MACH_IO_PHYS_READ = Constant('DBC_MACH_IO_PHYS_READ',0x3) @@ -1177,7 +1216,6 @@ MACH_SCHED_MAINTENANCE = Constant('MACH_SCHED_MAINTENANCE',0x1f) MACH_DISPATCH = Constant('MACH_DISPATCH',0x20) MACH_QUANTUM_HANDOFF = Constant('MACH_QUANTUM_HANDOFF',0x21) -MACH_MULTIQ_DEQUEUE = Constant('MACH_MULTIQ_DEQUEUE',0x22) MACH_SCHED_THREAD_SWITCH = Constant('MACH_SCHED_THREAD_SWITCH',0x23) MACH_SCHED_SMT_BALANCE = Constant('MACH_SCHED_SMT_BALANCE',0x24) MACH_REMOTE_DEFERRED_AST = Constant('MACH_REMOTE_DEFERRED_AST',0x25) @@ -1229,6 +1267,7 @@ MACH_SCHED_WI_EXTERNAL_WAKEUP = Constant('MACH_SCHED_WI_EXTERNAL_WAKEUP',0x61) MACH_SCHED_AST_CHECK = Constant('MACH_SCHED_AST_CHECK',0x62) MACH_SCHED_PREEMPT_TIMER_ACTIVE = Constant('MACH_SCHED_PREEMPT_TIMER_ACTIVE',0x63) +MACH_PROCESSOR_SHUTDOWN = Constant('MACH_PROCESSOR_SHUTDOWN',0x64) MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE = Constant('MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE',0x0) MACH_SCHED_CLUTCH_TG_BUCKET_STATE = Constant('MACH_SCHED_CLUTCH_TG_BUCKET_STATE',0x1) MACH_SCHED_CLUTCH_THREAD_SELECT = Constant('MACH_SCHED_CLUTCH_THREAD_SELECT',0x2) @@ -1254,20 +1293,83 @@ WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME = Constant('WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME',0x7) KCOV_STKSZ_THRESHOLD_ABOVE = Constant('KCOV_STKSZ_THRESHOLD_ABOVE',0x0) KCOV_STKSZ_THRESHOLD_BELOW = Constant('KCOV_STKSZ_THRESHOLD_BELOW',0x1) -MACH_MULTIQ_BOUND = Constant('MACH_MULTIQ_BOUND',1) -MACH_MULTIQ_GROUP = Constant('MACH_MULTIQ_GROUP',2) -MACH_MULTIQ_GLOBAL = Constant('MACH_MULTIQ_GLOBAL',3) -DBG_ZERO_FILL_FAULT = Constant('DBG_ZERO_FILL_FAULT',1) -DBG_PAGEIN_FAULT = Constant('DBG_PAGEIN_FAULT',2) -DBG_COW_FAULT = Constant('DBG_COW_FAULT',3) -DBG_CACHE_HIT_FAULT = Constant('DBG_CACHE_HIT_FAULT',4) -DBG_NZF_PAGE_FAULT = Constant('DBG_NZF_PAGE_FAULT',5) -DBG_GUARD_FAULT = Constant('DBG_GUARD_FAULT',6) -DBG_PAGEINV_FAULT = Constant('DBG_PAGEINV_FAULT',7) -DBG_PAGEIND_FAULT = Constant('DBG_PAGEIND_FAULT',8) -DBG_COMPRESSOR_FAULT = Constant('DBG_COMPRESSOR_FAULT',9) -DBG_COMPRESSOR_SWAPIN_FAULT = Constant('DBG_COMPRESSOR_SWAPIN_FAULT',10) -DBG_COR_FAULT = Constant('DBG_COR_FAULT',11) +DBG_VM_VNODE_PAGEOUT = Constant('DBG_VM_VNODE_PAGEOUT',0x001) +DBG_VM_FAULT_INTERNAL = Constant('DBG_VM_FAULT_INTERNAL',0x002) +DBG_VM_PURGEABLE_TOKEN_ADD = Constant('DBG_VM_PURGEABLE_TOKEN_ADD',0x040) +DBG_VM_PURGEABLE_TOKEN_DELETE = Constant('DBG_VM_PURGEABLE_TOKEN_DELETE',0x041) +DBG_VM_PURGEABLE_TOKEN_RIPEN = Constant('DBG_VM_PURGEABLE_TOKEN_RIPEN',0x042) +DBG_VM_PURGEABLE_OBJECT_ADD = Constant('DBG_VM_PURGEABLE_OBJECT_ADD',0x048) +DBG_VM_PURGEABLE_OBJECT_REMOVE = Constant('DBG_VM_PURGEABLE_OBJECT_REMOVE',0x049) +DBG_VM_PURGEABLE_OBJECT_PURGE = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE',0x04a) +DBG_VM_PURGEABLE_OBJECT_PURGE_ALL = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_ALL',0x04b) +DBG_VM_PURGEABLE_OBJECT_PURGE_ONE = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_ONE',0x04c) +DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP = Constant('DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP',0x04e) +DBG_VM_MAP_PARTIAL_REAP = Constant('DBG_VM_MAP_PARTIAL_REAP',0x054) +DBG_VM_MAP_WILLNEED = Constant('DBG_VM_MAP_WILLNEED',0x055) +DBG_VM_FAULT_CHECK_ZFDELAY = Constant('DBG_VM_FAULT_CHECK_ZFDELAY',0x100) +DBG_VM_FAULT_COWDELAY = Constant('DBG_VM_FAULT_COWDELAY',0x101) +DBG_VM_FAULT_ZFDELAY = Constant('DBG_VM_FAULT_ZFDELAY',0x102) +DBG_VM_FAULT_COMPRESSORDELAY = Constant('DBG_VM_FAULT_COMPRESSORDELAY',0x103) +DBG_VM_PAGEOUT_SCAN = Constant('DBG_VM_PAGEOUT_SCAN',0x104) +DBG_VM_PAGEOUT_BALANCE = Constant('DBG_VM_PAGEOUT_BALANCE',0x105) +DBG_VM_PAGEOUT_FREELIST = Constant('DBG_VM_PAGEOUT_FREELIST',0x106) +DBG_VM_PAGEOUT_PURGEONE = Constant('DBG_VM_PAGEOUT_PURGEONE',0x107) +DBG_VM_PAGEOUT_CACHE_EVICT = Constant('DBG_VM_PAGEOUT_CACHE_EVICT',0x108) +DBG_VM_PAGEOUT_THREAD_BLOCK = Constant('DBG_VM_PAGEOUT_THREAD_BLOCK',0x109) +DBG_VM_PAGEOUT_JETSAM = Constant('DBG_VM_PAGEOUT_JETSAM',0x10A) +DBG_VM_INFO1 = Constant('DBG_VM_INFO1',0x10B) +DBG_VM_INFO2 = Constant('DBG_VM_INFO2',0x10C) +DBG_VM_INFO3 = Constant('DBG_VM_INFO3',0x10D) +DBG_VM_INFO4 = Constant('DBG_VM_INFO4',0x10E) +DBG_VM_INFO5 = Constant('DBG_VM_INFO5',0x10F) +DBG_VM_INFO6 = Constant('DBG_VM_INFO6',0x110) +DBG_VM_INFO7 = Constant('DBG_VM_INFO7',0x111) +DBG_VM_INFO8 = Constant('DBG_VM_INFO8',0x112) +DBG_VM_INFO9 = Constant('DBG_VM_INFO9',0x113) +DBG_VM_INFO10 = Constant('DBG_VM_INFO10',0x114) +DBG_VM_UPL_PAGE_WAIT = Constant('DBG_VM_UPL_PAGE_WAIT',0x120) +DBG_VM_IOPL_PAGE_WAIT = Constant('DBG_VM_IOPL_PAGE_WAIT',0x121) +DBG_VM_PAGE_WAIT_BLOCK = Constant('DBG_VM_PAGE_WAIT_BLOCK',0x122) +DBG_VM_PAGE_SLEEP = Constant('DBG_VM_PAGE_SLEEP',0x123) +DBG_VM_PAGE_EXPEDITE = Constant('DBG_VM_PAGE_EXPEDITE',0x124) +DBG_VM_PAGE_EXPEDITE_NO_MEMORY = Constant('DBG_VM_PAGE_EXPEDITE_NO_MEMORY',0x125) +DBG_VM_PAGE_GRAB = Constant('DBG_VM_PAGE_GRAB',0x126) +DBG_VM_PAGE_RELEASE = Constant('DBG_VM_PAGE_RELEASE',0x127) +DBG_VM_COMPRESSOR_COMPACT_AND_SWAP = Constant('DBG_VM_COMPRESSOR_COMPACT_AND_SWAP',0x128) +DBG_VM_COMPRESSOR_DELAYED_COMPACT = Constant('DBG_VM_COMPRESSOR_DELAYED_COMPACT',0x129) +DBG_VM_OBJECT_SLEEP = Constant('DBG_VM_OBJECT_SLEEP',0x12a) +DBG_VM_PAGE_WAKEUP = Constant('DBG_VM_PAGE_WAKEUP',0x12b) +DBG_VM_PAGE_WAKEUP_DONE = Constant('DBG_VM_PAGE_WAKEUP_DONE',0x12c) +DBG_VM_PRESSURE_EVENT = Constant('DBG_VM_PRESSURE_EVENT',0x130) +DBG_VM_EXECVE = Constant('DBG_VM_EXECVE',0x131) +DBG_VM_WAKEUP_COMPACTOR_SWAPPER = Constant('DBG_VM_WAKEUP_COMPACTOR_SWAPPER',0x132) +DBG_VM_UPL_REQUEST = Constant('DBG_VM_UPL_REQUEST',0x133) +DBG_VM_IOPL_REQUEST = Constant('DBG_VM_IOPL_REQUEST',0x134) +DBG_VM_KERN_REQUEST = Constant('DBG_VM_KERN_REQUEST',0x135) +DBG_VM_DATA_WRITE = Constant('DBG_VM_DATA_WRITE',0x140) +DBG_VM_PRESSURE_LEVEL_CHANGE = Constant('DBG_VM_PRESSURE_LEVEL_CHANGE',0x141) +DBG_VM_PHYS_WRITE_ACCT = Constant('DBG_VM_PHYS_WRITE_ACCT',0x142) +DBG_VM_MAP_LOOKUP_ENTRY_FAILURE = Constant('DBG_VM_MAP_LOOKUP_ENTRY_FAILURE',0x143) +VM_DISCONNECT_ALL_PAGE_MAPPINGS = Constant('VM_DISCONNECT_ALL_PAGE_MAPPINGS',0x00) +VM_DISCONNECT_TASK_PAGE_MAPPINGS = Constant('VM_DISCONNECT_TASK_PAGE_MAPPINGS',0x01) +VM_REAL_FAULT_ADDR_INTERNAL = Constant('VM_REAL_FAULT_ADDR_INTERNAL',0x02) +VM_REAL_FAULT_ADDR_PURGABLE = Constant('VM_REAL_FAULT_ADDR_PURGABLE',0x03) +VM_REAL_FAULT_ADDR_EXTERNAL = Constant('VM_REAL_FAULT_ADDR_EXTERNAL',0x04) +VM_REAL_FAULT_ADDR_SHAREDCACHE = Constant('VM_REAL_FAULT_ADDR_SHAREDCACHE',0x05) +VM_REAL_FAULT_FAST = Constant('VM_REAL_FAULT_FAST',0x06) +VM_REAL_FAULT_SLOW = Constant('VM_REAL_FAULT_SLOW',0x07) +VM_MAP_LOOKUP_OBJECT = Constant('VM_MAP_LOOKUP_OBJECT',0x08) +DBG_ZERO_FILL_FAULT = Constant('DBG_ZERO_FILL_FAULT',0x01) +DBG_PAGEIN_FAULT = Constant('DBG_PAGEIN_FAULT',0x02) +DBG_COW_FAULT = Constant('DBG_COW_FAULT',0x03) +DBG_CACHE_HIT_FAULT = Constant('DBG_CACHE_HIT_FAULT',0x04) +DBG_NZF_PAGE_FAULT = Constant('DBG_NZF_PAGE_FAULT',0x05) +DBG_GUARD_FAULT = Constant('DBG_GUARD_FAULT',0x06) +DBG_PAGEINV_FAULT = Constant('DBG_PAGEINV_FAULT',0x07) +DBG_PAGEIND_FAULT = Constant('DBG_PAGEIND_FAULT',0x08) +DBG_COMPRESSOR_FAULT = Constant('DBG_COMPRESSOR_FAULT',0x09) +DBG_COMPRESSOR_SWAPIN_FAULT = Constant('DBG_COMPRESSOR_SWAPIN_FAULT',0x0a) +DBG_COR_FAULT = Constant('DBG_COR_FAULT',0x0b) MACH_TASK_SUSPEND = Constant('MACH_TASK_SUSPEND',0x0) MACH_TASK_RESUME = Constant('MACH_TASK_RESUME',0x1) MACH_THREAD_SET_VOUCHER = Constant('MACH_THREAD_SET_VOUCHER',0x2) @@ -1282,6 +1384,31 @@ MACH_IPC_KMSG_LINK = Constant('MACH_IPC_KMSG_LINK',0xb) MACH_IPC_PORT_ENTRY_MODIFY = Constant('MACH_IPC_PORT_ENTRY_MODIFY',0xc) MACH_IPC_DESTROY_GUARDED_DESC = Constant('MACH_IPC_DESTROY_GUARDED_DESC',0xd) +MACH_THREAD_SUSPEND = Constant('MACH_THREAD_SUSPEND',0xe) +MACH_THREAD_RESUME = Constant('MACH_THREAD_RESUME',0xf) +MACH_EXCLAVES_SWITCH = Constant('MACH_EXCLAVES_SWITCH',0x0) +MACH_EXCLAVES_XNUPROXY = Constant('MACH_EXCLAVES_XNUPROXY',0x1) +MACH_EXCLAVES_RPC = Constant('MACH_EXCLAVES_RPC',0x2) +MACH_EXCLAVES_UPCALL = Constant('MACH_EXCLAVES_UPCALL',0x3) +MACH_EXCLAVES_BOOT_TASK = Constant('MACH_EXCLAVES_BOOT_TASK',0x4) +MACH_EXCLAVES_SCHEDULER_YIELD = Constant('MACH_EXCLAVES_SCHEDULER_YIELD',0x0) +MACH_EXCLAVES_SCHEDULER_SPAWNED = Constant('MACH_EXCLAVES_SCHEDULER_SPAWNED',0x1) +MACH_EXCLAVES_SCHEDULER_TERMINATED = Constant('MACH_EXCLAVES_SCHEDULER_TERMINATED',0x2) +MACH_EXCLAVES_SCHEDULER_WAIT = Constant('MACH_EXCLAVES_SCHEDULER_WAIT',0x3) +MACH_EXCLAVES_SCHEDULER_WAKE = Constant('MACH_EXCLAVES_SCHEDULER_WAKE',0x4) +MACH_EXCLAVES_SCHEDULER_SUSPENDED = Constant('MACH_EXCLAVES_SCHEDULER_SUSPENDED',0x5) +MACH_EXCLAVES_SCHEDULER_RESUMED = Constant('MACH_EXCLAVES_SCHEDULER_RESUMED',0x6) +MACH_EXCLAVES_SCHEDULER_INTERRUPTED = Constant('MACH_EXCLAVES_SCHEDULER_INTERRUPTED',0x7) +MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED = Constant('MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED',0x8) +MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED = Constant('MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED',0x9) +MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC = Constant('MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC',0xa) +MACH_EPOCH_SYNC_WAIT_STALE = Constant('MACH_EPOCH_SYNC_WAIT_STALE',0x0) +MACH_EPOCH_SYNC_WAIT = Constant('MACH_EPOCH_SYNC_WAIT',0x1) +MACH_EPOCH_SYNC_WAKE_NO_WAITERS = Constant('MACH_EPOCH_SYNC_WAKE_NO_WAITERS',0x2) +MACH_EPOCH_SYNC_WAKE_ONE = Constant('MACH_EPOCH_SYNC_WAKE_ONE',0x3) +MACH_EPOCH_SYNC_WAKE_ALL = Constant('MACH_EPOCH_SYNC_WAKE_ALL',0x4) +MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER = Constant('MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER',0x5) +MACH_EPOCH_SYNC_WAKE_THREAD = Constant('MACH_EPOCH_SYNC_WAKE_THREAD',0x6) MACH_THREAD_GROUP_NEW = Constant('MACH_THREAD_GROUP_NEW',0x0) MACH_THREAD_GROUP_FREE = Constant('MACH_THREAD_GROUP_FREE',0x1) MACH_THREAD_GROUP_SET = Constant('MACH_THREAD_GROUP_SET',0x2) @@ -1424,6 +1551,13 @@ HV_X86_VM_PROTECT_TRAP = Constant('HV_X86_VM_PROTECT_TRAP',0x2b) HV_X86_VM_UNMAP_TRAP = Constant('HV_X86_VM_UNMAP_TRAP',0x2c) HV_X86_TSC_OFFSET_SET = Constant('HV_X86_TSC_OFFSET_SET',0x2d) +VM_RECLAIM_UPDATE_ACCOUNTING = Constant('VM_RECLAIM_UPDATE_ACCOUNTING',0x01) +VM_RECLAIM_ENTRIES = Constant('VM_RECLAIM_ENTRIES',0x02) +VM_RECLAIM_CHUNK = Constant('VM_RECLAIM_CHUNK',0x03) +VM_RECLAIM_ENTRY = Constant('VM_RECLAIM_ENTRY',0x04) +VM_RECLAIM_ALL_MEMORY = Constant('VM_RECLAIM_ALL_MEMORY',0x05) +VM_RECLAIM_ASYNC_MEMORY = Constant('VM_RECLAIM_ASYNC_MEMORY',0x06) +VM_RECLAIM_INIT = Constant('VM_RECLAIM_INIT',0x07) DBG_NETIP = Constant('DBG_NETIP',1) DBG_NETARP = Constant('DBG_NETARP',2) DBG_NETUDP = Constant('DBG_NETUDP',3) @@ -2109,6 +2243,7 @@ XATTR_NOSECURITY = Constant('XATTR_NOSECURITY',0x0008) XATTR_NODEFAULT = Constant('XATTR_NODEFAULT',0x0010) XATTR_SHOWCOMPRESSION = Constant('XATTR_SHOWCOMPRESSION',0x0020) +XATTR_NOFOLLOW_ANY = Constant('XATTR_NOFOLLOW_ANY',0x0040) XATTR_MAXNAMELEN = Constant('XATTR_MAXNAMELEN',127) PR_SLOWHZ = Constant('PR_SLOWHZ',2) PRC_IFDOWN = Constant('PRC_IFDOWN',0) @@ -2142,6 +2277,7 @@ CTL_FLAG_REG_SOCK_STREAM = Constant('CTL_FLAG_REG_SOCK_STREAM',0x4) CTL_DATA_NOWAKEUP = Constant('CTL_DATA_NOWAKEUP',0x1) CTL_DATA_EOR = Constant('CTL_DATA_EOR',0x2) +__has_safe_buffers = Constant('__has_safe_buffers',0) __DARWIN_ONLY_64_BIT_INO_T = Constant('__DARWIN_ONLY_64_BIT_INO_T',0) __DARWIN_ONLY_UNIX_CONFORMANCE = Constant('__DARWIN_ONLY_UNIX_CONFORMANCE',0) __DARWIN_ONLY_VERS_1050 = Constant('__DARWIN_ONLY_VERS_1050',0) @@ -2479,7 +2615,8 @@ VQ_NEARLOWDISK = Constant('VQ_NEARLOWDISK',0x2000) VQ_DESIRED_DISK = Constant('VQ_DESIRED_DISK',0x4000) VQ_FREE_SPACE_CHANGE = Constant('VQ_FREE_SPACE_CHANGE',0x8000) -VQ_FLAG10000 = Constant('VQ_FLAG10000',0x10000) +VQ_PURGEABLE_SPACE_CHANGE = Constant('VQ_PURGEABLE_SPACE_CHANGE',0x10000) +VQ_FLAG20000 = Constant('VQ_FLAG20000',0x20000) VFS_IOATTR_FLAGS_FUA = Constant('VFS_IOATTR_FLAGS_FUA',0x00000001) VFS_IOATTR_FLAGS_UNMAP = Constant('VFS_IOATTR_FLAGS_UNMAP',0x00000002) VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED = Constant('VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED',0x00000010) @@ -2510,7 +2647,7 @@ NFSV4_MAX_FH_SIZE = Constant('NFSV4_MAX_FH_SIZE',128) NFSV3_MAX_FH_SIZE = Constant('NFSV3_MAX_FH_SIZE',64) NFSV2_MAX_FH_SIZE = Constant('NFSV2_MAX_FH_SIZE',32) -CRYPTEX_AUTH_STRUCT_VERSION = Constant('CRYPTEX_AUTH_STRUCT_VERSION',1) +CRYPTEX_AUTH_STRUCT_VERSION = Constant('CRYPTEX_AUTH_STRUCT_VERSION',2) EV_FD = Constant('EV_FD',1) EV_RE = Constant('EV_RE',1) EV_WR = Constant('EV_WR',2) @@ -2534,6 +2671,10 @@ KDEBUG_LEVEL_FULL = Constant('KDEBUG_LEVEL_FULL',3) KDBG_FLAG_FILTERED = Constant('KDBG_FLAG_FILTERED',0x01) KDBG_FLAG_NOPROCFILT = Constant('KDBG_FLAG_NOPROCFILT',0x02) +__DARWIN_LITTLE_ENDIAN = Constant('__DARWIN_LITTLE_ENDIAN',1234) +__DARWIN_BIG_ENDIAN = Constant('__DARWIN_BIG_ENDIAN',4321) +__DARWIN_PDP_ENDIAN = Constant('__DARWIN_PDP_ENDIAN',3412) +USE_CLANG_TYPES = Constant('USE_CLANG_TYPES',0) __DARWIN_NULL = Constant('__DARWIN_NULL',0) UBC_PUSHDIRTY = Constant('UBC_PUSHDIRTY',0x01) UBC_PUSHALL = Constant('UBC_PUSHALL',0x02) @@ -3069,7 +3210,9 @@ SYS_mkfifoat = Constant('SYS_mkfifoat',553 + 0x2000000) SYS_mknodat = Constant('SYS_mknodat',554 + 0x2000000) SYS_ungraftdmg = Constant('SYS_ungraftdmg',555 + 0x2000000) -SYS_MAXSYSCALL = Constant('SYS_MAXSYSCALL',556 + 0x2000000) +SYS_coalition_policy_set = Constant('SYS_coalition_policy_set',556 + 0x2000000) +SYS_coalition_policy_get = Constant('SYS_coalition_policy_get',557 + 0x2000000) +SYS_MAXSYSCALL = Constant('SYS_MAXSYSCALL',558 + 0x2000000) SYS_invalid = Constant('SYS_invalid',63 + 0x2000000) SOCK_STREAM = Constant('SOCK_STREAM',1) SOCK_DGRAM = Constant('SOCK_DGRAM',2) @@ -3117,6 +3260,7 @@ SO_NET_SERVICE_TYPE = Constant('SO_NET_SERVICE_TYPE',0x1116) SO_NETSVC_MARKING_LEVEL = Constant('SO_NETSVC_MARKING_LEVEL',0x1119) SO_RESOLVER_SIGNATURE = Constant('SO_RESOLVER_SIGNATURE',0x1131) +SO_BINDTODEVICE = Constant('SO_BINDTODEVICE',0x1134) NET_SERVICE_TYPE_BE = Constant('NET_SERVICE_TYPE_BE',0) NET_SERVICE_TYPE_BK = Constant('NET_SERVICE_TYPE_BK',1) NET_SERVICE_TYPE_SIG = Constant('NET_SERVICE_TYPE_SIG',2) diff --git a/pwnlib/constants/linux/riscv64.py b/pwnlib/constants/linux/riscv64.py new file mode 100644 index 000000000..d7ac82417 --- /dev/null +++ b/pwnlib/constants/linux/riscv64.py @@ -0,0 +1,1306 @@ +from pwnlib.constants.constant import Constant +__NR_io_setup = Constant('__NR_io_setup',0) +__NR_io_destroy = Constant('__NR_io_destroy',1) +__NR_io_submit = Constant('__NR_io_submit',2) +__NR_io_cancel = Constant('__NR_io_cancel',3) +__NR_io_getevents = Constant('__NR_io_getevents',4) +__NR_setxattr = Constant('__NR_setxattr',5) +__NR_lsetxattr = Constant('__NR_lsetxattr',6) +__NR_fsetxattr = Constant('__NR_fsetxattr',7) +__NR_getxattr = Constant('__NR_getxattr',8) +__NR_lgetxattr = Constant('__NR_lgetxattr',9) +__NR_fgetxattr = Constant('__NR_fgetxattr',10) +__NR_listxattr = Constant('__NR_listxattr',11) +__NR_llistxattr = Constant('__NR_llistxattr',12) +__NR_flistxattr = Constant('__NR_flistxattr',13) +__NR_removexattr = Constant('__NR_removexattr',14) +__NR_lremovexattr = Constant('__NR_lremovexattr',15) +__NR_fremovexattr = Constant('__NR_fremovexattr',16) +__NR_getcwd = Constant('__NR_getcwd',17) +__NR_lookup_dcookie = Constant('__NR_lookup_dcookie',18) +__NR_eventfd2 = Constant('__NR_eventfd2',19) +__NR_epoll_create1 = Constant('__NR_epoll_create1',20) +__NR_epoll_ctl = Constant('__NR_epoll_ctl',21) +__NR_epoll_pwait = Constant('__NR_epoll_pwait',22) +__NR_dup = Constant('__NR_dup',23) +__NR_dup3 = Constant('__NR_dup3',24) +__NR_fcntl = Constant('__NR_fcntl',25) +__NR_inotify_init1 = Constant('__NR_inotify_init1',26) +__NR_inotify_add_watch = Constant('__NR_inotify_add_watch',27) +__NR_inotify_rm_watch = Constant('__NR_inotify_rm_watch',28) +__NR_ioctl = Constant('__NR_ioctl',29) +__NR_ioprio_set = Constant('__NR_ioprio_set',30) +__NR_ioprio_get = Constant('__NR_ioprio_get',31) +__NR_flock = Constant('__NR_flock',32) +__NR_mknodat = Constant('__NR_mknodat',33) +__NR_mkdirat = Constant('__NR_mkdirat',34) +__NR_unlinkat = Constant('__NR_unlinkat',35) +__NR_symlinkat = Constant('__NR_symlinkat',36) +__NR_linkat = Constant('__NR_linkat',37) +__NR_umount2 = Constant('__NR_umount2',39) +__NR_mount = Constant('__NR_mount',40) +__NR_pivot_root = Constant('__NR_pivot_root',41) +__NR_nfsservctl = Constant('__NR_nfsservctl',42) +__NR_statfs = Constant('__NR_statfs',43) +__NR_fstatfs = Constant('__NR_fstatfs',44) +__NR_truncate = Constant('__NR_truncate',45) +__NR_ftruncate = Constant('__NR_ftruncate',46) +__NR_fallocate = Constant('__NR_fallocate',47) +__NR_faccessat = Constant('__NR_faccessat',48) +__NR_chdir = Constant('__NR_chdir',49) +__NR_fchdir = Constant('__NR_fchdir',50) +__NR_chroot = Constant('__NR_chroot',51) +__NR_fchmod = Constant('__NR_fchmod',52) +__NR_fchmodat = Constant('__NR_fchmodat',53) +__NR_fchownat = Constant('__NR_fchownat',54) +__NR_fchown = Constant('__NR_fchown',55) +__NR_openat = Constant('__NR_openat',56) +__NR_close = Constant('__NR_close',57) +__NR_vhangup = Constant('__NR_vhangup',58) +__NR_pipe2 = Constant('__NR_pipe2',59) +__NR_quotactl = Constant('__NR_quotactl',60) +__NR_getdents64 = Constant('__NR_getdents64',61) +__NR_lseek = Constant('__NR_lseek',62) +__NR_read = Constant('__NR_read',63) +__NR_write = Constant('__NR_write',64) +__NR_readv = Constant('__NR_readv',65) +__NR_writev = Constant('__NR_writev',66) +__NR_pread64 = Constant('__NR_pread64',67) +__NR_pwrite64 = Constant('__NR_pwrite64',68) +__NR_preadv = Constant('__NR_preadv',69) +__NR_pwritev = Constant('__NR_pwritev',70) +__NR_sendfile = Constant('__NR_sendfile',71) +__NR_pselect6 = Constant('__NR_pselect6',72) +__NR_ppoll = Constant('__NR_ppoll',73) +__NR_signalfd4 = Constant('__NR_signalfd4',74) +__NR_vmsplice = Constant('__NR_vmsplice',75) +__NR_splice = Constant('__NR_splice',76) +__NR_tee = Constant('__NR_tee',77) +__NR_readlinkat = Constant('__NR_readlinkat',78) +__NR_newfstatat = Constant('__NR_newfstatat',79) +__NR_fstat = Constant('__NR_fstat',80) +__NR_sync = Constant('__NR_sync',81) +__NR_fsync = Constant('__NR_fsync',82) +__NR_fdatasync = Constant('__NR_fdatasync',83) +__NR_sync_file_range = Constant('__NR_sync_file_range',84) +__NR_timerfd_create = Constant('__NR_timerfd_create',85) +__NR_timerfd_settime = Constant('__NR_timerfd_settime',86) +__NR_timerfd_gettime = Constant('__NR_timerfd_gettime',87) +__NR_utimensat = Constant('__NR_utimensat',88) +__NR_acct = Constant('__NR_acct',89) +__NR_capget = Constant('__NR_capget',90) +__NR_capset = Constant('__NR_capset',91) +__NR_personality = Constant('__NR_personality',92) +__NR_exit = Constant('__NR_exit',93) +__NR_exit_group = Constant('__NR_exit_group',94) +__NR_waitid = Constant('__NR_waitid',95) +__NR_set_tid_address = Constant('__NR_set_tid_address',96) +__NR_unshare = Constant('__NR_unshare',97) +__NR_futex = Constant('__NR_futex',98) +__NR_set_robust_list = Constant('__NR_set_robust_list',99) +__NR_get_robust_list = Constant('__NR_get_robust_list',100) +__NR_nanosleep = Constant('__NR_nanosleep',101) +__NR_getitimer = Constant('__NR_getitimer',102) +__NR_setitimer = Constant('__NR_setitimer',103) +__NR_kexec_load = Constant('__NR_kexec_load',104) +__NR_init_module = Constant('__NR_init_module',105) +__NR_delete_module = Constant('__NR_delete_module',106) +__NR_timer_create = Constant('__NR_timer_create',107) +__NR_timer_gettime = Constant('__NR_timer_gettime',108) +__NR_timer_getoverrun = Constant('__NR_timer_getoverrun',109) +__NR_timer_settime = Constant('__NR_timer_settime',110) +__NR_timer_delete = Constant('__NR_timer_delete',111) +__NR_clock_settime = Constant('__NR_clock_settime',112) +__NR_clock_gettime = Constant('__NR_clock_gettime',113) +__NR_clock_getres = Constant('__NR_clock_getres',114) +__NR_clock_nanosleep = Constant('__NR_clock_nanosleep',115) +__NR_syslog = Constant('__NR_syslog',116) +__NR_ptrace = Constant('__NR_ptrace',117) +__NR_sched_setparam = Constant('__NR_sched_setparam',118) +__NR_sched_setscheduler = Constant('__NR_sched_setscheduler',119) +__NR_sched_getscheduler = Constant('__NR_sched_getscheduler',120) +__NR_sched_getparam = Constant('__NR_sched_getparam',121) +__NR_sched_setaffinity = Constant('__NR_sched_setaffinity',122) +__NR_sched_getaffinity = Constant('__NR_sched_getaffinity',123) +__NR_sched_yield = Constant('__NR_sched_yield',124) +__NR_sched_get_priority_max = Constant('__NR_sched_get_priority_max',125) +__NR_sched_get_priority_min = Constant('__NR_sched_get_priority_min',126) +__NR_sched_rr_get_interval = Constant('__NR_sched_rr_get_interval',127) +__NR_restart_syscall = Constant('__NR_restart_syscall',128) +__NR_kill = Constant('__NR_kill',129) +__NR_tkill = Constant('__NR_tkill',130) +__NR_tgkill = Constant('__NR_tgkill',131) +__NR_sigaltstack = Constant('__NR_sigaltstack',132) +__NR_rt_sigsuspend = Constant('__NR_rt_sigsuspend',133) +__NR_rt_sigaction = Constant('__NR_rt_sigaction',134) +__NR_rt_sigprocmask = Constant('__NR_rt_sigprocmask',135) +__NR_rt_sigpending = Constant('__NR_rt_sigpending',136) +__NR_rt_sigtimedwait = Constant('__NR_rt_sigtimedwait',137) +__NR_rt_sigqueueinfo = Constant('__NR_rt_sigqueueinfo',138) +__NR_rt_sigreturn = Constant('__NR_rt_sigreturn',139) +__NR_setpriority = Constant('__NR_setpriority',140) +__NR_getpriority = Constant('__NR_getpriority',141) +__NR_reboot = Constant('__NR_reboot',142) +__NR_setregid = Constant('__NR_setregid',143) +__NR_setgid = Constant('__NR_setgid',144) +__NR_setreuid = Constant('__NR_setreuid',145) +__NR_setuid = Constant('__NR_setuid',146) +__NR_setresuid = Constant('__NR_setresuid',147) +__NR_getresuid = Constant('__NR_getresuid',148) +__NR_setresgid = Constant('__NR_setresgid',149) +__NR_getresgid = Constant('__NR_getresgid',150) +__NR_setfsuid = Constant('__NR_setfsuid',151) +__NR_setfsgid = Constant('__NR_setfsgid',152) +__NR_times = Constant('__NR_times',153) +__NR_setpgid = Constant('__NR_setpgid',154) +__NR_getpgid = Constant('__NR_getpgid',155) +__NR_getsid = Constant('__NR_getsid',156) +__NR_setsid = Constant('__NR_setsid',157) +__NR_getgroups = Constant('__NR_getgroups',158) +__NR_setgroups = Constant('__NR_setgroups',159) +__NR_uname = Constant('__NR_uname',160) +__NR_sethostname = Constant('__NR_sethostname',161) +__NR_setdomainname = Constant('__NR_setdomainname',162) +__NR_getrlimit = Constant('__NR_getrlimit',163) +__NR_setrlimit = Constant('__NR_setrlimit',164) +__NR_getrusage = Constant('__NR_getrusage',165) +__NR_umask = Constant('__NR_umask',166) +__NR_prctl = Constant('__NR_prctl',167) +__NR_getcpu = Constant('__NR_getcpu',168) +__NR_gettimeofday = Constant('__NR_gettimeofday',169) +__NR_settimeofday = Constant('__NR_settimeofday',170) +__NR_adjtimex = Constant('__NR_adjtimex',171) +__NR_getpid = Constant('__NR_getpid',172) +__NR_getppid = Constant('__NR_getppid',173) +__NR_getuid = Constant('__NR_getuid',174) +__NR_geteuid = Constant('__NR_geteuid',175) +__NR_getgid = Constant('__NR_getgid',176) +__NR_getegid = Constant('__NR_getegid',177) +__NR_gettid = Constant('__NR_gettid',178) +__NR_sysinfo = Constant('__NR_sysinfo',179) +__NR_mq_open = Constant('__NR_mq_open',180) +__NR_mq_unlink = Constant('__NR_mq_unlink',181) +__NR_mq_timedsend = Constant('__NR_mq_timedsend',182) +__NR_mq_timedreceive = Constant('__NR_mq_timedreceive',183) +__NR_mq_notify = Constant('__NR_mq_notify',184) +__NR_mq_getsetattr = Constant('__NR_mq_getsetattr',185) +__NR_msgget = Constant('__NR_msgget',186) +__NR_msgctl = Constant('__NR_msgctl',187) +__NR_msgrcv = Constant('__NR_msgrcv',188) +__NR_msgsnd = Constant('__NR_msgsnd',189) +__NR_semget = Constant('__NR_semget',190) +__NR_semctl = Constant('__NR_semctl',191) +__NR_semtimedop = Constant('__NR_semtimedop',192) +__NR_semop = Constant('__NR_semop',193) +__NR_shmget = Constant('__NR_shmget',194) +__NR_shmctl = Constant('__NR_shmctl',195) +__NR_shmat = Constant('__NR_shmat',196) +__NR_shmdt = Constant('__NR_shmdt',197) +__NR_socket = Constant('__NR_socket',198) +__NR_socketpair = Constant('__NR_socketpair',199) +__NR_bind = Constant('__NR_bind',200) +__NR_listen = Constant('__NR_listen',201) +__NR_accept = Constant('__NR_accept',202) +__NR_connect = Constant('__NR_connect',203) +__NR_getsockname = Constant('__NR_getsockname',204) +__NR_getpeername = Constant('__NR_getpeername',205) +__NR_sendto = Constant('__NR_sendto',206) +__NR_recvfrom = Constant('__NR_recvfrom',207) +__NR_setsockopt = Constant('__NR_setsockopt',208) +__NR_getsockopt = Constant('__NR_getsockopt',209) +__NR_shutdown = Constant('__NR_shutdown',210) +__NR_sendmsg = Constant('__NR_sendmsg',211) +__NR_recvmsg = Constant('__NR_recvmsg',212) +__NR_readahead = Constant('__NR_readahead',213) +__NR_brk = Constant('__NR_brk',214) +__NR_munmap = Constant('__NR_munmap',215) +__NR_mremap = Constant('__NR_mremap',216) +__NR_add_key = Constant('__NR_add_key',217) +__NR_request_key = Constant('__NR_request_key',218) +__NR_keyctl = Constant('__NR_keyctl',219) +__NR_clone = Constant('__NR_clone',220) +__NR_execve = Constant('__NR_execve',221) +__NR_mmap = Constant('__NR_mmap',222) +__NR_fadvise64 = Constant('__NR_fadvise64',223) +__NR_swapon = Constant('__NR_swapon',224) +__NR_swapoff = Constant('__NR_swapoff',225) +__NR_mprotect = Constant('__NR_mprotect',226) +__NR_msync = Constant('__NR_msync',227) +__NR_mlock = Constant('__NR_mlock',228) +__NR_munlock = Constant('__NR_munlock',229) +__NR_mlockall = Constant('__NR_mlockall',230) +__NR_munlockall = Constant('__NR_munlockall',231) +__NR_mincore = Constant('__NR_mincore',232) +__NR_madvise = Constant('__NR_madvise',233) +__NR_remap_file_pages = Constant('__NR_remap_file_pages',234) +__NR_mbind = Constant('__NR_mbind',235) +__NR_get_mempolicy = Constant('__NR_get_mempolicy',236) +__NR_set_mempolicy = Constant('__NR_set_mempolicy',237) +__NR_migrate_pages = Constant('__NR_migrate_pages',238) +__NR_move_pages = Constant('__NR_move_pages',239) +__NR_rt_tgsigqueueinfo = Constant('__NR_rt_tgsigqueueinfo',240) +__NR_perf_event_open = Constant('__NR_perf_event_open',241) +__NR_accept4 = Constant('__NR_accept4',242) +__NR_recvmmsg = Constant('__NR_recvmmsg',243) +__NR_arch_specific_syscall = Constant('__NR_arch_specific_syscall',244) +__NR_wait4 = Constant('__NR_wait4',260) +__NR_prlimit64 = Constant('__NR_prlimit64',261) +__NR_fanotify_init = Constant('__NR_fanotify_init',262) +__NR_fanotify_mark = Constant('__NR_fanotify_mark',263) +__NR_name_to_handle_at = Constant('__NR_name_to_handle_at',264) +__NR_open_by_handle_at = Constant('__NR_open_by_handle_at',265) +__NR_clock_adjtime = Constant('__NR_clock_adjtime',266) +__NR_syncfs = Constant('__NR_syncfs',267) +__NR_setns = Constant('__NR_setns',268) +__NR_sendmmsg = Constant('__NR_sendmmsg',269) +__NR_process_vm_readv = Constant('__NR_process_vm_readv',270) +__NR_process_vm_writev = Constant('__NR_process_vm_writev',271) +__NR_kcmp = Constant('__NR_kcmp',272) +__NR_finit_module = Constant('__NR_finit_module',273) +__NR_sched_setattr = Constant('__NR_sched_setattr',274) +__NR_sched_getattr = Constant('__NR_sched_getattr',275) +__NR_renameat2 = Constant('__NR_renameat2',276) +__NR_seccomp = Constant('__NR_seccomp',277) +__NR_getrandom = Constant('__NR_getrandom',278) +__NR_memfd_create = Constant('__NR_memfd_create',279) +__NR_bpf = Constant('__NR_bpf',280) +__NR_execveat = Constant('__NR_execveat',281) +__NR_userfaultfd = Constant('__NR_userfaultfd',282) +__NR_membarrier = Constant('__NR_membarrier',283) +__NR_mlock2 = Constant('__NR_mlock2',284) +__NR_copy_file_range = Constant('__NR_copy_file_range',285) +__NR_preadv2 = Constant('__NR_preadv2',286) +__NR_pwritev2 = Constant('__NR_pwritev2',287) +__NR_pkey_mprotect = Constant('__NR_pkey_mprotect',288) +__NR_pkey_alloc = Constant('__NR_pkey_alloc',289) +__NR_pkey_free = Constant('__NR_pkey_free',290) +__NR_statx = Constant('__NR_statx',291) +__NR_io_pgetevents = Constant('__NR_io_pgetevents',292) +__NR_rseq = Constant('__NR_rseq',293) +__NR_kexec_file_load = Constant('__NR_kexec_file_load',294) +__NR_pidfd_send_signal = Constant('__NR_pidfd_send_signal',424) +__NR_io_uring_setup = Constant('__NR_io_uring_setup',425) +__NR_io_uring_enter = Constant('__NR_io_uring_enter',426) +__NR_io_uring_register = Constant('__NR_io_uring_register',427) +__NR_open_tree = Constant('__NR_open_tree',428) +__NR_move_mount = Constant('__NR_move_mount',429) +__NR_fsopen = Constant('__NR_fsopen',430) +__NR_fsconfig = Constant('__NR_fsconfig',431) +__NR_fsmount = Constant('__NR_fsmount',432) +__NR_fspick = Constant('__NR_fspick',433) +__NR_pidfd_open = Constant('__NR_pidfd_open',434) +__NR_clone3 = Constant('__NR_clone3',435) +__NR_close_range = Constant('__NR_close_range',436) +__NR_openat2 = Constant('__NR_openat2',437) +__NR_pidfd_getfd = Constant('__NR_pidfd_getfd',438) +__NR_faccessat2 = Constant('__NR_faccessat2',439) +__NR_process_madvise = Constant('__NR_process_madvise',440) +__NR_epoll_pwait2 = Constant('__NR_epoll_pwait2',441) +__NR_mount_setattr = Constant('__NR_mount_setattr',442) +__NR_landlock_create_ruleset = Constant('__NR_landlock_create_ruleset',444) +__NR_landlock_add_rule = Constant('__NR_landlock_add_rule',445) +__NR_landlock_restrict_self = Constant('__NR_landlock_restrict_self',446) +__NR_sysriscv = Constant('__NR_sysriscv',244) +__NR_riscv_flush_icache = Constant('__NR_riscv_flush_icache',(244 + 15)) +MAP_32BIT = Constant('MAP_32BIT',0x40) +INADDR_ANY = Constant('INADDR_ANY',0) +INADDR_BROADCAST = Constant('INADDR_BROADCAST',0xffffffff) +INADDR_NONE = Constant('INADDR_NONE',0xffffffff) +INADDR_LOOPBACK = Constant('INADDR_LOOPBACK',0x7f000001) +EPERM = Constant('EPERM',1) +ENOENT = Constant('ENOENT',2) +ESRCH = Constant('ESRCH',3) +EINTR = Constant('EINTR',4) +EIO = Constant('EIO',5) +ENXIO = Constant('ENXIO',6) +E2BIG = Constant('E2BIG',7) +ENOEXEC = Constant('ENOEXEC',8) +EBADF = Constant('EBADF',9) +ECHILD = Constant('ECHILD',10) +EAGAIN = Constant('EAGAIN',11) +ENOMEM = Constant('ENOMEM',12) +EACCES = Constant('EACCES',13) +EFAULT = Constant('EFAULT',14) +ENOTBLK = Constant('ENOTBLK',15) +EBUSY = Constant('EBUSY',16) +EEXIST = Constant('EEXIST',17) +EXDEV = Constant('EXDEV',18) +ENODEV = Constant('ENODEV',19) +ENOTDIR = Constant('ENOTDIR',20) +EISDIR = Constant('EISDIR',21) +EINVAL = Constant('EINVAL',22) +ENFILE = Constant('ENFILE',23) +EMFILE = Constant('EMFILE',24) +ENOTTY = Constant('ENOTTY',25) +ETXTBSY = Constant('ETXTBSY',26) +EFBIG = Constant('EFBIG',27) +ENOSPC = Constant('ENOSPC',28) +ESPIPE = Constant('ESPIPE',29) +EROFS = Constant('EROFS',30) +EMLINK = Constant('EMLINK',31) +EPIPE = Constant('EPIPE',32) +EDOM = Constant('EDOM',33) +ERANGE = Constant('ERANGE',34) +EDEADLK = Constant('EDEADLK',35) +ENAMETOOLONG = Constant('ENAMETOOLONG',36) +ENOLCK = Constant('ENOLCK',37) +ENOSYS = Constant('ENOSYS',38) +ENOTEMPTY = Constant('ENOTEMPTY',39) +ELOOP = Constant('ELOOP',40) +EWOULDBLOCK = Constant('EWOULDBLOCK',11) +ENOMSG = Constant('ENOMSG',42) +EIDRM = Constant('EIDRM',43) +ECHRNG = Constant('ECHRNG',44) +EL2NSYNC = Constant('EL2NSYNC',45) +EL3HLT = Constant('EL3HLT',46) +EL3RST = Constant('EL3RST',47) +ELNRNG = Constant('ELNRNG',48) +EUNATCH = Constant('EUNATCH',49) +ENOCSI = Constant('ENOCSI',50) +EL2HLT = Constant('EL2HLT',51) +EBADE = Constant('EBADE',52) +EBADR = Constant('EBADR',53) +EXFULL = Constant('EXFULL',54) +ENOANO = Constant('ENOANO',55) +EBADRQC = Constant('EBADRQC',56) +EBADSLT = Constant('EBADSLT',57) +EDEADLOCK = Constant('EDEADLOCK',35) +EBFONT = Constant('EBFONT',59) +ENOSTR = Constant('ENOSTR',60) +ENODATA = Constant('ENODATA',61) +ETIME = Constant('ETIME',62) +ENOSR = Constant('ENOSR',63) +ENONET = Constant('ENONET',64) +ENOPKG = Constant('ENOPKG',65) +EREMOTE = Constant('EREMOTE',66) +ENOLINK = Constant('ENOLINK',67) +EADV = Constant('EADV',68) +ESRMNT = Constant('ESRMNT',69) +ECOMM = Constant('ECOMM',70) +EPROTO = Constant('EPROTO',71) +EMULTIHOP = Constant('EMULTIHOP',72) +EDOTDOT = Constant('EDOTDOT',73) +EBADMSG = Constant('EBADMSG',74) +EOVERFLOW = Constant('EOVERFLOW',75) +ENOTUNIQ = Constant('ENOTUNIQ',76) +EBADFD = Constant('EBADFD',77) +EREMCHG = Constant('EREMCHG',78) +ELIBACC = Constant('ELIBACC',79) +ELIBBAD = Constant('ELIBBAD',80) +ELIBSCN = Constant('ELIBSCN',81) +ELIBMAX = Constant('ELIBMAX',82) +ELIBEXEC = Constant('ELIBEXEC',83) +EILSEQ = Constant('EILSEQ',84) +ERESTART = Constant('ERESTART',85) +ESTRPIPE = Constant('ESTRPIPE',86) +EUSERS = Constant('EUSERS',87) +ENOTSOCK = Constant('ENOTSOCK',88) +EDESTADDRREQ = Constant('EDESTADDRREQ',89) +EMSGSIZE = Constant('EMSGSIZE',90) +EPROTOTYPE = Constant('EPROTOTYPE',91) +ENOPROTOOPT = Constant('ENOPROTOOPT',92) +EPROTONOSUPPORT = Constant('EPROTONOSUPPORT',93) +ESOCKTNOSUPPORT = Constant('ESOCKTNOSUPPORT',94) +EOPNOTSUPP = Constant('EOPNOTSUPP',95) +ENOTSUP = Constant('ENOTSUP',95) +EPFNOSUPPORT = Constant('EPFNOSUPPORT',96) +EAFNOSUPPORT = Constant('EAFNOSUPPORT',97) +EADDRINUSE = Constant('EADDRINUSE',98) +EADDRNOTAVAIL = Constant('EADDRNOTAVAIL',99) +ENETDOWN = Constant('ENETDOWN',100) +ENETUNREACH = Constant('ENETUNREACH',101) +ENETRESET = Constant('ENETRESET',102) +ECONNABORTED = Constant('ECONNABORTED',103) +ECONNRESET = Constant('ECONNRESET',104) +ENOBUFS = Constant('ENOBUFS',105) +EISCONN = Constant('EISCONN',106) +ENOTCONN = Constant('ENOTCONN',107) +ESHUTDOWN = Constant('ESHUTDOWN',108) +ETOOMANYREFS = Constant('ETOOMANYREFS',109) +ETIMEDOUT = Constant('ETIMEDOUT',110) +ECONNREFUSED = Constant('ECONNREFUSED',111) +EHOSTDOWN = Constant('EHOSTDOWN',112) +EHOSTUNREACH = Constant('EHOSTUNREACH',113) +EALREADY = Constant('EALREADY',114) +EINPROGRESS = Constant('EINPROGRESS',115) +ESTALE = Constant('ESTALE',116) +EUCLEAN = Constant('EUCLEAN',117) +ENOTNAM = Constant('ENOTNAM',118) +ENAVAIL = Constant('ENAVAIL',119) +EISNAM = Constant('EISNAM',120) +EREMOTEIO = Constant('EREMOTEIO',121) +EDQUOT = Constant('EDQUOT',122) +ENOMEDIUM = Constant('ENOMEDIUM',123) +EMEDIUMTYPE = Constant('EMEDIUMTYPE',124) +ECANCELED = Constant('ECANCELED',125) +ENOKEY = Constant('ENOKEY',126) +EKEYEXPIRED = Constant('EKEYEXPIRED',127) +EKEYREVOKED = Constant('EKEYREVOKED',128) +EKEYREJECTED = Constant('EKEYREJECTED',129) +EOWNERDEAD = Constant('EOWNERDEAD',130) +ENOTRECOVERABLE = Constant('ENOTRECOVERABLE',131) +ERFKILL = Constant('ERFKILL',132) +EHWPOISON = Constant('EHWPOISON',133) +__SYS_NERR = Constant('__SYS_NERR',((133) + 1)) +__LITTLE_ENDIAN = Constant('__LITTLE_ENDIAN',1234) +__BIG_ENDIAN = Constant('__BIG_ENDIAN',4321) +__BYTE_ORDER = Constant('__BYTE_ORDER',4321) +__FLOAT_WORD_ORDER = Constant('__FLOAT_WORD_ORDER',4321) +LITTLE_ENDIAN = Constant('LITTLE_ENDIAN',1234) +BIG_ENDIAN = Constant('BIG_ENDIAN',4321) +BYTE_ORDER = Constant('BYTE_ORDER',4321) +__WORDSIZE = Constant('__WORDSIZE',32) +INT8_MAX = Constant('INT8_MAX',(127)) +INT16_MAX = Constant('INT16_MAX',(32767)) +INT32_MAX = Constant('INT32_MAX',(2147483647)) +INT64_MAX = Constant('INT64_MAX',(9223372036854775807)) +INT8_MIN = Constant('INT8_MIN',(-1 - (127))) +INT16_MIN = Constant('INT16_MIN',(-1 - (32767))) +INT32_MIN = Constant('INT32_MIN',(-1 - (2147483647))) +INT64_MIN = Constant('INT64_MIN',(-1 - (9223372036854775807))) +INT_LEAST8_MAX = Constant('INT_LEAST8_MAX',(127)) +INT_LEAST8_MIN = Constant('INT_LEAST8_MIN',(-1 - (127))) +INT_LEAST16_MAX = Constant('INT_LEAST16_MAX',(32767)) +INT_LEAST16_MIN = Constant('INT_LEAST16_MIN',(-1 - (32767))) +INT_LEAST32_MAX = Constant('INT_LEAST32_MAX',(2147483647)) +INT_LEAST32_MIN = Constant('INT_LEAST32_MIN',(-1 - (2147483647))) +INT_LEAST64_MAX = Constant('INT_LEAST64_MAX',(9223372036854775807)) +INT_LEAST64_MIN = Constant('INT_LEAST64_MIN',(-1 - (9223372036854775807))) +UINT8_MAX = Constant('UINT8_MAX',0xff) +UINT16_MAX = Constant('UINT16_MAX',0xffff) +UINT32_MAX = Constant('UINT32_MAX',0xffffffff) +UINT64_MAX = Constant('UINT64_MAX',0xffffffffffffffff) +UINT_LEAST8_MAX = Constant('UINT_LEAST8_MAX',0xff) +UINT_LEAST16_MAX = Constant('UINT_LEAST16_MAX',0xffff) +UINT_LEAST32_MAX = Constant('UINT_LEAST32_MAX',0xffffffff) +UINT_LEAST64_MAX = Constant('UINT_LEAST64_MAX',0xffffffffffffffff) +INTPTR_MIN = Constant('INTPTR_MIN',(-1 - (2147483647))) +INTPTR_MAX = Constant('INTPTR_MAX',(2147483647)) +UINTPTR_MAX = Constant('UINTPTR_MAX',0xffffffff) +SIZE_MAX = Constant('SIZE_MAX',0xffffffff) +PTRDIFF_MIN = Constant('PTRDIFF_MIN',(-1 - (2147483647))) +PTRDIFF_MAX = Constant('PTRDIFF_MAX',(2147483647)) +INTMAX_MIN = Constant('INTMAX_MIN',(-1 - (9223372036854775807))) +INTMAX_MAX = Constant('INTMAX_MAX',(9223372036854775807)) +UINTMAX_MAX = Constant('UINTMAX_MAX',0xffffffffffffffff) +INT_FAST8_MIN = Constant('INT_FAST8_MIN',(-1 - (127))) +INT_FAST8_MAX = Constant('INT_FAST8_MAX',(127)) +INT_FAST64_MIN = Constant('INT_FAST64_MIN',(-1 - (9223372036854775807))) +INT_FAST64_MAX = Constant('INT_FAST64_MAX',(9223372036854775807)) +UINT_FAST8_MAX = Constant('UINT_FAST8_MAX',0xff) +UINT_FAST64_MAX = Constant('UINT_FAST64_MAX',0xffffffffffffffff) +INT_FAST16_MIN = Constant('INT_FAST16_MIN',(-1 - (2147483647))) +INT_FAST16_MAX = Constant('INT_FAST16_MAX',(2147483647)) +UINT_FAST16_MAX = Constant('UINT_FAST16_MAX',0xffffffff) +INT_FAST32_MIN = Constant('INT_FAST32_MIN',(-1 - (2147483647))) +INT_FAST32_MAX = Constant('INT_FAST32_MAX',(2147483647)) +UINT_FAST32_MAX = Constant('UINT_FAST32_MAX',0xffffffff) +WINT_MIN = Constant('WINT_MIN',0) +__FSUID_H = Constant('__FSUID_H',1) +NSIG = Constant('NSIG',32) +_NSIG = Constant('_NSIG',65) +SIGHUP = Constant('SIGHUP',1) +SIGINT = Constant('SIGINT',2) +SIGQUIT = Constant('SIGQUIT',3) +SIGILL = Constant('SIGILL',4) +SIGTRAP = Constant('SIGTRAP',5) +SIGABRT = Constant('SIGABRT',6) +SIGIOT = Constant('SIGIOT',6) +SIGFPE = Constant('SIGFPE',8) +SIGKILL = Constant('SIGKILL',9) +SIGSEGV = Constant('SIGSEGV',11) +SIGPIPE = Constant('SIGPIPE',13) +SIGALRM = Constant('SIGALRM',14) +SIGTERM = Constant('SIGTERM',15) +SIGUNUSED = Constant('SIGUNUSED',31) +SIGRTMIN = Constant('SIGRTMIN',32) +SIGRTMAX = Constant('SIGRTMAX',(65-1)) +SA_NOCLDSTOP = Constant('SA_NOCLDSTOP',0x00000001) +SA_NOCLDWAIT = Constant('SA_NOCLDWAIT',0x00000002) +SA_SIGINFO = Constant('SA_SIGINFO',0x00000004) +SA_RESTORER = Constant('SA_RESTORER',0x04000000) +SA_ONSTACK = Constant('SA_ONSTACK',0x08000000) +SA_RESTART = Constant('SA_RESTART',0x10000000) +SA_INTERRUPT = Constant('SA_INTERRUPT',0x20000000) +SA_NODEFER = Constant('SA_NODEFER',0x40000000) +SA_RESETHAND = Constant('SA_RESETHAND',0x80000000) +SA_NOMASK = Constant('SA_NOMASK',0x40000000) +SA_ONESHOT = Constant('SA_ONESHOT',0x80000000) +SS_ONSTACK = Constant('SS_ONSTACK',1) +SS_DISABLE = Constant('SS_DISABLE',2) +MINSIGSTKSZ = Constant('MINSIGSTKSZ',2048) +SIGSTKSZ = Constant('SIGSTKSZ',8192) +SIG_BLOCK = Constant('SIG_BLOCK',0) +SIG_UNBLOCK = Constant('SIG_UNBLOCK',1) +SIG_SETMASK = Constant('SIG_SETMASK',2) +SI_MAX_SIZE = Constant('SI_MAX_SIZE',128) +SIGEV_SIGNAL = Constant('SIGEV_SIGNAL',0) +SIGEV_NONE = Constant('SIGEV_NONE',1) +SIGEV_THREAD = Constant('SIGEV_THREAD',2) +SIGEV_THREAD_ID = Constant('SIGEV_THREAD_ID',4) +SIGEV_MAX_SIZE = Constant('SIGEV_MAX_SIZE',64) +_SYS_TIME_H = Constant('_SYS_TIME_H',1) +ITIMER_REAL = Constant('ITIMER_REAL',0) +ITIMER_VIRTUAL = Constant('ITIMER_VIRTUAL',1) +ITIMER_PROF = Constant('ITIMER_PROF',2) +FD_SETSIZE = Constant('FD_SETSIZE',1024) +R_OK = Constant('R_OK',4) +W_OK = Constant('W_OK',2) +X_OK = Constant('X_OK',1) +F_OK = Constant('F_OK',0) +SEEK_SET = Constant('SEEK_SET',0) +SEEK_CUR = Constant('SEEK_CUR',1) +SEEK_END = Constant('SEEK_END',2) +STDIN_FILENO = Constant('STDIN_FILENO',0) +STDOUT_FILENO = Constant('STDOUT_FILENO',1) +STDERR_FILENO = Constant('STDERR_FILENO',2) +_CS_PATH = Constant('_CS_PATH',1) +_SC_CLK_TCK = Constant('_SC_CLK_TCK',1) +_SC_ARG_MAX = Constant('_SC_ARG_MAX',2) +_SC_NGROUPS_MAX = Constant('_SC_NGROUPS_MAX',3) +_SC_OPEN_MAX = Constant('_SC_OPEN_MAX',4) +_SC_PAGESIZE = Constant('_SC_PAGESIZE',5) +_SC_NPROCESSORS_ONLN = Constant('_SC_NPROCESSORS_ONLN',6) +_SC_NPROCESSORS_CONF = Constant('_SC_NPROCESSORS_CONF',6) +_SC_PHYS_PAGES = Constant('_SC_PHYS_PAGES',7) +_SC_GETPW_R_SIZE_MAX = Constant('_SC_GETPW_R_SIZE_MAX',8) +_SC_GETGR_R_SIZE_MAX = Constant('_SC_GETGR_R_SIZE_MAX',9) +_PC_PATH_MAX = Constant('_PC_PATH_MAX',1) +_PC_VDISABLE = Constant('_PC_VDISABLE',2) +L_cuserid = Constant('L_cuserid',17) +_POSIX_VERSION = Constant('_POSIX_VERSION',199506) +F_ULOCK = Constant('F_ULOCK',0) +F_LOCK = Constant('F_LOCK',1) +F_TLOCK = Constant('F_TLOCK',2) +F_TEST = Constant('F_TEST',3) +_POSIX_MAPPED_FILES = Constant('_POSIX_MAPPED_FILES',200809) +S_IFMT = Constant('S_IFMT',0o0170000) +S_IFSOCK = Constant('S_IFSOCK',0o140000) +S_IFLNK = Constant('S_IFLNK',0o120000) +S_IFREG = Constant('S_IFREG',0o100000) +S_IFBLK = Constant('S_IFBLK',0o060000) +S_IFDIR = Constant('S_IFDIR',0o040000) +S_IFCHR = Constant('S_IFCHR',0o020000) +S_IFIFO = Constant('S_IFIFO',0o010000) +S_ISUID = Constant('S_ISUID',0o004000) +S_ISGID = Constant('S_ISGID',0o002000) +S_ISVTX = Constant('S_ISVTX',0o001000) +S_IRWXU = Constant('S_IRWXU',0o0700) +S_IRUSR = Constant('S_IRUSR',0o0400) +S_IWUSR = Constant('S_IWUSR',0o0200) +S_IXUSR = Constant('S_IXUSR',0o0100) +S_IRWXG = Constant('S_IRWXG',0o0070) +S_IRGRP = Constant('S_IRGRP',0o0040) +S_IWGRP = Constant('S_IWGRP',0o0020) +S_IXGRP = Constant('S_IXGRP',0o0010) +S_IRWXO = Constant('S_IRWXO',0o0007) +S_IROTH = Constant('S_IROTH',0o0004) +S_IWOTH = Constant('S_IWOTH',0o0002) +S_IXOTH = Constant('S_IXOTH',0o0001) +S_IREAD = Constant('S_IREAD',0o0400) +S_IWRITE = Constant('S_IWRITE',0o0200) +S_IEXEC = Constant('S_IEXEC',0o0100) +_SYS_UIO = Constant('_SYS_UIO',1) +SOL_SOCKET = Constant('SOL_SOCKET',1) +SO_DEBUG = Constant('SO_DEBUG',1) +SO_REUSEADDR = Constant('SO_REUSEADDR',2) +SO_TYPE = Constant('SO_TYPE',3) +SO_ERROR = Constant('SO_ERROR',4) +SO_DONTROUTE = Constant('SO_DONTROUTE',5) +SO_BROADCAST = Constant('SO_BROADCAST',6) +SO_SNDBUF = Constant('SO_SNDBUF',7) +SO_RCVBUF = Constant('SO_RCVBUF',8) +SO_KEEPALIVE = Constant('SO_KEEPALIVE',9) +SO_OOBINLINE = Constant('SO_OOBINLINE',10) +SO_NO_CHECK = Constant('SO_NO_CHECK',11) +SO_PRIORITY = Constant('SO_PRIORITY',12) +SO_LINGER = Constant('SO_LINGER',13) +SO_BSDCOMPAT = Constant('SO_BSDCOMPAT',14) +SO_REUSEPORT = Constant('SO_REUSEPORT',15) +SO_PASSCRED = Constant('SO_PASSCRED',16) +SO_PEERCRED = Constant('SO_PEERCRED',17) +SO_RCVLOWAT = Constant('SO_RCVLOWAT',18) +SO_SNDLOWAT = Constant('SO_SNDLOWAT',19) +SO_RCVTIMEO = Constant('SO_RCVTIMEO',20) +SO_SNDTIMEO = Constant('SO_SNDTIMEO',21) +SO_SECURITY_AUTHENTICATION = Constant('SO_SECURITY_AUTHENTICATION',22) +SO_SECURITY_ENCRYPTION_TRANSPORT = Constant('SO_SECURITY_ENCRYPTION_TRANSPORT',23) +SO_SECURITY_ENCRYPTION_NETWORK = Constant('SO_SECURITY_ENCRYPTION_NETWORK',24) +SO_BINDTODEVICE = Constant('SO_BINDTODEVICE',25) +SO_ATTACH_FILTER = Constant('SO_ATTACH_FILTER',26) +SO_DETACH_FILTER = Constant('SO_DETACH_FILTER',27) +SO_GET_FILTER = Constant('SO_GET_FILTER',26) +SO_PEERNAME = Constant('SO_PEERNAME',28) +SO_TIMESTAMP = Constant('SO_TIMESTAMP',29) +SCM_TIMESTAMP = Constant('SCM_TIMESTAMP',29) +SO_ACCEPTCONN = Constant('SO_ACCEPTCONN',30) +SO_PEERSEC = Constant('SO_PEERSEC',31) +SO_SNDBUFFORCE = Constant('SO_SNDBUFFORCE',32) +SO_RCVBUFFORCE = Constant('SO_RCVBUFFORCE',33) +SO_PASSSEC = Constant('SO_PASSSEC',34) +SO_TIMESTAMPNS = Constant('SO_TIMESTAMPNS',35) +SCM_TIMESTAMPNS = Constant('SCM_TIMESTAMPNS',35) +SO_MARK = Constant('SO_MARK',36) +SO_TIMESTAMPING = Constant('SO_TIMESTAMPING',37) +SCM_TIMESTAMPING = Constant('SCM_TIMESTAMPING',37) +SO_PROTOCOL = Constant('SO_PROTOCOL',38) +SO_DOMAIN = Constant('SO_DOMAIN',39) +SO_RXQ_OVFL = Constant('SO_RXQ_OVFL',40) +SO_WIFI_STATUS = Constant('SO_WIFI_STATUS',41) +SCM_WIFI_STATUS = Constant('SCM_WIFI_STATUS',41) +SO_PEEK_OFF = Constant('SO_PEEK_OFF',42) +SO_NOFCS = Constant('SO_NOFCS',43) +SO_LOCK_FILTER = Constant('SO_LOCK_FILTER',44) +SO_SELECT_ERR_QUEUE = Constant('SO_SELECT_ERR_QUEUE',45) +SO_BUSY_POLL = Constant('SO_BUSY_POLL',46) +SO_MAX_PACING_RATE = Constant('SO_MAX_PACING_RATE',47) +SO_BPF_EXTENSIONS = Constant('SO_BPF_EXTENSIONS',48) +SO_INCOMING_CPU = Constant('SO_INCOMING_CPU',49) +SO_ATTACH_BPF = Constant('SO_ATTACH_BPF',50) +SO_DETACH_BPF = Constant('SO_DETACH_BPF',27) +SO_ATTACH_REUSEPORT_CBPF = Constant('SO_ATTACH_REUSEPORT_CBPF',51) +SO_ATTACH_REUSEPORT_EBPF = Constant('SO_ATTACH_REUSEPORT_EBPF',52) +SO_CNX_ADVICE = Constant('SO_CNX_ADVICE',53) +SCM_TIMESTAMPING_OPT_STATS = Constant('SCM_TIMESTAMPING_OPT_STATS',54) +SO_MEMINFO = Constant('SO_MEMINFO',55) +SO_INCOMING_NAPI_ID = Constant('SO_INCOMING_NAPI_ID',56) +SO_COOKIE = Constant('SO_COOKIE',57) +SCM_TIMESTAMPING_PKTINFO = Constant('SCM_TIMESTAMPING_PKTINFO',58) +SO_PEERGROUPS = Constant('SO_PEERGROUPS',59) +SO_ZEROCOPY = Constant('SO_ZEROCOPY',60) +SOCK_STREAM = Constant('SOCK_STREAM',1) +SOCK_DGRAM = Constant('SOCK_DGRAM',2) +SOCK_RAW = Constant('SOCK_RAW',3) +SOCK_RDM = Constant('SOCK_RDM',4) +SOCK_SEQPACKET = Constant('SOCK_SEQPACKET',5) +SOCK_DCCP = Constant('SOCK_DCCP',6) +SOCK_PACKET = Constant('SOCK_PACKET',10) +UIO_FASTIOV = Constant('UIO_FASTIOV',8) +UIO_MAXIOV = Constant('UIO_MAXIOV',1024) +SCM_RIGHTS = Constant('SCM_RIGHTS',0x01) +SCM_CREDENTIALS = Constant('SCM_CREDENTIALS',0x02) +SCM_CONNECT = Constant('SCM_CONNECT',0x03) +AF_UNSPEC = Constant('AF_UNSPEC',0) +AF_UNIX = Constant('AF_UNIX',1) +AF_LOCAL = Constant('AF_LOCAL',1) +AF_INET = Constant('AF_INET',2) +AF_AX25 = Constant('AF_AX25',3) +AF_IPX = Constant('AF_IPX',4) +AF_APPLETALK = Constant('AF_APPLETALK',5) +AF_NETROM = Constant('AF_NETROM',6) +AF_BRIDGE = Constant('AF_BRIDGE',7) +AF_ATMPVC = Constant('AF_ATMPVC',8) +AF_X25 = Constant('AF_X25',9) +AF_INET6 = Constant('AF_INET6',10) +AF_ROSE = Constant('AF_ROSE',11) +AF_DECnet = Constant('AF_DECnet',12) +AF_NETBEUI = Constant('AF_NETBEUI',13) +AF_SECURITY = Constant('AF_SECURITY',14) +AF_KEY = Constant('AF_KEY',15) +AF_NETLINK = Constant('AF_NETLINK',16) +AF_ROUTE = Constant('AF_ROUTE',16) +AF_PACKET = Constant('AF_PACKET',17) +AF_ASH = Constant('AF_ASH',18) +AF_ECONET = Constant('AF_ECONET',19) +AF_ATMSVC = Constant('AF_ATMSVC',20) +AF_SNA = Constant('AF_SNA',22) +AF_IRDA = Constant('AF_IRDA',23) +AF_PPPOX = Constant('AF_PPPOX',24) +AF_WANPIPE = Constant('AF_WANPIPE',25) +AF_LLC = Constant('AF_LLC',26) +AF_IB = Constant('AF_IB',27) +AF_MPLS = Constant('AF_MPLS',28) +AF_CAN = Constant('AF_CAN',29) +AF_TIPC = Constant('AF_TIPC',30) +AF_BLUETOOTH = Constant('AF_BLUETOOTH',31) +AF_IUCV = Constant('AF_IUCV',32) +AF_RXRPC = Constant('AF_RXRPC',33) +AF_ISDN = Constant('AF_ISDN',34) +AF_PHONET = Constant('AF_PHONET',35) +AF_IEEE802154 = Constant('AF_IEEE802154',36) +AF_CAIF = Constant('AF_CAIF',37) +AF_ALG = Constant('AF_ALG',38) +AF_NFC = Constant('AF_NFC',39) +AF_VSOCK = Constant('AF_VSOCK',40) +AF_KCM = Constant('AF_KCM',41) +AF_QIPCRTR = Constant('AF_QIPCRTR',42) +AF_SMC = Constant('AF_SMC',43) +AF_MAX = Constant('AF_MAX',44) +PF_UNSPEC = Constant('PF_UNSPEC',0) +PF_UNIX = Constant('PF_UNIX',1) +PF_LOCAL = Constant('PF_LOCAL',1) +PF_INET = Constant('PF_INET',2) +PF_AX25 = Constant('PF_AX25',3) +PF_IPX = Constant('PF_IPX',4) +PF_APPLETALK = Constant('PF_APPLETALK',5) +PF_NETROM = Constant('PF_NETROM',6) +PF_BRIDGE = Constant('PF_BRIDGE',7) +PF_ATMPVC = Constant('PF_ATMPVC',8) +PF_X25 = Constant('PF_X25',9) +PF_INET6 = Constant('PF_INET6',10) +PF_ROSE = Constant('PF_ROSE',11) +PF_DECnet = Constant('PF_DECnet',12) +PF_NETBEUI = Constant('PF_NETBEUI',13) +PF_SECURITY = Constant('PF_SECURITY',14) +PF_KEY = Constant('PF_KEY',15) +PF_NETLINK = Constant('PF_NETLINK',16) +PF_ROUTE = Constant('PF_ROUTE',16) +PF_PACKET = Constant('PF_PACKET',17) +PF_ASH = Constant('PF_ASH',18) +PF_ECONET = Constant('PF_ECONET',19) +PF_ATMSVC = Constant('PF_ATMSVC',20) +PF_SNA = Constant('PF_SNA',22) +PF_IRDA = Constant('PF_IRDA',23) +PF_PPPOX = Constant('PF_PPPOX',24) +PF_WANPIPE = Constant('PF_WANPIPE',25) +PF_LLC = Constant('PF_LLC',26) +PF_IB = Constant('PF_IB',27) +PF_MPLS = Constant('PF_MPLS',28) +PF_CAN = Constant('PF_CAN',29) +PF_TIPC = Constant('PF_TIPC',30) +PF_BLUETOOTH = Constant('PF_BLUETOOTH',31) +PF_IUCV = Constant('PF_IUCV',32) +PF_RXRPC = Constant('PF_RXRPC',33) +PF_ISDN = Constant('PF_ISDN',34) +PF_PHONET = Constant('PF_PHONET',35) +PF_IEEE802154 = Constant('PF_IEEE802154',36) +PF_CAIF = Constant('PF_CAIF',37) +PF_ALG = Constant('PF_ALG',38) +PF_NFC = Constant('PF_NFC',39) +PF_VSOCK = Constant('PF_VSOCK',40) +PF_KCM = Constant('PF_KCM',41) +PF_QIPCRTR = Constant('PF_QIPCRTR',42) +PF_SMC = Constant('PF_SMC',43) +PF_MAX = Constant('PF_MAX',44) +SOMAXCONN = Constant('SOMAXCONN',128) +MSG_OOB = Constant('MSG_OOB',1) +MSG_PEEK = Constant('MSG_PEEK',2) +MSG_DONTROUTE = Constant('MSG_DONTROUTE',4) +MSG_TRYHARD = Constant('MSG_TRYHARD',4) +MSG_CTRUNC = Constant('MSG_CTRUNC',8) +MSG_PROBE = Constant('MSG_PROBE',0x10) +MSG_TRUNC = Constant('MSG_TRUNC',0x20) +MSG_DONTWAIT = Constant('MSG_DONTWAIT',0x40) +MSG_EOR = Constant('MSG_EOR',0x80) +MSG_WAITALL = Constant('MSG_WAITALL',0x100) +MSG_FIN = Constant('MSG_FIN',0x200) +MSG_SYN = Constant('MSG_SYN',0x400) +MSG_CONFIRM = Constant('MSG_CONFIRM',0x800) +MSG_RST = Constant('MSG_RST',0x1000) +MSG_ERRQUEUE = Constant('MSG_ERRQUEUE',0x2000) +MSG_NOSIGNAL = Constant('MSG_NOSIGNAL',0x4000) +MSG_MORE = Constant('MSG_MORE',0x8000) +MSG_WAITFORONE = Constant('MSG_WAITFORONE',0x10000) +MSG_SENDPAGE_NOTLAST = Constant('MSG_SENDPAGE_NOTLAST',0x20000) +MSG_BATCH = Constant('MSG_BATCH',0x40000) +MSG_EOF = Constant('MSG_EOF',0x200) +MSG_ZEROCOPY = Constant('MSG_ZEROCOPY',0x4000000) +MSG_FASTOPEN = Constant('MSG_FASTOPEN',0x20000000) +MSG_CMSG_CLOEXEC = Constant('MSG_CMSG_CLOEXEC',0x40000000) +SOL_IP = Constant('SOL_IP',0) +SOL_TCP = Constant('SOL_TCP',6) +SOL_UDP = Constant('SOL_UDP',17) +SOL_IPV6 = Constant('SOL_IPV6',41) +SOL_ICMPV6 = Constant('SOL_ICMPV6',58) +SOL_SCTP = Constant('SOL_SCTP',132) +SOL_UDPLITE = Constant('SOL_UDPLITE',136) +SOL_RAW = Constant('SOL_RAW',255) +SOL_IPX = Constant('SOL_IPX',256) +SOL_AX25 = Constant('SOL_AX25',257) +SOL_ATALK = Constant('SOL_ATALK',258) +SOL_NETROM = Constant('SOL_NETROM',259) +SOL_ROSE = Constant('SOL_ROSE',260) +SOL_DECNET = Constant('SOL_DECNET',261) +SOL_X25 = Constant('SOL_X25',262) +SOL_PACKET = Constant('SOL_PACKET',263) +SOL_ATM = Constant('SOL_ATM',264) +SOL_AAL = Constant('SOL_AAL',265) +SOL_IRDA = Constant('SOL_IRDA',266) +SOL_NETBEUI = Constant('SOL_NETBEUI',267) +SOL_LLC = Constant('SOL_LLC',268) +SOL_DCCP = Constant('SOL_DCCP',269) +SOL_NETLINK = Constant('SOL_NETLINK',270) +SOL_TIPC = Constant('SOL_TIPC',271) +SOL_RXRPC = Constant('SOL_RXRPC',272) +SOL_PPPOL2TP = Constant('SOL_PPPOL2TP',273) +SOL_BLUETOOTH = Constant('SOL_BLUETOOTH',274) +SOL_PNPIPE = Constant('SOL_PNPIPE',275) +SOL_RDS = Constant('SOL_RDS',276) +SOL_IUCV = Constant('SOL_IUCV',277) +SOL_CAIF = Constant('SOL_CAIF',278) +SOL_ALG = Constant('SOL_ALG',279) +SOL_NFC = Constant('SOL_NFC',280) +SOL_KCM = Constant('SOL_KCM',281) +SOL_TLS = Constant('SOL_TLS',282) +IPX_TYPE = Constant('IPX_TYPE',1) +SHUT_RD = Constant('SHUT_RD',0) +SHUT_WR = Constant('SHUT_WR',1) +SHUT_RDWR = Constant('SHUT_RDWR',2) +NI_NOFQDN = Constant('NI_NOFQDN',1) +NI_NUMERICHOST = Constant('NI_NUMERICHOST',2) +NI_NAMEREQD = Constant('NI_NAMEREQD',4) +NI_NUMERICSERV = Constant('NI_NUMERICSERV',8) +NI_DGRAM = Constant('NI_DGRAM',16) +EAI_FAMILY = Constant('EAI_FAMILY',-1) +EAI_SOCKTYPE = Constant('EAI_SOCKTYPE',-2) +EAI_BADFLAGS = Constant('EAI_BADFLAGS',-3) +EAI_NONAME = Constant('EAI_NONAME',-4) +EAI_SERVICE = Constant('EAI_SERVICE',-5) +EAI_ADDRFAMILY = Constant('EAI_ADDRFAMILY',-6) +EAI_NODATA = Constant('EAI_NODATA',-7) +EAI_MEMORY = Constant('EAI_MEMORY',-8) +EAI_FAIL = Constant('EAI_FAIL',-9) +EAI_AGAIN = Constant('EAI_AGAIN',-10) +EAI_SYSTEM = Constant('EAI_SYSTEM',-11) +AI_NUMERICHOST = Constant('AI_NUMERICHOST',1) +AI_CANONNAME = Constant('AI_CANONNAME',2) +AI_PASSIVE = Constant('AI_PASSIVE',4) +AI_NUMERICSERV = Constant('AI_NUMERICSERV',8) +AI_ADDRCONFIG = Constant('AI_ADDRCONFIG',16) +AI_V4MAPPED = Constant('AI_V4MAPPED',32) +AI_ALL = Constant('AI_ALL',64) +SIOCADDRT = Constant('SIOCADDRT',0x890B) +SIOCDELRT = Constant('SIOCDELRT',0x890C) +SIOCRTMSG = Constant('SIOCRTMSG',0x890D) +SIOCGIFNAME = Constant('SIOCGIFNAME',0x8910) +SIOCSIFLINK = Constant('SIOCSIFLINK',0x8911) +SIOCGIFCONF = Constant('SIOCGIFCONF',0x8912) +SIOCGIFFLAGS = Constant('SIOCGIFFLAGS',0x8913) +SIOCSIFFLAGS = Constant('SIOCSIFFLAGS',0x8914) +SIOCGIFADDR = Constant('SIOCGIFADDR',0x8915) +SIOCSIFADDR = Constant('SIOCSIFADDR',0x8916) +SIOCGIFDSTADDR = Constant('SIOCGIFDSTADDR',0x8917) +SIOCSIFDSTADDR = Constant('SIOCSIFDSTADDR',0x8918) +SIOCGIFBRDADDR = Constant('SIOCGIFBRDADDR',0x8919) +SIOCSIFBRDADDR = Constant('SIOCSIFBRDADDR',0x891a) +SIOCGIFNETMASK = Constant('SIOCGIFNETMASK',0x891b) +SIOCSIFNETMASK = Constant('SIOCSIFNETMASK',0x891c) +SIOCGIFMETRIC = Constant('SIOCGIFMETRIC',0x891d) +SIOCSIFMETRIC = Constant('SIOCSIFMETRIC',0x891e) +SIOCGIFMEM = Constant('SIOCGIFMEM',0x891f) +SIOCSIFMEM = Constant('SIOCSIFMEM',0x8920) +SIOCGIFMTU = Constant('SIOCGIFMTU',0x8921) +SIOCSIFMTU = Constant('SIOCSIFMTU',0x8922) +SIOCSIFNAME = Constant('SIOCSIFNAME',0x8923) +SIOCSIFHWADDR = Constant('SIOCSIFHWADDR',0x8924) +SIOCGIFENCAP = Constant('SIOCGIFENCAP',0x8925) +SIOCSIFENCAP = Constant('SIOCSIFENCAP',0x8926) +SIOCGIFHWADDR = Constant('SIOCGIFHWADDR',0x8927) +SIOCGIFSLAVE = Constant('SIOCGIFSLAVE',0x8929) +SIOCSIFSLAVE = Constant('SIOCSIFSLAVE',0x8930) +SIOCADDMULTI = Constant('SIOCADDMULTI',0x8931) +SIOCDELMULTI = Constant('SIOCDELMULTI',0x8932) +SIOCGIFINDEX = Constant('SIOCGIFINDEX',0x8933) +SIOGIFINDEX = Constant('SIOGIFINDEX',0x8933) +SIOCSIFPFLAGS = Constant('SIOCSIFPFLAGS',0x8934) +SIOCGIFPFLAGS = Constant('SIOCGIFPFLAGS',0x8935) +SIOCDIFADDR = Constant('SIOCDIFADDR',0x8936) +SIOCSIFHWBROADCAST = Constant('SIOCSIFHWBROADCAST',0x8937) +SIOCGIFCOUNT = Constant('SIOCGIFCOUNT',0x8938) +SIOCGIFBR = Constant('SIOCGIFBR',0x8940) +SIOCSIFBR = Constant('SIOCSIFBR',0x8941) +SIOCGIFTXQLEN = Constant('SIOCGIFTXQLEN',0x8942) +SIOCSIFTXQLEN = Constant('SIOCSIFTXQLEN',0x8943) +SIOCGIFDIVERT = Constant('SIOCGIFDIVERT',0x8944) +SIOCSIFDIVERT = Constant('SIOCSIFDIVERT',0x8945) +SIOCETHTOOL = Constant('SIOCETHTOOL',0x8946) +SIOCDARP = Constant('SIOCDARP',0x8953) +SIOCGARP = Constant('SIOCGARP',0x8954) +SIOCSARP = Constant('SIOCSARP',0x8955) +SIOCDRARP = Constant('SIOCDRARP',0x8960) +SIOCGRARP = Constant('SIOCGRARP',0x8961) +SIOCSRARP = Constant('SIOCSRARP',0x8962) +SIOCGIFMAP = Constant('SIOCGIFMAP',0x8970) +SIOCSIFMAP = Constant('SIOCSIFMAP',0x8971) +SIOCADDDLCI = Constant('SIOCADDDLCI',0x8980) +SIOCDELDLCI = Constant('SIOCDELDLCI',0x8981) +SIOCDEVPRIVATE = Constant('SIOCDEVPRIVATE',0x89F0) +F_LINUX_SPECIFIC_BASE = Constant('F_LINUX_SPECIFIC_BASE',1024) +F_SETOWN_EX = Constant('F_SETOWN_EX',15) +F_GETOWN_EX = Constant('F_GETOWN_EX',16) +F_GETOWNER_UIDS = Constant('F_GETOWNER_UIDS',17) +F_OFD_GETLK = Constant('F_OFD_GETLK',36) +F_OFD_SETLK = Constant('F_OFD_SETLK',37) +F_OFD_SETLKW = Constant('F_OFD_SETLKW',38) +F_OWNER_TID = Constant('F_OWNER_TID',0) +F_OWNER_PID = Constant('F_OWNER_PID',1) +F_OWNER_PGRP = Constant('F_OWNER_PGRP',2) +AT_FDCWD = Constant('AT_FDCWD',-100) +AT_SYMLINK_NOFOLLOW = Constant('AT_SYMLINK_NOFOLLOW',0x100) +AT_REMOVEDIR = Constant('AT_REMOVEDIR',0x200) +AT_SYMLINK_FOLLOW = Constant('AT_SYMLINK_FOLLOW',0x400) +AT_NO_AUTOMOUNT = Constant('AT_NO_AUTOMOUNT',0x800) +AT_EMPTY_PATH = Constant('AT_EMPTY_PATH',0x1000) +AT_EACCESS = Constant('AT_EACCESS',0x200) +MREMAP_MAYMOVE = Constant('MREMAP_MAYMOVE',1) +MREMAP_FIXED = Constant('MREMAP_FIXED',2) +PROT_READ = Constant('PROT_READ',0x1) +PROT_WRITE = Constant('PROT_WRITE',0x2) +PROT_EXEC = Constant('PROT_EXEC',0x4) +PROT_SEM = Constant('PROT_SEM',0x8) +PROT_NONE = Constant('PROT_NONE',0x0) +PROT_GROWSDOWN = Constant('PROT_GROWSDOWN',0x01000000) +PROT_GROWSUP = Constant('PROT_GROWSUP',0x02000000) +MAP_SHARED = Constant('MAP_SHARED',0x01) +MAP_PRIVATE = Constant('MAP_PRIVATE',0x02) +MAP_TYPE = Constant('MAP_TYPE',0xf) +MADV_REMOVE = Constant('MADV_REMOVE',9) +MADV_DONTFORK = Constant('MADV_DONTFORK',10) +MADV_DOFORK = Constant('MADV_DOFORK',11) +MADV_MERGEABLE = Constant('MADV_MERGEABLE',12) +MADV_UNMERGEABLE = Constant('MADV_UNMERGEABLE',13) +MADV_HUGEPAGE = Constant('MADV_HUGEPAGE',14) +MADV_NOHUGEPAGE = Constant('MADV_NOHUGEPAGE',15) +MADV_DONTDUMP = Constant('MADV_DONTDUMP',16) +MADV_DODUMP = Constant('MADV_DODUMP',17) +MADV_HWPOISON = Constant('MADV_HWPOISON',100) +MADV_SOFT_OFFLINE = Constant('MADV_SOFT_OFFLINE',101) +MLOCK_ONFAULT = Constant('MLOCK_ONFAULT',1) +MAP_FILE = Constant('MAP_FILE',0) +PTRACE_TRACEME = Constant('PTRACE_TRACEME',0) +PTRACE_PEEKTEXT = Constant('PTRACE_PEEKTEXT',1) +PTRACE_PEEKDATA = Constant('PTRACE_PEEKDATA',2) +PTRACE_PEEKUSR = Constant('PTRACE_PEEKUSR',3) +PTRACE_PEEKUSER = Constant('PTRACE_PEEKUSER',3) +PTRACE_POKETEXT = Constant('PTRACE_POKETEXT',4) +PTRACE_POKEDATA = Constant('PTRACE_POKEDATA',5) +PTRACE_POKEUSR = Constant('PTRACE_POKEUSR',6) +PTRACE_POKEUSER = Constant('PTRACE_POKEUSER',6) +PTRACE_CONT = Constant('PTRACE_CONT',7) +PTRACE_KILL = Constant('PTRACE_KILL',8) +PTRACE_SINGLESTEP = Constant('PTRACE_SINGLESTEP',9) +PTRACE_ATTACH = Constant('PTRACE_ATTACH',0x10) +PTRACE_DETACH = Constant('PTRACE_DETACH',0x11) +PTRACE_SYSCALL = Constant('PTRACE_SYSCALL',24) +PTRACE_GETEVENTMSG = Constant('PTRACE_GETEVENTMSG',0x4201) +PTRACE_GETSIGINFO = Constant('PTRACE_GETSIGINFO',0x4202) +PTRACE_SETSIGINFO = Constant('PTRACE_SETSIGINFO',0x4203) +PTRACE_O_TRACESYSGOOD = Constant('PTRACE_O_TRACESYSGOOD',0x00000001) +PTRACE_O_TRACEFORK = Constant('PTRACE_O_TRACEFORK',0x00000002) +PTRACE_O_TRACEVFORK = Constant('PTRACE_O_TRACEVFORK',0x00000004) +PTRACE_O_TRACECLONE = Constant('PTRACE_O_TRACECLONE',0x00000008) +PTRACE_O_TRACEEXEC = Constant('PTRACE_O_TRACEEXEC',0x00000010) +PTRACE_O_TRACEVFORKDONE = Constant('PTRACE_O_TRACEVFORKDONE',0x00000020) +PTRACE_O_TRACEEXIT = Constant('PTRACE_O_TRACEEXIT',0x00000040) +PTRACE_O_MASK = Constant('PTRACE_O_MASK',0x0000007f) +PTRACE_EVENT_FORK = Constant('PTRACE_EVENT_FORK',1) +PTRACE_EVENT_VFORK = Constant('PTRACE_EVENT_VFORK',2) +PTRACE_EVENT_CLONE = Constant('PTRACE_EVENT_CLONE',3) +PTRACE_EVENT_EXEC = Constant('PTRACE_EVENT_EXEC',4) +PTRACE_EVENT_VFORK_DONE = Constant('PTRACE_EVENT_VFORK_DONE',5) +PTRACE_EVENT_EXIT = Constant('PTRACE_EVENT_EXIT',6) +PT_TRACE_ME = Constant('PT_TRACE_ME',0) +PT_READ_I = Constant('PT_READ_I',1) +PT_READ_D = Constant('PT_READ_D',2) +PT_READ_U = Constant('PT_READ_U',3) +PT_WRITE_I = Constant('PT_WRITE_I',4) +PT_WRITE_D = Constant('PT_WRITE_D',5) +PT_WRITE_U = Constant('PT_WRITE_U',6) +PT_CONTINUE = Constant('PT_CONTINUE',7) +PT_KILL = Constant('PT_KILL',8) +PT_STEP = Constant('PT_STEP',9) +PT_ATTACH = Constant('PT_ATTACH',0x10) +PT_DETACH = Constant('PT_DETACH',0x11) +SYS_accept = Constant('SYS_accept',202) +SYS_accept4 = Constant('SYS_accept4',242) +SYS_acct = Constant('SYS_acct',89) +SYS_add_key = Constant('SYS_add_key',217) +SYS_adjtimex = Constant('SYS_adjtimex',171) +SYS_arch_specific_syscall = Constant('SYS_arch_specific_syscall',244) +SYS_bind = Constant('SYS_bind',200) +SYS_bpf = Constant('SYS_bpf',280) +SYS_brk = Constant('SYS_brk',214) +SYS_capget = Constant('SYS_capget',90) +SYS_capset = Constant('SYS_capset',91) +SYS_chdir = Constant('SYS_chdir',49) +SYS_chroot = Constant('SYS_chroot',51) +SYS_clock_adjtime = Constant('SYS_clock_adjtime',266) +SYS_clock_getres = Constant('SYS_clock_getres',114) +SYS_clock_gettime = Constant('SYS_clock_gettime',113) +SYS_clock_nanosleep = Constant('SYS_clock_nanosleep',115) +SYS_clock_settime = Constant('SYS_clock_settime',112) +SYS_clone = Constant('SYS_clone',220) +SYS_clone3 = Constant('SYS_clone3',435) +SYS_close = Constant('SYS_close',57) +SYS_close_range = Constant('SYS_close_range',436) +SYS_connect = Constant('SYS_connect',203) +SYS_copy_file_range = Constant('SYS_copy_file_range',285) +SYS_delete_module = Constant('SYS_delete_module',106) +SYS_dup = Constant('SYS_dup',23) +SYS_dup3 = Constant('SYS_dup3',24) +SYS_epoll_create1 = Constant('SYS_epoll_create1',20) +SYS_epoll_ctl = Constant('SYS_epoll_ctl',21) +SYS_epoll_pwait = Constant('SYS_epoll_pwait',22) +SYS_epoll_pwait2 = Constant('SYS_epoll_pwait2',441) +SYS_eventfd2 = Constant('SYS_eventfd2',19) +SYS_execve = Constant('SYS_execve',221) +SYS_execveat = Constant('SYS_execveat',281) +SYS_exit = Constant('SYS_exit',93) +SYS_exit_group = Constant('SYS_exit_group',94) +SYS_faccessat = Constant('SYS_faccessat',48) +SYS_faccessat2 = Constant('SYS_faccessat2',439) +SYS_fadvise64 = Constant('SYS_fadvise64',223) +SYS_fallocate = Constant('SYS_fallocate',47) +SYS_fanotify_init = Constant('SYS_fanotify_init',262) +SYS_fanotify_mark = Constant('SYS_fanotify_mark',263) +SYS_fchdir = Constant('SYS_fchdir',50) +SYS_fchmod = Constant('SYS_fchmod',52) +SYS_fchmodat = Constant('SYS_fchmodat',53) +SYS_fchown = Constant('SYS_fchown',55) +SYS_fchownat = Constant('SYS_fchownat',54) +SYS_fcntl = Constant('SYS_fcntl',25) +SYS_fdatasync = Constant('SYS_fdatasync',83) +SYS_fgetxattr = Constant('SYS_fgetxattr',10) +SYS_finit_module = Constant('SYS_finit_module',273) +SYS_flistxattr = Constant('SYS_flistxattr',13) +SYS_flock = Constant('SYS_flock',32) +SYS_fremovexattr = Constant('SYS_fremovexattr',16) +SYS_fsconfig = Constant('SYS_fsconfig',431) +SYS_fsetxattr = Constant('SYS_fsetxattr',7) +SYS_fsmount = Constant('SYS_fsmount',432) +SYS_fsopen = Constant('SYS_fsopen',430) +SYS_fspick = Constant('SYS_fspick',433) +SYS_fstat = Constant('SYS_fstat',80) +SYS_fstatfs = Constant('SYS_fstatfs',44) +SYS_fsync = Constant('SYS_fsync',82) +SYS_ftruncate = Constant('SYS_ftruncate',46) +SYS_futex = Constant('SYS_futex',98) +SYS_getcpu = Constant('SYS_getcpu',168) +SYS_getcwd = Constant('SYS_getcwd',17) +SYS_getdents64 = Constant('SYS_getdents64',61) +SYS_getegid = Constant('SYS_getegid',177) +SYS_geteuid = Constant('SYS_geteuid',175) +SYS_getgid = Constant('SYS_getgid',176) +SYS_getgroups = Constant('SYS_getgroups',158) +SYS_getitimer = Constant('SYS_getitimer',102) +SYS_get_mempolicy = Constant('SYS_get_mempolicy',236) +SYS_getpeername = Constant('SYS_getpeername',205) +SYS_getpgid = Constant('SYS_getpgid',155) +SYS_getpid = Constant('SYS_getpid',172) +SYS_getppid = Constant('SYS_getppid',173) +SYS_getpriority = Constant('SYS_getpriority',141) +SYS_getrandom = Constant('SYS_getrandom',278) +SYS_getresgid = Constant('SYS_getresgid',150) +SYS_getresuid = Constant('SYS_getresuid',148) +SYS_getrlimit = Constant('SYS_getrlimit',163) +SYS_get_robust_list = Constant('SYS_get_robust_list',100) +SYS_getrusage = Constant('SYS_getrusage',165) +SYS_getsid = Constant('SYS_getsid',156) +SYS_getsockname = Constant('SYS_getsockname',204) +SYS_getsockopt = Constant('SYS_getsockopt',209) +SYS_gettid = Constant('SYS_gettid',178) +SYS_gettimeofday = Constant('SYS_gettimeofday',169) +SYS_getuid = Constant('SYS_getuid',174) +SYS_getxattr = Constant('SYS_getxattr',8) +SYS_init_module = Constant('SYS_init_module',105) +SYS_inotify_add_watch = Constant('SYS_inotify_add_watch',27) +SYS_inotify_init1 = Constant('SYS_inotify_init1',26) +SYS_inotify_rm_watch = Constant('SYS_inotify_rm_watch',28) +SYS_io_cancel = Constant('SYS_io_cancel',3) +SYS_ioctl = Constant('SYS_ioctl',29) +SYS_io_destroy = Constant('SYS_io_destroy',1) +SYS_io_getevents = Constant('SYS_io_getevents',4) +SYS_io_pgetevents = Constant('SYS_io_pgetevents',292) +SYS_ioprio_get = Constant('SYS_ioprio_get',31) +SYS_ioprio_set = Constant('SYS_ioprio_set',30) +SYS_io_setup = Constant('SYS_io_setup',0) +SYS_io_submit = Constant('SYS_io_submit',2) +SYS_io_uring_enter = Constant('SYS_io_uring_enter',426) +SYS_io_uring_register = Constant('SYS_io_uring_register',427) +SYS_io_uring_setup = Constant('SYS_io_uring_setup',425) +SYS_kcmp = Constant('SYS_kcmp',272) +SYS_kexec_file_load = Constant('SYS_kexec_file_load',294) +SYS_kexec_load = Constant('SYS_kexec_load',104) +SYS_keyctl = Constant('SYS_keyctl',219) +SYS_kill = Constant('SYS_kill',129) +SYS_landlock_add_rule = Constant('SYS_landlock_add_rule',445) +SYS_landlock_create_ruleset = Constant('SYS_landlock_create_ruleset',444) +SYS_landlock_restrict_self = Constant('SYS_landlock_restrict_self',446) +SYS_lgetxattr = Constant('SYS_lgetxattr',9) +SYS_linkat = Constant('SYS_linkat',37) +SYS_listen = Constant('SYS_listen',201) +SYS_listxattr = Constant('SYS_listxattr',11) +SYS_llistxattr = Constant('SYS_llistxattr',12) +SYS_lookup_dcookie = Constant('SYS_lookup_dcookie',18) +SYS_lremovexattr = Constant('SYS_lremovexattr',15) +SYS_lseek = Constant('SYS_lseek',62) +SYS_lsetxattr = Constant('SYS_lsetxattr',6) +SYS_madvise = Constant('SYS_madvise',233) +SYS_mbind = Constant('SYS_mbind',235) +SYS_membarrier = Constant('SYS_membarrier',283) +SYS_memfd_create = Constant('SYS_memfd_create',279) +SYS_migrate_pages = Constant('SYS_migrate_pages',238) +SYS_mincore = Constant('SYS_mincore',232) +SYS_mkdirat = Constant('SYS_mkdirat',34) +SYS_mknodat = Constant('SYS_mknodat',33) +SYS_mlock = Constant('SYS_mlock',228) +SYS_mlock2 = Constant('SYS_mlock2',284) +SYS_mlockall = Constant('SYS_mlockall',230) +SYS_mmap = Constant('SYS_mmap',222) +SYS_mount = Constant('SYS_mount',40) +SYS_mount_setattr = Constant('SYS_mount_setattr',442) +SYS_move_mount = Constant('SYS_move_mount',429) +SYS_move_pages = Constant('SYS_move_pages',239) +SYS_mprotect = Constant('SYS_mprotect',226) +SYS_mq_getsetattr = Constant('SYS_mq_getsetattr',185) +SYS_mq_notify = Constant('SYS_mq_notify',184) +SYS_mq_open = Constant('SYS_mq_open',180) +SYS_mq_timedreceive = Constant('SYS_mq_timedreceive',183) +SYS_mq_timedsend = Constant('SYS_mq_timedsend',182) +SYS_mq_unlink = Constant('SYS_mq_unlink',181) +SYS_mremap = Constant('SYS_mremap',216) +SYS_msgctl = Constant('SYS_msgctl',187) +SYS_msgget = Constant('SYS_msgget',186) +SYS_msgrcv = Constant('SYS_msgrcv',188) +SYS_msgsnd = Constant('SYS_msgsnd',189) +SYS_msync = Constant('SYS_msync',227) +SYS_munlock = Constant('SYS_munlock',229) +SYS_munlockall = Constant('SYS_munlockall',231) +SYS_munmap = Constant('SYS_munmap',215) +SYS_name_to_handle_at = Constant('SYS_name_to_handle_at',264) +SYS_nanosleep = Constant('SYS_nanosleep',101) +SYS_newfstatat = Constant('SYS_newfstatat',79) +SYS_nfsservctl = Constant('SYS_nfsservctl',42) +SYS_openat = Constant('SYS_openat',56) +SYS_openat2 = Constant('SYS_openat2',437) +SYS_open_by_handle_at = Constant('SYS_open_by_handle_at',265) +SYS_open_tree = Constant('SYS_open_tree',428) +SYS_perf_event_open = Constant('SYS_perf_event_open',241) +SYS_personality = Constant('SYS_personality',92) +SYS_pidfd_getfd = Constant('SYS_pidfd_getfd',438) +SYS_pidfd_open = Constant('SYS_pidfd_open',434) +SYS_pidfd_send_signal = Constant('SYS_pidfd_send_signal',424) +SYS_pipe2 = Constant('SYS_pipe2',59) +SYS_pivot_root = Constant('SYS_pivot_root',41) +SYS_pkey_alloc = Constant('SYS_pkey_alloc',289) +SYS_pkey_free = Constant('SYS_pkey_free',290) +SYS_pkey_mprotect = Constant('SYS_pkey_mprotect',288) +SYS_ppoll = Constant('SYS_ppoll',73) +SYS_prctl = Constant('SYS_prctl',167) +SYS_pread64 = Constant('SYS_pread64',67) +SYS_preadv = Constant('SYS_preadv',69) +SYS_preadv2 = Constant('SYS_preadv2',286) +SYS_prlimit64 = Constant('SYS_prlimit64',261) +SYS_process_madvise = Constant('SYS_process_madvise',440) +SYS_process_vm_readv = Constant('SYS_process_vm_readv',270) +SYS_process_vm_writev = Constant('SYS_process_vm_writev',271) +SYS_pselect6 = Constant('SYS_pselect6',72) +SYS_ptrace = Constant('SYS_ptrace',117) +SYS_pwrite64 = Constant('SYS_pwrite64',68) +SYS_pwritev = Constant('SYS_pwritev',70) +SYS_pwritev2 = Constant('SYS_pwritev2',287) +SYS_quotactl = Constant('SYS_quotactl',60) +SYS_read = Constant('SYS_read',63) +SYS_readahead = Constant('SYS_readahead',213) +SYS_readlinkat = Constant('SYS_readlinkat',78) +SYS_readv = Constant('SYS_readv',65) +SYS_reboot = Constant('SYS_reboot',142) +SYS_recvfrom = Constant('SYS_recvfrom',207) +SYS_recvmmsg = Constant('SYS_recvmmsg',243) +SYS_recvmsg = Constant('SYS_recvmsg',212) +SYS_remap_file_pages = Constant('SYS_remap_file_pages',234) +SYS_removexattr = Constant('SYS_removexattr',14) +SYS_renameat2 = Constant('SYS_renameat2',276) +SYS_request_key = Constant('SYS_request_key',218) +SYS_restart_syscall = Constant('SYS_restart_syscall',128) +SYS_riscv_flush_icache = Constant('SYS_riscv_flush_icache',(244 + 15)) +SYS_rseq = Constant('SYS_rseq',293) +SYS_rt_sigaction = Constant('SYS_rt_sigaction',134) +SYS_rt_sigpending = Constant('SYS_rt_sigpending',136) +SYS_rt_sigprocmask = Constant('SYS_rt_sigprocmask',135) +SYS_rt_sigqueueinfo = Constant('SYS_rt_sigqueueinfo',138) +SYS_rt_sigreturn = Constant('SYS_rt_sigreturn',139) +SYS_rt_sigsuspend = Constant('SYS_rt_sigsuspend',133) +SYS_rt_sigtimedwait = Constant('SYS_rt_sigtimedwait',137) +SYS_rt_tgsigqueueinfo = Constant('SYS_rt_tgsigqueueinfo',240) +SYS_sched_getaffinity = Constant('SYS_sched_getaffinity',123) +SYS_sched_getattr = Constant('SYS_sched_getattr',275) +SYS_sched_getparam = Constant('SYS_sched_getparam',121) +SYS_sched_get_priority_max = Constant('SYS_sched_get_priority_max',125) +SYS_sched_get_priority_min = Constant('SYS_sched_get_priority_min',126) +SYS_sched_getscheduler = Constant('SYS_sched_getscheduler',120) +SYS_sched_rr_get_interval = Constant('SYS_sched_rr_get_interval',127) +SYS_sched_setaffinity = Constant('SYS_sched_setaffinity',122) +SYS_sched_setattr = Constant('SYS_sched_setattr',274) +SYS_sched_setparam = Constant('SYS_sched_setparam',118) +SYS_sched_setscheduler = Constant('SYS_sched_setscheduler',119) +SYS_sched_yield = Constant('SYS_sched_yield',124) +SYS_seccomp = Constant('SYS_seccomp',277) +SYS_semctl = Constant('SYS_semctl',191) +SYS_semget = Constant('SYS_semget',190) +SYS_semop = Constant('SYS_semop',193) +SYS_semtimedop = Constant('SYS_semtimedop',192) +SYS_sendfile = Constant('SYS_sendfile',71) +SYS_sendmmsg = Constant('SYS_sendmmsg',269) +SYS_sendmsg = Constant('SYS_sendmsg',211) +SYS_sendto = Constant('SYS_sendto',206) +SYS_setdomainname = Constant('SYS_setdomainname',162) +SYS_setfsgid = Constant('SYS_setfsgid',152) +SYS_setfsuid = Constant('SYS_setfsuid',151) +SYS_setgid = Constant('SYS_setgid',144) +SYS_setgroups = Constant('SYS_setgroups',159) +SYS_sethostname = Constant('SYS_sethostname',161) +SYS_setitimer = Constant('SYS_setitimer',103) +SYS_set_mempolicy = Constant('SYS_set_mempolicy',237) +SYS_setns = Constant('SYS_setns',268) +SYS_setpgid = Constant('SYS_setpgid',154) +SYS_setpriority = Constant('SYS_setpriority',140) +SYS_setregid = Constant('SYS_setregid',143) +SYS_setresgid = Constant('SYS_setresgid',149) +SYS_setresuid = Constant('SYS_setresuid',147) +SYS_setreuid = Constant('SYS_setreuid',145) +SYS_setrlimit = Constant('SYS_setrlimit',164) +SYS_set_robust_list = Constant('SYS_set_robust_list',99) +SYS_setsid = Constant('SYS_setsid',157) +SYS_setsockopt = Constant('SYS_setsockopt',208) +SYS_set_tid_address = Constant('SYS_set_tid_address',96) +SYS_settimeofday = Constant('SYS_settimeofday',170) +SYS_setuid = Constant('SYS_setuid',146) +SYS_setxattr = Constant('SYS_setxattr',5) +SYS_shmat = Constant('SYS_shmat',196) +SYS_shmctl = Constant('SYS_shmctl',195) +SYS_shmdt = Constant('SYS_shmdt',197) +SYS_shmget = Constant('SYS_shmget',194) +SYS_shutdown = Constant('SYS_shutdown',210) +SYS_sigaltstack = Constant('SYS_sigaltstack',132) +SYS_signalfd4 = Constant('SYS_signalfd4',74) +SYS_socket = Constant('SYS_socket',198) +SYS_socketpair = Constant('SYS_socketpair',199) +SYS_splice = Constant('SYS_splice',76) +SYS_statfs = Constant('SYS_statfs',43) +SYS_statx = Constant('SYS_statx',291) +SYS_swapoff = Constant('SYS_swapoff',225) +SYS_swapon = Constant('SYS_swapon',224) +SYS_symlinkat = Constant('SYS_symlinkat',36) +SYS_sync = Constant('SYS_sync',81) +SYS_sync_file_range = Constant('SYS_sync_file_range',84) +SYS_syncfs = Constant('SYS_syncfs',267) +SYS_sysinfo = Constant('SYS_sysinfo',179) +SYS_syslog = Constant('SYS_syslog',116) +SYS_sysriscv = Constant('SYS_sysriscv',244) +SYS_tee = Constant('SYS_tee',77) +SYS_tgkill = Constant('SYS_tgkill',131) +SYS_timer_create = Constant('SYS_timer_create',107) +SYS_timer_delete = Constant('SYS_timer_delete',111) +SYS_timerfd_create = Constant('SYS_timerfd_create',85) +SYS_timerfd_gettime = Constant('SYS_timerfd_gettime',87) +SYS_timerfd_settime = Constant('SYS_timerfd_settime',86) +SYS_timer_getoverrun = Constant('SYS_timer_getoverrun',109) +SYS_timer_gettime = Constant('SYS_timer_gettime',108) +SYS_timer_settime = Constant('SYS_timer_settime',110) +SYS_times = Constant('SYS_times',153) +SYS_tkill = Constant('SYS_tkill',130) +SYS_truncate = Constant('SYS_truncate',45) +SYS_umask = Constant('SYS_umask',166) +SYS_umount2 = Constant('SYS_umount2',39) +SYS_uname = Constant('SYS_uname',160) +SYS_unlinkat = Constant('SYS_unlinkat',35) +SYS_unshare = Constant('SYS_unshare',97) +SYS_userfaultfd = Constant('SYS_userfaultfd',282) +SYS_utimensat = Constant('SYS_utimensat',88) +SYS_vhangup = Constant('SYS_vhangup',58) +SYS_vmsplice = Constant('SYS_vmsplice',75) +SYS_wait4 = Constant('SYS_wait4',260) +SYS_waitid = Constant('SYS_waitid',95) +SYS_write = Constant('SYS_write',64) +SYS_writev = Constant('SYS_writev',66) diff --git a/pwnlib/context/__init__.py b/pwnlib/context/__init__.py index 9d6ebe71d..670fb138a 100644 --- a/pwnlib/context/__init__.py +++ b/pwnlib/context/__init__.py @@ -302,7 +302,7 @@ class ContextType(object): >>> context.os == 'linux' True >>> context.arch = 'arm' - >>> vars(context) == {'arch': 'arm', 'bits': 32, 'endian': 'little', 'os': 'linux'} + >>> vars(context) == {'arch': 'arm', 'bits': 32, 'endian': 'little', 'os': 'linux', 'newline': b'\n'} True >>> context.endian 'little' @@ -367,6 +367,7 @@ class ContextType(object): 'randomize': False, 'rename_corefiles': True, 'newline': b'\n', + 'throw_eof_on_incomplete_line': None, 'noptrace': False, 'os': 'linux', 'proxy': None, @@ -376,8 +377,19 @@ class ContextType(object): 'timeout': Timeout.maximum, } - #: Valid values for :meth:`pwnlib.context.ContextType.os` - oses = sorted(('linux','freebsd','windows','cgc','android','baremetal','darwin')) + unix_like = {'newline': b'\n'} + windows_like = {'newline': b'\r\n'} + + #: Keys are valid values for :meth:`pwnlib.context.ContextType.os` + oses = _longest({ + 'linux': unix_like, + 'freebsd': unix_like, + 'windows': windows_like, + 'cgc': unix_like, + 'android': unix_like, + 'baremetal': unix_like, + 'darwin': unix_like, + }) big_32 = {'endian': 'big', 'bits': 32} big_64 = {'endian': 'big', 'bits': 64} @@ -446,14 +458,14 @@ def __init__(self, **kwargs): def copy(self): - """copy() -> dict + r"""copy() -> dict Returns a copy of the current context as a dictionary. Examples: >>> context.clear() >>> context.os = 'linux' - >>> vars(context) == {'os': 'linux'} + >>> vars(context) == {'os': 'linux', 'newline': b'\n'} True """ return self._tls.copy() @@ -1022,6 +1034,8 @@ def log_file(self, value): """ if isinstance(value, (bytes, six.text_type)): # check if mode was specified as "[value],[mode]" + from pwnlib.util.packing import _need_text + value = _need_text(value) if ',' not in value: value += ',a' filename, mode = value.rsplit(',', 1) @@ -1104,25 +1118,73 @@ def mask(self): @_validator def os(self, os): - """ + r""" Operating system of the target machine. The default value is ``linux``. Allowed values are listed in :attr:`pwnlib.context.ContextType.oses`. + Side Effects: + + If an os is specified some attributes will be set on the context + if a user has not already set a value. + + The following property may be modified: + + - :attr:`newline` + + Raises: + AttributeError: An invalid os was specified + Examples: - >>> context.os = 'linux' + >>> context.clear() + >>> context.os == 'linux' # Default os + True + + >>> context.os = 'freebsd' + >>> context.os == 'freebsd' + True + >>> context.os = 'foobar' #doctest: +ELLIPSIS Traceback (most recent call last): ... AttributeError: os must be one of ['android', 'baremetal', 'cgc', 'freebsd', 'linux', 'windows'] + + >>> context.clear() + >>> context.newline == b'\n' # Default value + True + >>> context.os = 'windows' + >>> context.newline == b'\r\n' # New value + True + + Note that expressly setting :attr:`newline` means that we use + that value instead of the default + + >>> context.clear() + >>> context.newline = b'\n' + >>> context.os = 'windows' + >>> context.newline == b'\n' + True + + Setting the os can override the default for :attr:`newline` + + >>> context.clear() + >>> context.os = 'windows' + >>> vars(context) == {'os': 'windows', 'newline': b'\r\n'} + True """ os = os.lower() - if os not in self.oses: - raise AttributeError("os must be one of %r" % self.oses) + try: + defaults = self.oses[os] + except KeyError: + raise AttributeError("os must be one of %r" % sorted(self.oses)) + + for k,v in defaults.items(): + if k not in self._tls: + self._tls[k] = v return os @@ -1315,9 +1377,9 @@ def buffer_size(self, size): def cache_dir_base(self, new_base): """Base directory to use for caching content. - Changing this to a different value will clear the `cache_dir` path + Changing this to a different value will clear the :attr:`cache_dir` path stored in TLS since a new path will need to be generated to respect the - new `cache_dir_base` value. + new :attr:`cache_dir_base` value. """ if new_base != self.cache_dir_base: @@ -1332,6 +1394,9 @@ def cache_dir(self): Note: May be either a path string, or :const:`None`. + Set to :const:`None` to disable caching. + Set to :const:`True` to generate the default cache directory path + based on :attr:`cache_dir_base` again. Example: @@ -1339,12 +1404,18 @@ def cache_dir(self): >>> cache_dir is not None True >>> os.chmod(cache_dir, 0o000) - >>> del context._tls['cache_dir'] + >>> context.cache_dir = True >>> context.cache_dir is None True >>> os.chmod(cache_dir, 0o755) >>> cache_dir == context.cache_dir True + >>> context.cache_dir = None + >>> context.cache_dir is None + True + >>> context.cache_dir = True + >>> context.cache_dir is not None + True """ try: # If the TLS already has a cache directory path, we return it @@ -1389,7 +1460,9 @@ def cache_dir(self): @cache_dir.setter def cache_dir(self, v): - if os.access(v, os.W_OK): + if v is True: + del self._tls["cache_dir"] + elif v is None or os.access(v, os.W_OK): # Stash this in TLS for later reuse self._tls["cache_dir"] = v @@ -1429,6 +1502,25 @@ def newline(self, v): # circular imports from pwnlib.util.packing import _need_bytes return _need_bytes(v) + + @_validator + def throw_eof_on_incomplete_line(self, v): + """Whether to raise an :class:`EOFError` if an EOF is received before a newline in ``tube.recvline``. + + Controls if an :class:`EOFError` is treated as newline in ``tube.recvline`` and similar functions + and whether a warning should be logged about it. + + Possible values are: + + - ``True``: Raise an :class:`EOFError` if an EOF is received before a newline. + - ``False``: Return the data received so far if an EOF is received + before a newline without logging a warning. + - ``None``: Return the data received so far if an EOF is received + before a newline and log a warning. + + Default value is ``None``. + """ + return v if v is None else bool(v) @_validator diff --git a/pwnlib/data/includes/darwin/aarch64.h b/pwnlib/data/includes/darwin/aarch64.h index 81fb6f979..630009ddf 100644 --- a/pwnlib/data/includes/darwin/aarch64.h +++ b/pwnlib/data/includes/darwin/aarch64.h @@ -87,6 +87,7 @@ #define VOL_CAP_FMT_SHARED_SPACE 0x00800000 #define VOL_CAP_FMT_VOL_GROUPS 0x01000000 #define VOL_CAP_FMT_SEALED 0x02000000 +#define VOL_CAP_FMT_CLONE_MAPPING 0x04000000 #define VOL_CAP_INT_SEARCHFS 0x00000001 #define VOL_CAP_INT_ATTRLIST 0x00000002 #define VOL_CAP_INT_NFSEXPORT 0x00000004 @@ -108,6 +109,8 @@ #define VOL_CAP_INT_RENAME_EXCL 0x00080000 #define VOL_CAP_INT_RENAME_OPENFAIL 0x00100000 #define VOL_CAP_INT_RENAME_SECLUDE 0x00200000 +#define VOL_CAP_INT_ATTRIBUTION_TAG 0x00400000 +#define VOL_CAP_INT_PUNCHHOLE 0x00800000 #define ATTR_CMN_NAME 0x00000001 #define ATTR_CMN_DEVID 0x00000002 #define ATTR_CMN_FSID 0x00000004 @@ -292,6 +295,8 @@ #define IO_SWAP_DISPATCH 0x200000 #define IO_SKIP_ENCRYPTION 0x400000 #define IO_EVTONLY 0x800000 +#define IO_NOCACHE_SYSSPACE 0x1000000 +#define IO_NOCACHE_SWRITE 0x2000000 #define LOOKUP 0 #define CREATE 1 #define DELETE 2 @@ -346,6 +351,7 @@ #define VNODE_LOOKUP_NOFOLLOW 0x01 #define VNODE_LOOKUP_NOCROSSMOUNT 0x02 #define VNODE_LOOKUP_CROSSMOUNTNOWAIT 0x04 +#define VNODE_LOOKUP_NOFOLLOW_ANY 0x08 #define VNODE_RELOAD 0x01 #define VNODE_WAIT 0x02 #define VNODE_WRITEABLE 0x04 @@ -424,7 +430,7 @@ #define WANTPARENT 0x0010 #define UIO_MAXIOV 1024 #define UIO_SMALLIOV 8 -#define EVFILT_SYSCOUNT 17 +#define EVFILT_SYSCOUNT 18 #define KEVENT_FLAG_NONE 0x000000 #define KEVENT_FLAG_IMMEDIATE 0x000001 #define KEVENT_FLAG_ERROR_EVENTS 0x000002 @@ -502,6 +508,7 @@ #define IMGPF_SPAWN 0x00000010 #define IMGPF_DISABLE_ASLR 0x00000020 #define IMGPF_ALLOW_DATA_EXEC 0x00000040 +#define IMGPF_3P_PLUGINS 0x00000080 #define IMGPF_EXEC 0x00000100 #define IMGPF_HIGH_BITS_ASLR 0x00000200 #define IMGPF_IS_64BIT_DATA 0x00000400 @@ -511,6 +518,7 @@ #define IMGPF_HW_TPRO 0x00004000 #define IMGPF_ROSETTA 0x10000000 #define IMGPF_ALT_ROSETTA 0x20000000 +#define IMGPF_RESERVED_2 0x40000000 #define IMGPF_NOJOP 0x80000000 #define IMGPF_SB_DEFAULT 0 #define IMGPF_SB_TRUE 1 @@ -559,9 +567,34 @@ #define WCONTINUED 0x00000010 #define WNOWAIT 0x00000020 #define WAIT_MYPGRP 0 +#define PRIO_DARWIN_GPU 5 +#define PRIO_DARWIN_GPU_ALLOW 0x1 +#define PRIO_DARWIN_GPU_DENY 0x2 +#define PRIO_DARWIN_ROLE 6 +#define PRIO_DARWIN_ROLE_DEFAULT 0x0 +#define PRIO_DARWIN_ROLE_UI_FOCAL 0x1 +#define PRIO_DARWIN_ROLE_UI 0x2 +#define PRIO_DARWIN_ROLE_NON_UI 0x3 +#define PRIO_DARWIN_ROLE_UI_NON_FOCAL 0x4 +#define PRIO_DARWIN_ROLE_TAL_LAUNCH 0x5 +#define PRIO_DARWIN_ROLE_DARWIN_BG 0x6 #define PRIO_DARWIN_GAME_MODE 7 +#define PRIO_DARWIN_CARPLAY_MODE 8 #define PRIO_DARWIN_GAME_MODE_OFF 0x0 #define PRIO_DARWIN_GAME_MODE_ON 0x1 +#define PRIO_DARWIN_CARPLAY_MODE_OFF 0x0 +#define PRIO_DARWIN_CARPLAY_MODE_ON 0x1 +#define IOMON_ENABLE 0x01 +#define IOMON_DISABLE 0x02 +#define IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY 1 +#define IOPOL_TYPE_VFS_ALTLINK 11 +#define IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE 12 +#define IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT 0 +#define IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE 1 +#define IOPOL_VFS_ALTLINK_DISABLED 0 +#define IOPOL_VFS_ALTLINK_ENABLED 1 +#define IOPOL_CMD_GET 0x00000001 +#define IOPOL_CMD_SET 0x00000002 #define IPC_CREAT 0001000 #define IPC_EXCL 0002000 #define IPC_NOWAIT 0004000 @@ -676,6 +709,7 @@ #define F_GETLEASE 107 #define F_TRANSFEREXTENTS 110 #define F_ATTRIBUTION_TAG 111 +#define F_ADDSIGS_MAIN_BINARY 113 #define FCNTL_FS_SPECIFIC_BASE 0x00010000 #define F_DUPFD_CLOEXEC 67 #define FD_CLOEXEC 1 @@ -903,6 +937,7 @@ #define MADV_FREE_REUSE 8 #define MADV_CAN_REUSE 9 #define MADV_PAGEOUT 10 +#define MADV_ZERO 11 #define MINCORE_INCORE 0x1 #define MINCORE_REFERENCED 0x2 #define MINCORE_MODIFIED 0x4 @@ -1110,6 +1145,9 @@ #define DBG_MACH_IHDLR 0x10 #define DBG_MACH_IPC 0x20 #define DBG_MACH_RESOURCE 0x25 +#define DBG_MACH_EXCLAVES 0x2A +#define DBG_MACH_EXCLAVES_SCHEDULER 0x2B +#define DBG_MACH_EPOCH_SYNC 0x2C #define DBG_MACH_VM 0x30 #define DBG_MACH_LEAKS 0x31 #define DBG_MACH_WORKINGSET 0x32 @@ -1135,6 +1173,7 @@ #define DBG_MACH_KCOV 0xAD #define DBG_MACH_MACHDEP_EXCP_SC_x86 0xAE #define DBG_MACH_MACHDEP_EXCP_SC_ARM 0xAF +#define DBG_MACH_VM_RECLAIM 0xB0 #define DBC_MACH_IO_MMIO_READ 0x1 #define DBC_MACH_IO_MMIO_WRITE 0x2 #define DBC_MACH_IO_PHYS_READ 0x3 @@ -1176,7 +1215,6 @@ #define MACH_SCHED_MAINTENANCE 0x1f #define MACH_DISPATCH 0x20 #define MACH_QUANTUM_HANDOFF 0x21 -#define MACH_MULTIQ_DEQUEUE 0x22 #define MACH_SCHED_THREAD_SWITCH 0x23 #define MACH_SCHED_SMT_BALANCE 0x24 #define MACH_REMOTE_DEFERRED_AST 0x25 @@ -1228,6 +1266,7 @@ #define MACH_SCHED_WI_EXTERNAL_WAKEUP 0x61 #define MACH_SCHED_AST_CHECK 0x62 #define MACH_SCHED_PREEMPT_TIMER_ACTIVE 0x63 +#define MACH_PROCESSOR_SHUTDOWN 0x64 #define MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE 0x0 #define MACH_SCHED_CLUTCH_TG_BUCKET_STATE 0x1 #define MACH_SCHED_CLUTCH_THREAD_SELECT 0x2 @@ -1253,20 +1292,83 @@ #define WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME 0x7 #define KCOV_STKSZ_THRESHOLD_ABOVE 0x0 #define KCOV_STKSZ_THRESHOLD_BELOW 0x1 -#define MACH_MULTIQ_BOUND 1 -#define MACH_MULTIQ_GROUP 2 -#define MACH_MULTIQ_GLOBAL 3 -#define DBG_ZERO_FILL_FAULT 1 -#define DBG_PAGEIN_FAULT 2 -#define DBG_COW_FAULT 3 -#define DBG_CACHE_HIT_FAULT 4 -#define DBG_NZF_PAGE_FAULT 5 -#define DBG_GUARD_FAULT 6 -#define DBG_PAGEINV_FAULT 7 -#define DBG_PAGEIND_FAULT 8 -#define DBG_COMPRESSOR_FAULT 9 -#define DBG_COMPRESSOR_SWAPIN_FAULT 10 -#define DBG_COR_FAULT 11 +#define DBG_VM_VNODE_PAGEOUT 0x001 +#define DBG_VM_FAULT_INTERNAL 0x002 +#define DBG_VM_PURGEABLE_TOKEN_ADD 0x040 +#define DBG_VM_PURGEABLE_TOKEN_DELETE 0x041 +#define DBG_VM_PURGEABLE_TOKEN_RIPEN 0x042 +#define DBG_VM_PURGEABLE_OBJECT_ADD 0x048 +#define DBG_VM_PURGEABLE_OBJECT_REMOVE 0x049 +#define DBG_VM_PURGEABLE_OBJECT_PURGE 0x04a +#define DBG_VM_PURGEABLE_OBJECT_PURGE_ALL 0x04b +#define DBG_VM_PURGEABLE_OBJECT_PURGE_ONE 0x04c +#define DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP 0x04e +#define DBG_VM_MAP_PARTIAL_REAP 0x054 +#define DBG_VM_MAP_WILLNEED 0x055 +#define DBG_VM_FAULT_CHECK_ZFDELAY 0x100 +#define DBG_VM_FAULT_COWDELAY 0x101 +#define DBG_VM_FAULT_ZFDELAY 0x102 +#define DBG_VM_FAULT_COMPRESSORDELAY 0x103 +#define DBG_VM_PAGEOUT_SCAN 0x104 +#define DBG_VM_PAGEOUT_BALANCE 0x105 +#define DBG_VM_PAGEOUT_FREELIST 0x106 +#define DBG_VM_PAGEOUT_PURGEONE 0x107 +#define DBG_VM_PAGEOUT_CACHE_EVICT 0x108 +#define DBG_VM_PAGEOUT_THREAD_BLOCK 0x109 +#define DBG_VM_PAGEOUT_JETSAM 0x10A +#define DBG_VM_INFO1 0x10B +#define DBG_VM_INFO2 0x10C +#define DBG_VM_INFO3 0x10D +#define DBG_VM_INFO4 0x10E +#define DBG_VM_INFO5 0x10F +#define DBG_VM_INFO6 0x110 +#define DBG_VM_INFO7 0x111 +#define DBG_VM_INFO8 0x112 +#define DBG_VM_INFO9 0x113 +#define DBG_VM_INFO10 0x114 +#define DBG_VM_UPL_PAGE_WAIT 0x120 +#define DBG_VM_IOPL_PAGE_WAIT 0x121 +#define DBG_VM_PAGE_WAIT_BLOCK 0x122 +#define DBG_VM_PAGE_SLEEP 0x123 +#define DBG_VM_PAGE_EXPEDITE 0x124 +#define DBG_VM_PAGE_EXPEDITE_NO_MEMORY 0x125 +#define DBG_VM_PAGE_GRAB 0x126 +#define DBG_VM_PAGE_RELEASE 0x127 +#define DBG_VM_COMPRESSOR_COMPACT_AND_SWAP 0x128 +#define DBG_VM_COMPRESSOR_DELAYED_COMPACT 0x129 +#define DBG_VM_OBJECT_SLEEP 0x12a +#define DBG_VM_PAGE_WAKEUP 0x12b +#define DBG_VM_PAGE_WAKEUP_DONE 0x12c +#define DBG_VM_PRESSURE_EVENT 0x130 +#define DBG_VM_EXECVE 0x131 +#define DBG_VM_WAKEUP_COMPACTOR_SWAPPER 0x132 +#define DBG_VM_UPL_REQUEST 0x133 +#define DBG_VM_IOPL_REQUEST 0x134 +#define DBG_VM_KERN_REQUEST 0x135 +#define DBG_VM_DATA_WRITE 0x140 +#define DBG_VM_PRESSURE_LEVEL_CHANGE 0x141 +#define DBG_VM_PHYS_WRITE_ACCT 0x142 +#define DBG_VM_MAP_LOOKUP_ENTRY_FAILURE 0x143 +#define VM_DISCONNECT_ALL_PAGE_MAPPINGS 0x00 +#define VM_DISCONNECT_TASK_PAGE_MAPPINGS 0x01 +#define VM_REAL_FAULT_ADDR_INTERNAL 0x02 +#define VM_REAL_FAULT_ADDR_PURGABLE 0x03 +#define VM_REAL_FAULT_ADDR_EXTERNAL 0x04 +#define VM_REAL_FAULT_ADDR_SHAREDCACHE 0x05 +#define VM_REAL_FAULT_FAST 0x06 +#define VM_REAL_FAULT_SLOW 0x07 +#define VM_MAP_LOOKUP_OBJECT 0x08 +#define DBG_ZERO_FILL_FAULT 0x01 +#define DBG_PAGEIN_FAULT 0x02 +#define DBG_COW_FAULT 0x03 +#define DBG_CACHE_HIT_FAULT 0x04 +#define DBG_NZF_PAGE_FAULT 0x05 +#define DBG_GUARD_FAULT 0x06 +#define DBG_PAGEINV_FAULT 0x07 +#define DBG_PAGEIND_FAULT 0x08 +#define DBG_COMPRESSOR_FAULT 0x09 +#define DBG_COMPRESSOR_SWAPIN_FAULT 0x0a +#define DBG_COR_FAULT 0x0b #define MACH_TASK_SUSPEND 0x0 #define MACH_TASK_RESUME 0x1 #define MACH_THREAD_SET_VOUCHER 0x2 @@ -1281,6 +1383,31 @@ #define MACH_IPC_KMSG_LINK 0xb #define MACH_IPC_PORT_ENTRY_MODIFY 0xc #define MACH_IPC_DESTROY_GUARDED_DESC 0xd +#define MACH_THREAD_SUSPEND 0xe +#define MACH_THREAD_RESUME 0xf +#define MACH_EXCLAVES_SWITCH 0x0 +#define MACH_EXCLAVES_XNUPROXY 0x1 +#define MACH_EXCLAVES_RPC 0x2 +#define MACH_EXCLAVES_UPCALL 0x3 +#define MACH_EXCLAVES_BOOT_TASK 0x4 +#define MACH_EXCLAVES_SCHEDULER_YIELD 0x0 +#define MACH_EXCLAVES_SCHEDULER_SPAWNED 0x1 +#define MACH_EXCLAVES_SCHEDULER_TERMINATED 0x2 +#define MACH_EXCLAVES_SCHEDULER_WAIT 0x3 +#define MACH_EXCLAVES_SCHEDULER_WAKE 0x4 +#define MACH_EXCLAVES_SCHEDULER_SUSPENDED 0x5 +#define MACH_EXCLAVES_SCHEDULER_RESUMED 0x6 +#define MACH_EXCLAVES_SCHEDULER_INTERRUPTED 0x7 +#define MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED 0x8 +#define MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED 0x9 +#define MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC 0xa +#define MACH_EPOCH_SYNC_WAIT_STALE 0x0 +#define MACH_EPOCH_SYNC_WAIT 0x1 +#define MACH_EPOCH_SYNC_WAKE_NO_WAITERS 0x2 +#define MACH_EPOCH_SYNC_WAKE_ONE 0x3 +#define MACH_EPOCH_SYNC_WAKE_ALL 0x4 +#define MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER 0x5 +#define MACH_EPOCH_SYNC_WAKE_THREAD 0x6 #define MACH_THREAD_GROUP_NEW 0x0 #define MACH_THREAD_GROUP_FREE 0x1 #define MACH_THREAD_GROUP_SET 0x2 @@ -1423,6 +1550,13 @@ #define HV_X86_VM_PROTECT_TRAP 0x2b #define HV_X86_VM_UNMAP_TRAP 0x2c #define HV_X86_TSC_OFFSET_SET 0x2d +#define VM_RECLAIM_UPDATE_ACCOUNTING 0x01 +#define VM_RECLAIM_ENTRIES 0x02 +#define VM_RECLAIM_CHUNK 0x03 +#define VM_RECLAIM_ENTRY 0x04 +#define VM_RECLAIM_ALL_MEMORY 0x05 +#define VM_RECLAIM_ASYNC_MEMORY 0x06 +#define VM_RECLAIM_INIT 0x07 #define DBG_NETIP 1 #define DBG_NETARP 2 #define DBG_NETUDP 3 @@ -2108,6 +2242,7 @@ #define XATTR_NOSECURITY 0x0008 #define XATTR_NODEFAULT 0x0010 #define XATTR_SHOWCOMPRESSION 0x0020 +#define XATTR_NOFOLLOW_ANY 0x0040 #define XATTR_MAXNAMELEN 127 #define PR_SLOWHZ 2 #define PRC_IFDOWN 0 @@ -2141,6 +2276,7 @@ #define CTL_FLAG_REG_SOCK_STREAM 0x4 #define CTL_DATA_NOWAKEUP 0x1 #define CTL_DATA_EOR 0x2 +#define __has_safe_buffers 0 #define __DARWIN_ONLY_64_BIT_INO_T 0 #define __DARWIN_ONLY_UNIX_CONFORMANCE 0 #define __DARWIN_ONLY_VERS_1050 0 @@ -2478,7 +2614,8 @@ #define VQ_NEARLOWDISK 0x2000 #define VQ_DESIRED_DISK 0x4000 #define VQ_FREE_SPACE_CHANGE 0x8000 -#define VQ_FLAG10000 0x10000 +#define VQ_PURGEABLE_SPACE_CHANGE 0x10000 +#define VQ_FLAG20000 0x20000 #define VFS_IOATTR_FLAGS_FUA 0x00000001 #define VFS_IOATTR_FLAGS_UNMAP 0x00000002 #define VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED 0x00000010 @@ -2509,7 +2646,7 @@ #define NFSV4_MAX_FH_SIZE 128 #define NFSV3_MAX_FH_SIZE 64 #define NFSV2_MAX_FH_SIZE 32 -#define CRYPTEX_AUTH_STRUCT_VERSION 1 +#define CRYPTEX_AUTH_STRUCT_VERSION 2 #define EV_FD 1 #define EV_RE 1 #define EV_WR 2 @@ -2533,6 +2670,10 @@ #define KDEBUG_LEVEL_FULL 3 #define KDBG_FLAG_FILTERED 0x01 #define KDBG_FLAG_NOPROCFILT 0x02 +#define __DARWIN_LITTLE_ENDIAN 1234 +#define __DARWIN_BIG_ENDIAN 4321 +#define __DARWIN_PDP_ENDIAN 3412 +#define USE_CLANG_TYPES 0 #define __DARWIN_NULL 0 #define UBC_PUSHDIRTY 0x01 #define UBC_PUSHALL 0x02 @@ -3068,7 +3209,9 @@ #define SYS_mkfifoat 553 #define SYS_mknodat 554 #define SYS_ungraftdmg 555 -#define SYS_MAXSYSCALL 556 +#define SYS_coalition_policy_set 556 +#define SYS_coalition_policy_get 557 +#define SYS_MAXSYSCALL 558 #define SYS_invalid 63 #define SOCK_STREAM 1 #define SOCK_DGRAM 2 @@ -3116,6 +3259,7 @@ #define SO_NET_SERVICE_TYPE 0x1116 #define SO_NETSVC_MARKING_LEVEL 0x1119 #define SO_RESOLVER_SIGNATURE 0x1131 +#define SO_BINDTODEVICE 0x1134 #define NET_SERVICE_TYPE_BE 0 #define NET_SERVICE_TYPE_BK 1 #define NET_SERVICE_TYPE_SIG 2 diff --git a/pwnlib/data/includes/darwin/amd64.h b/pwnlib/data/includes/darwin/amd64.h index ee9411473..de288d6a9 100644 --- a/pwnlib/data/includes/darwin/amd64.h +++ b/pwnlib/data/includes/darwin/amd64.h @@ -87,6 +87,7 @@ #define VOL_CAP_FMT_SHARED_SPACE 0x00800000 #define VOL_CAP_FMT_VOL_GROUPS 0x01000000 #define VOL_CAP_FMT_SEALED 0x02000000 +#define VOL_CAP_FMT_CLONE_MAPPING 0x04000000 #define VOL_CAP_INT_SEARCHFS 0x00000001 #define VOL_CAP_INT_ATTRLIST 0x00000002 #define VOL_CAP_INT_NFSEXPORT 0x00000004 @@ -108,6 +109,8 @@ #define VOL_CAP_INT_RENAME_EXCL 0x00080000 #define VOL_CAP_INT_RENAME_OPENFAIL 0x00100000 #define VOL_CAP_INT_RENAME_SECLUDE 0x00200000 +#define VOL_CAP_INT_ATTRIBUTION_TAG 0x00400000 +#define VOL_CAP_INT_PUNCHHOLE 0x00800000 #define ATTR_CMN_NAME 0x00000001 #define ATTR_CMN_DEVID 0x00000002 #define ATTR_CMN_FSID 0x00000004 @@ -292,6 +295,8 @@ #define IO_SWAP_DISPATCH 0x200000 #define IO_SKIP_ENCRYPTION 0x400000 #define IO_EVTONLY 0x800000 +#define IO_NOCACHE_SYSSPACE 0x1000000 +#define IO_NOCACHE_SWRITE 0x2000000 #define LOOKUP 0 #define CREATE 1 #define DELETE 2 @@ -346,6 +351,7 @@ #define VNODE_LOOKUP_NOFOLLOW 0x01 #define VNODE_LOOKUP_NOCROSSMOUNT 0x02 #define VNODE_LOOKUP_CROSSMOUNTNOWAIT 0x04 +#define VNODE_LOOKUP_NOFOLLOW_ANY 0x08 #define VNODE_RELOAD 0x01 #define VNODE_WAIT 0x02 #define VNODE_WRITEABLE 0x04 @@ -424,7 +430,7 @@ #define WANTPARENT 0x0010 #define UIO_MAXIOV 1024 #define UIO_SMALLIOV 8 -#define EVFILT_SYSCOUNT 17 +#define EVFILT_SYSCOUNT 18 #define KEVENT_FLAG_NONE 0x000000 #define KEVENT_FLAG_IMMEDIATE 0x000001 #define KEVENT_FLAG_ERROR_EVENTS 0x000002 @@ -502,6 +508,7 @@ #define IMGPF_SPAWN 0x00000010 #define IMGPF_DISABLE_ASLR 0x00000020 #define IMGPF_ALLOW_DATA_EXEC 0x00000040 +#define IMGPF_3P_PLUGINS 0x00000080 #define IMGPF_EXEC 0x00000100 #define IMGPF_HIGH_BITS_ASLR 0x00000200 #define IMGPF_IS_64BIT_DATA 0x00000400 @@ -511,6 +518,7 @@ #define IMGPF_HW_TPRO 0x00004000 #define IMGPF_ROSETTA 0x10000000 #define IMGPF_ALT_ROSETTA 0x20000000 +#define IMGPF_RESERVED_2 0x40000000 #define IMGPF_NOJOP 0x80000000 #define IMGPF_SB_DEFAULT 0 #define IMGPF_SB_TRUE 1 @@ -559,9 +567,34 @@ #define WCONTINUED 0x00000010 #define WNOWAIT 0x00000020 #define WAIT_MYPGRP 0 +#define PRIO_DARWIN_GPU 5 +#define PRIO_DARWIN_GPU_ALLOW 0x1 +#define PRIO_DARWIN_GPU_DENY 0x2 +#define PRIO_DARWIN_ROLE 6 +#define PRIO_DARWIN_ROLE_DEFAULT 0x0 +#define PRIO_DARWIN_ROLE_UI_FOCAL 0x1 +#define PRIO_DARWIN_ROLE_UI 0x2 +#define PRIO_DARWIN_ROLE_NON_UI 0x3 +#define PRIO_DARWIN_ROLE_UI_NON_FOCAL 0x4 +#define PRIO_DARWIN_ROLE_TAL_LAUNCH 0x5 +#define PRIO_DARWIN_ROLE_DARWIN_BG 0x6 #define PRIO_DARWIN_GAME_MODE 7 +#define PRIO_DARWIN_CARPLAY_MODE 8 #define PRIO_DARWIN_GAME_MODE_OFF 0x0 #define PRIO_DARWIN_GAME_MODE_ON 0x1 +#define PRIO_DARWIN_CARPLAY_MODE_OFF 0x0 +#define PRIO_DARWIN_CARPLAY_MODE_ON 0x1 +#define IOMON_ENABLE 0x01 +#define IOMON_DISABLE 0x02 +#define IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY 1 +#define IOPOL_TYPE_VFS_ALTLINK 11 +#define IOPOL_TYPE_VFS_NOCACHE_WRITE_FS_BLKSIZE 12 +#define IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT 0 +#define IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE 1 +#define IOPOL_VFS_ALTLINK_DISABLED 0 +#define IOPOL_VFS_ALTLINK_ENABLED 1 +#define IOPOL_CMD_GET 0x00000001 +#define IOPOL_CMD_SET 0x00000002 #define IPC_CREAT 0001000 #define IPC_EXCL 0002000 #define IPC_NOWAIT 0004000 @@ -676,6 +709,7 @@ #define F_GETLEASE 107 #define F_TRANSFEREXTENTS 110 #define F_ATTRIBUTION_TAG 111 +#define F_ADDSIGS_MAIN_BINARY 113 #define FCNTL_FS_SPECIFIC_BASE 0x00010000 #define F_DUPFD_CLOEXEC 67 #define FD_CLOEXEC 1 @@ -903,6 +937,7 @@ #define MADV_FREE_REUSE 8 #define MADV_CAN_REUSE 9 #define MADV_PAGEOUT 10 +#define MADV_ZERO 11 #define MINCORE_INCORE 0x1 #define MINCORE_REFERENCED 0x2 #define MINCORE_MODIFIED 0x4 @@ -1110,6 +1145,9 @@ #define DBG_MACH_IHDLR 0x10 #define DBG_MACH_IPC 0x20 #define DBG_MACH_RESOURCE 0x25 +#define DBG_MACH_EXCLAVES 0x2A +#define DBG_MACH_EXCLAVES_SCHEDULER 0x2B +#define DBG_MACH_EPOCH_SYNC 0x2C #define DBG_MACH_VM 0x30 #define DBG_MACH_LEAKS 0x31 #define DBG_MACH_WORKINGSET 0x32 @@ -1135,6 +1173,7 @@ #define DBG_MACH_KCOV 0xAD #define DBG_MACH_MACHDEP_EXCP_SC_x86 0xAE #define DBG_MACH_MACHDEP_EXCP_SC_ARM 0xAF +#define DBG_MACH_VM_RECLAIM 0xB0 #define DBC_MACH_IO_MMIO_READ 0x1 #define DBC_MACH_IO_MMIO_WRITE 0x2 #define DBC_MACH_IO_PHYS_READ 0x3 @@ -1176,7 +1215,6 @@ #define MACH_SCHED_MAINTENANCE 0x1f #define MACH_DISPATCH 0x20 #define MACH_QUANTUM_HANDOFF 0x21 -#define MACH_MULTIQ_DEQUEUE 0x22 #define MACH_SCHED_THREAD_SWITCH 0x23 #define MACH_SCHED_SMT_BALANCE 0x24 #define MACH_REMOTE_DEFERRED_AST 0x25 @@ -1228,6 +1266,7 @@ #define MACH_SCHED_WI_EXTERNAL_WAKEUP 0x61 #define MACH_SCHED_AST_CHECK 0x62 #define MACH_SCHED_PREEMPT_TIMER_ACTIVE 0x63 +#define MACH_PROCESSOR_SHUTDOWN 0x64 #define MACH_SCHED_CLUTCH_ROOT_BUCKET_STATE 0x0 #define MACH_SCHED_CLUTCH_TG_BUCKET_STATE 0x1 #define MACH_SCHED_CLUTCH_THREAD_SELECT 0x2 @@ -1253,20 +1292,83 @@ #define WORKGROUP_INTERVAL_SET_WORKLOAD_ID_NAME 0x7 #define KCOV_STKSZ_THRESHOLD_ABOVE 0x0 #define KCOV_STKSZ_THRESHOLD_BELOW 0x1 -#define MACH_MULTIQ_BOUND 1 -#define MACH_MULTIQ_GROUP 2 -#define MACH_MULTIQ_GLOBAL 3 -#define DBG_ZERO_FILL_FAULT 1 -#define DBG_PAGEIN_FAULT 2 -#define DBG_COW_FAULT 3 -#define DBG_CACHE_HIT_FAULT 4 -#define DBG_NZF_PAGE_FAULT 5 -#define DBG_GUARD_FAULT 6 -#define DBG_PAGEINV_FAULT 7 -#define DBG_PAGEIND_FAULT 8 -#define DBG_COMPRESSOR_FAULT 9 -#define DBG_COMPRESSOR_SWAPIN_FAULT 10 -#define DBG_COR_FAULT 11 +#define DBG_VM_VNODE_PAGEOUT 0x001 +#define DBG_VM_FAULT_INTERNAL 0x002 +#define DBG_VM_PURGEABLE_TOKEN_ADD 0x040 +#define DBG_VM_PURGEABLE_TOKEN_DELETE 0x041 +#define DBG_VM_PURGEABLE_TOKEN_RIPEN 0x042 +#define DBG_VM_PURGEABLE_OBJECT_ADD 0x048 +#define DBG_VM_PURGEABLE_OBJECT_REMOVE 0x049 +#define DBG_VM_PURGEABLE_OBJECT_PURGE 0x04a +#define DBG_VM_PURGEABLE_OBJECT_PURGE_ALL 0x04b +#define DBG_VM_PURGEABLE_OBJECT_PURGE_ONE 0x04c +#define DBG_VM_PURGEABLE_OBJECT_PURGE_LOOP 0x04e +#define DBG_VM_MAP_PARTIAL_REAP 0x054 +#define DBG_VM_MAP_WILLNEED 0x055 +#define DBG_VM_FAULT_CHECK_ZFDELAY 0x100 +#define DBG_VM_FAULT_COWDELAY 0x101 +#define DBG_VM_FAULT_ZFDELAY 0x102 +#define DBG_VM_FAULT_COMPRESSORDELAY 0x103 +#define DBG_VM_PAGEOUT_SCAN 0x104 +#define DBG_VM_PAGEOUT_BALANCE 0x105 +#define DBG_VM_PAGEOUT_FREELIST 0x106 +#define DBG_VM_PAGEOUT_PURGEONE 0x107 +#define DBG_VM_PAGEOUT_CACHE_EVICT 0x108 +#define DBG_VM_PAGEOUT_THREAD_BLOCK 0x109 +#define DBG_VM_PAGEOUT_JETSAM 0x10A +#define DBG_VM_INFO1 0x10B +#define DBG_VM_INFO2 0x10C +#define DBG_VM_INFO3 0x10D +#define DBG_VM_INFO4 0x10E +#define DBG_VM_INFO5 0x10F +#define DBG_VM_INFO6 0x110 +#define DBG_VM_INFO7 0x111 +#define DBG_VM_INFO8 0x112 +#define DBG_VM_INFO9 0x113 +#define DBG_VM_INFO10 0x114 +#define DBG_VM_UPL_PAGE_WAIT 0x120 +#define DBG_VM_IOPL_PAGE_WAIT 0x121 +#define DBG_VM_PAGE_WAIT_BLOCK 0x122 +#define DBG_VM_PAGE_SLEEP 0x123 +#define DBG_VM_PAGE_EXPEDITE 0x124 +#define DBG_VM_PAGE_EXPEDITE_NO_MEMORY 0x125 +#define DBG_VM_PAGE_GRAB 0x126 +#define DBG_VM_PAGE_RELEASE 0x127 +#define DBG_VM_COMPRESSOR_COMPACT_AND_SWAP 0x128 +#define DBG_VM_COMPRESSOR_DELAYED_COMPACT 0x129 +#define DBG_VM_OBJECT_SLEEP 0x12a +#define DBG_VM_PAGE_WAKEUP 0x12b +#define DBG_VM_PAGE_WAKEUP_DONE 0x12c +#define DBG_VM_PRESSURE_EVENT 0x130 +#define DBG_VM_EXECVE 0x131 +#define DBG_VM_WAKEUP_COMPACTOR_SWAPPER 0x132 +#define DBG_VM_UPL_REQUEST 0x133 +#define DBG_VM_IOPL_REQUEST 0x134 +#define DBG_VM_KERN_REQUEST 0x135 +#define DBG_VM_DATA_WRITE 0x140 +#define DBG_VM_PRESSURE_LEVEL_CHANGE 0x141 +#define DBG_VM_PHYS_WRITE_ACCT 0x142 +#define DBG_VM_MAP_LOOKUP_ENTRY_FAILURE 0x143 +#define VM_DISCONNECT_ALL_PAGE_MAPPINGS 0x00 +#define VM_DISCONNECT_TASK_PAGE_MAPPINGS 0x01 +#define VM_REAL_FAULT_ADDR_INTERNAL 0x02 +#define VM_REAL_FAULT_ADDR_PURGABLE 0x03 +#define VM_REAL_FAULT_ADDR_EXTERNAL 0x04 +#define VM_REAL_FAULT_ADDR_SHAREDCACHE 0x05 +#define VM_REAL_FAULT_FAST 0x06 +#define VM_REAL_FAULT_SLOW 0x07 +#define VM_MAP_LOOKUP_OBJECT 0x08 +#define DBG_ZERO_FILL_FAULT 0x01 +#define DBG_PAGEIN_FAULT 0x02 +#define DBG_COW_FAULT 0x03 +#define DBG_CACHE_HIT_FAULT 0x04 +#define DBG_NZF_PAGE_FAULT 0x05 +#define DBG_GUARD_FAULT 0x06 +#define DBG_PAGEINV_FAULT 0x07 +#define DBG_PAGEIND_FAULT 0x08 +#define DBG_COMPRESSOR_FAULT 0x09 +#define DBG_COMPRESSOR_SWAPIN_FAULT 0x0a +#define DBG_COR_FAULT 0x0b #define MACH_TASK_SUSPEND 0x0 #define MACH_TASK_RESUME 0x1 #define MACH_THREAD_SET_VOUCHER 0x2 @@ -1281,6 +1383,31 @@ #define MACH_IPC_KMSG_LINK 0xb #define MACH_IPC_PORT_ENTRY_MODIFY 0xc #define MACH_IPC_DESTROY_GUARDED_DESC 0xd +#define MACH_THREAD_SUSPEND 0xe +#define MACH_THREAD_RESUME 0xf +#define MACH_EXCLAVES_SWITCH 0x0 +#define MACH_EXCLAVES_XNUPROXY 0x1 +#define MACH_EXCLAVES_RPC 0x2 +#define MACH_EXCLAVES_UPCALL 0x3 +#define MACH_EXCLAVES_BOOT_TASK 0x4 +#define MACH_EXCLAVES_SCHEDULER_YIELD 0x0 +#define MACH_EXCLAVES_SCHEDULER_SPAWNED 0x1 +#define MACH_EXCLAVES_SCHEDULER_TERMINATED 0x2 +#define MACH_EXCLAVES_SCHEDULER_WAIT 0x3 +#define MACH_EXCLAVES_SCHEDULER_WAKE 0x4 +#define MACH_EXCLAVES_SCHEDULER_SUSPENDED 0x5 +#define MACH_EXCLAVES_SCHEDULER_RESUMED 0x6 +#define MACH_EXCLAVES_SCHEDULER_INTERRUPTED 0x7 +#define MACH_EXCLAVES_SCHEDULER_NOTHING_SCHEDULED 0x8 +#define MACH_EXCLAVES_SCHEDULER_ALL_EXCLAVES_BOOTED 0x9 +#define MACH_EXCLAVES_SCHEDULER_EARLY_ALLOC 0xa +#define MACH_EPOCH_SYNC_WAIT_STALE 0x0 +#define MACH_EPOCH_SYNC_WAIT 0x1 +#define MACH_EPOCH_SYNC_WAKE_NO_WAITERS 0x2 +#define MACH_EPOCH_SYNC_WAKE_ONE 0x3 +#define MACH_EPOCH_SYNC_WAKE_ALL 0x4 +#define MACH_EPOCH_SYNC_WAKE_ONE_WITH_OWNER 0x5 +#define MACH_EPOCH_SYNC_WAKE_THREAD 0x6 #define MACH_THREAD_GROUP_NEW 0x0 #define MACH_THREAD_GROUP_FREE 0x1 #define MACH_THREAD_GROUP_SET 0x2 @@ -1423,6 +1550,13 @@ #define HV_X86_VM_PROTECT_TRAP 0x2b #define HV_X86_VM_UNMAP_TRAP 0x2c #define HV_X86_TSC_OFFSET_SET 0x2d +#define VM_RECLAIM_UPDATE_ACCOUNTING 0x01 +#define VM_RECLAIM_ENTRIES 0x02 +#define VM_RECLAIM_CHUNK 0x03 +#define VM_RECLAIM_ENTRY 0x04 +#define VM_RECLAIM_ALL_MEMORY 0x05 +#define VM_RECLAIM_ASYNC_MEMORY 0x06 +#define VM_RECLAIM_INIT 0x07 #define DBG_NETIP 1 #define DBG_NETARP 2 #define DBG_NETUDP 3 @@ -2108,6 +2242,7 @@ #define XATTR_NOSECURITY 0x0008 #define XATTR_NODEFAULT 0x0010 #define XATTR_SHOWCOMPRESSION 0x0020 +#define XATTR_NOFOLLOW_ANY 0x0040 #define XATTR_MAXNAMELEN 127 #define PR_SLOWHZ 2 #define PRC_IFDOWN 0 @@ -2141,6 +2276,7 @@ #define CTL_FLAG_REG_SOCK_STREAM 0x4 #define CTL_DATA_NOWAKEUP 0x1 #define CTL_DATA_EOR 0x2 +#define __has_safe_buffers 0 #define __DARWIN_ONLY_64_BIT_INO_T 0 #define __DARWIN_ONLY_UNIX_CONFORMANCE 0 #define __DARWIN_ONLY_VERS_1050 0 @@ -2478,7 +2614,8 @@ #define VQ_NEARLOWDISK 0x2000 #define VQ_DESIRED_DISK 0x4000 #define VQ_FREE_SPACE_CHANGE 0x8000 -#define VQ_FLAG10000 0x10000 +#define VQ_PURGEABLE_SPACE_CHANGE 0x10000 +#define VQ_FLAG20000 0x20000 #define VFS_IOATTR_FLAGS_FUA 0x00000001 #define VFS_IOATTR_FLAGS_UNMAP 0x00000002 #define VFS_IOATTR_FLAGS_SWAPPIN_SUPPORTED 0x00000010 @@ -2509,7 +2646,7 @@ #define NFSV4_MAX_FH_SIZE 128 #define NFSV3_MAX_FH_SIZE 64 #define NFSV2_MAX_FH_SIZE 32 -#define CRYPTEX_AUTH_STRUCT_VERSION 1 +#define CRYPTEX_AUTH_STRUCT_VERSION 2 #define EV_FD 1 #define EV_RE 1 #define EV_WR 2 @@ -2533,6 +2670,10 @@ #define KDEBUG_LEVEL_FULL 3 #define KDBG_FLAG_FILTERED 0x01 #define KDBG_FLAG_NOPROCFILT 0x02 +#define __DARWIN_LITTLE_ENDIAN 1234 +#define __DARWIN_BIG_ENDIAN 4321 +#define __DARWIN_PDP_ENDIAN 3412 +#define USE_CLANG_TYPES 0 #define __DARWIN_NULL 0 #define UBC_PUSHDIRTY 0x01 #define UBC_PUSHALL 0x02 @@ -3068,7 +3209,9 @@ #define SYS_mkfifoat 553 + 0x2000000 #define SYS_mknodat 554 + 0x2000000 #define SYS_ungraftdmg 555 + 0x2000000 -#define SYS_MAXSYSCALL 556 + 0x2000000 +#define SYS_coalition_policy_set 556 + 0x2000000 +#define SYS_coalition_policy_get 557 + 0x2000000 +#define SYS_MAXSYSCALL 558 + 0x2000000 #define SYS_invalid 63 + 0x2000000 #define SOCK_STREAM 1 #define SOCK_DGRAM 2 @@ -3116,6 +3259,7 @@ #define SO_NET_SERVICE_TYPE 0x1116 #define SO_NETSVC_MARKING_LEVEL 0x1119 #define SO_RESOLVER_SIGNATURE 0x1131 +#define SO_BINDTODEVICE 0x1134 #define NET_SERVICE_TYPE_BE 0 #define NET_SERVICE_TYPE_BK 1 #define NET_SERVICE_TYPE_SIG 2 diff --git a/pwnlib/data/includes/generator/linux/diet/riscv64/syscalls.h b/pwnlib/data/includes/generator/linux/diet/riscv64/syscalls.h new file mode 100644 index 000000000..b534afe81 --- /dev/null +++ b/pwnlib/data/includes/generator/linux/diet/riscv64/syscalls.h @@ -0,0 +1,304 @@ +#define __NR_io_setup 0 +#define __NR_io_destroy 1 +#define __NR_io_submit 2 +#define __NR_io_cancel 3 +#define __NR_io_getevents 4 +#define __NR_setxattr 5 +#define __NR_lsetxattr 6 +#define __NR_fsetxattr 7 +#define __NR_getxattr 8 +#define __NR_lgetxattr 9 +#define __NR_fgetxattr 10 +#define __NR_listxattr 11 +#define __NR_llistxattr 12 +#define __NR_flistxattr 13 +#define __NR_removexattr 14 +#define __NR_lremovexattr 15 +#define __NR_fremovexattr 16 +#define __NR_getcwd 17 +#define __NR_lookup_dcookie 18 +#define __NR_eventfd2 19 +#define __NR_epoll_create1 20 +#define __NR_epoll_ctl 21 +#define __NR_epoll_pwait 22 +#define __NR_dup 23 +#define __NR_dup3 24 +#define __NR_fcntl 25 +#define __NR_inotify_init1 26 +#define __NR_inotify_add_watch 27 +#define __NR_inotify_rm_watch 28 +#define __NR_ioctl 29 +#define __NR_ioprio_set 30 +#define __NR_ioprio_get 31 +#define __NR_flock 32 +#define __NR_mknodat 33 +#define __NR_mkdirat 34 +#define __NR_unlinkat 35 +#define __NR_symlinkat 36 +#define __NR_linkat 37 +#define __NR_umount2 39 +#define __NR_mount 40 +#define __NR_pivot_root 41 +#define __NR_nfsservctl 42 +#define __NR_statfs 43 +#define __NR_fstatfs 44 +#define __NR_truncate 45 +#define __NR_ftruncate 46 +#define __NR_fallocate 47 +#define __NR_faccessat 48 +#define __NR_chdir 49 +#define __NR_fchdir 50 +#define __NR_chroot 51 +#define __NR_fchmod 52 +#define __NR_fchmodat 53 +#define __NR_fchownat 54 +#define __NR_fchown 55 +#define __NR_openat 56 +#define __NR_close 57 +#define __NR_vhangup 58 +#define __NR_pipe2 59 +#define __NR_quotactl 60 +#define __NR_getdents64 61 +#define __NR_lseek 62 +#define __NR_read 63 +#define __NR_write 64 +#define __NR_readv 65 +#define __NR_writev 66 +#define __NR_pread64 67 +#define __NR_pwrite64 68 +#define __NR_preadv 69 +#define __NR_pwritev 70 +#define __NR_sendfile 71 +#define __NR_pselect6 72 +#define __NR_ppoll 73 +#define __NR_signalfd4 74 +#define __NR_vmsplice 75 +#define __NR_splice 76 +#define __NR_tee 77 +#define __NR_readlinkat 78 +#define __NR_newfstatat 79 +#define __NR_fstat 80 +#define __NR_sync 81 +#define __NR_fsync 82 +#define __NR_fdatasync 83 +#define __NR_sync_file_range 84 +#define __NR_timerfd_create 85 +#define __NR_timerfd_settime 86 +#define __NR_timerfd_gettime 87 +#define __NR_utimensat 88 +#define __NR_acct 89 +#define __NR_capget 90 +#define __NR_capset 91 +#define __NR_personality 92 +#define __NR_exit 93 +#define __NR_exit_group 94 +#define __NR_waitid 95 +#define __NR_set_tid_address 96 +#define __NR_unshare 97 +#define __NR_futex 98 +#define __NR_set_robust_list 99 +#define __NR_get_robust_list 100 +#define __NR_nanosleep 101 +#define __NR_getitimer 102 +#define __NR_setitimer 103 +#define __NR_kexec_load 104 +#define __NR_init_module 105 +#define __NR_delete_module 106 +#define __NR_timer_create 107 +#define __NR_timer_gettime 108 +#define __NR_timer_getoverrun 109 +#define __NR_timer_settime 110 +#define __NR_timer_delete 111 +#define __NR_clock_settime 112 +#define __NR_clock_gettime 113 +#define __NR_clock_getres 114 +#define __NR_clock_nanosleep 115 +#define __NR_syslog 116 +#define __NR_ptrace 117 +#define __NR_sched_setparam 118 +#define __NR_sched_setscheduler 119 +#define __NR_sched_getscheduler 120 +#define __NR_sched_getparam 121 +#define __NR_sched_setaffinity 122 +#define __NR_sched_getaffinity 123 +#define __NR_sched_yield 124 +#define __NR_sched_get_priority_max 125 +#define __NR_sched_get_priority_min 126 +#define __NR_sched_rr_get_interval 127 +#define __NR_restart_syscall 128 +#define __NR_kill 129 +#define __NR_tkill 130 +#define __NR_tgkill 131 +#define __NR_sigaltstack 132 +#define __NR_rt_sigsuspend 133 +#define __NR_rt_sigaction 134 +#define __NR_rt_sigprocmask 135 +#define __NR_rt_sigpending 136 +#define __NR_rt_sigtimedwait 137 +#define __NR_rt_sigqueueinfo 138 +#define __NR_rt_sigreturn 139 +#define __NR_setpriority 140 +#define __NR_getpriority 141 +#define __NR_reboot 142 +#define __NR_setregid 143 +#define __NR_setgid 144 +#define __NR_setreuid 145 +#define __NR_setuid 146 +#define __NR_setresuid 147 +#define __NR_getresuid 148 +#define __NR_setresgid 149 +#define __NR_getresgid 150 +#define __NR_setfsuid 151 +#define __NR_setfsgid 152 +#define __NR_times 153 +#define __NR_setpgid 154 +#define __NR_getpgid 155 +#define __NR_getsid 156 +#define __NR_setsid 157 +#define __NR_getgroups 158 +#define __NR_setgroups 159 +#define __NR_uname 160 +#define __NR_sethostname 161 +#define __NR_setdomainname 162 +#define __NR_getrlimit 163 +#define __NR_setrlimit 164 +#define __NR_getrusage 165 +#define __NR_umask 166 +#define __NR_prctl 167 +#define __NR_getcpu 168 +#define __NR_gettimeofday 169 +#define __NR_settimeofday 170 +#define __NR_adjtimex 171 +#define __NR_getpid 172 +#define __NR_getppid 173 +#define __NR_getuid 174 +#define __NR_geteuid 175 +#define __NR_getgid 176 +#define __NR_getegid 177 +#define __NR_gettid 178 +#define __NR_sysinfo 179 +#define __NR_mq_open 180 +#define __NR_mq_unlink 181 +#define __NR_mq_timedsend 182 +#define __NR_mq_timedreceive 183 +#define __NR_mq_notify 184 +#define __NR_mq_getsetattr 185 +#define __NR_msgget 186 +#define __NR_msgctl 187 +#define __NR_msgrcv 188 +#define __NR_msgsnd 189 +#define __NR_semget 190 +#define __NR_semctl 191 +#define __NR_semtimedop 192 +#define __NR_semop 193 +#define __NR_shmget 194 +#define __NR_shmctl 195 +#define __NR_shmat 196 +#define __NR_shmdt 197 +#define __NR_socket 198 +#define __NR_socketpair 199 +#define __NR_bind 200 +#define __NR_listen 201 +#define __NR_accept 202 +#define __NR_connect 203 +#define __NR_getsockname 204 +#define __NR_getpeername 205 +#define __NR_sendto 206 +#define __NR_recvfrom 207 +#define __NR_setsockopt 208 +#define __NR_getsockopt 209 +#define __NR_shutdown 210 +#define __NR_sendmsg 211 +#define __NR_recvmsg 212 +#define __NR_readahead 213 +#define __NR_brk 214 +#define __NR_munmap 215 +#define __NR_mremap 216 +#define __NR_add_key 217 +#define __NR_request_key 218 +#define __NR_keyctl 219 +#define __NR_clone 220 +#define __NR_execve 221 +#define __NR_mmap 222 +#define __NR_fadvise64 223 +#define __NR_swapon 224 +#define __NR_swapoff 225 +#define __NR_mprotect 226 +#define __NR_msync 227 +#define __NR_mlock 228 +#define __NR_munlock 229 +#define __NR_mlockall 230 +#define __NR_munlockall 231 +#define __NR_mincore 232 +#define __NR_madvise 233 +#define __NR_remap_file_pages 234 +#define __NR_mbind 235 +#define __NR_get_mempolicy 236 +#define __NR_set_mempolicy 237 +#define __NR_migrate_pages 238 +#define __NR_move_pages 239 +#define __NR_rt_tgsigqueueinfo 240 +#define __NR_perf_event_open 241 +#define __NR_accept4 242 +#define __NR_recvmmsg 243 +#define __NR_arch_specific_syscall 244 +#define __NR_wait4 260 +#define __NR_prlimit64 261 +#define __NR_fanotify_init 262 +#define __NR_fanotify_mark 263 +#define __NR_name_to_handle_at 264 +#define __NR_open_by_handle_at 265 +#define __NR_clock_adjtime 266 +#define __NR_syncfs 267 +#define __NR_setns 268 +#define __NR_sendmmsg 269 +#define __NR_process_vm_readv 270 +#define __NR_process_vm_writev 271 +#define __NR_kcmp 272 +#define __NR_finit_module 273 +#define __NR_sched_setattr 274 +#define __NR_sched_getattr 275 +#define __NR_renameat2 276 +#define __NR_seccomp 277 +#define __NR_getrandom 278 +#define __NR_memfd_create 279 +#define __NR_bpf 280 +#define __NR_execveat 281 +#define __NR_userfaultfd 282 +#define __NR_membarrier 283 +#define __NR_mlock2 284 +#define __NR_copy_file_range 285 +#define __NR_preadv2 286 +#define __NR_pwritev2 287 +#define __NR_pkey_mprotect 288 +#define __NR_pkey_alloc 289 +#define __NR_pkey_free 290 +#define __NR_statx 291 +#define __NR_io_pgetevents 292 +#define __NR_rseq 293 +#define __NR_kexec_file_load 294 +#define __NR_pidfd_send_signal 424 +#define __NR_io_uring_setup 425 +#define __NR_io_uring_enter 426 +#define __NR_io_uring_register 427 +#define __NR_open_tree 428 +#define __NR_move_mount 429 +#define __NR_fsopen 430 +#define __NR_fsconfig 431 +#define __NR_fsmount 432 +#define __NR_fspick 433 +#define __NR_pidfd_open 434 +#define __NR_clone3 435 +#define __NR_close_range 436 +#define __NR_openat2 437 +#define __NR_pidfd_getfd 438 +#define __NR_faccessat2 439 +#define __NR_process_madvise 440 +#define __NR_epoll_pwait2 441 +#define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 + +#define __NR_sysriscv __NR_arch_specific_syscall +#define __NR_riscv_flush_icache (__NR_sysriscv + 15) diff --git a/pwnlib/data/includes/generator/linux/riscv64.h b/pwnlib/data/includes/generator/linux/riscv64.h new file mode 100644 index 000000000..125c50648 --- /dev/null +++ b/pwnlib/data/includes/generator/linux/riscv64.h @@ -0,0 +1,4 @@ +// https://git.musl-libc.org/cgit/musl/plain/arch/riscv64/bits/syscall.h.in +#define __riscv64__ +#include +#include diff --git a/pwnlib/data/includes/generator/linux/syscall_map.h b/pwnlib/data/includes/generator/linux/syscall_map.h index 028ae0bfa..ec8bd658f 100644 --- a/pwnlib/data/includes/generator/linux/syscall_map.h +++ b/pwnlib/data/includes/generator/linux/syscall_map.h @@ -44,6 +44,7 @@ #define SYS_clone2 __NR_clone2 #define SYS_clone3 __NR_clone3 #define SYS_close __NR_close +#define SYS_close_range __NR_close_range #define SYS_connect __NR_connect #define SYS_copy_file_range __NR_copy_file_range #define SYS_creat __NR_creat @@ -58,6 +59,7 @@ #define SYS_epoll_ctl __NR_epoll_ctl #define SYS_epoll_ctl_old __NR_epoll_ctl_old #define SYS_epoll_pwait __NR_epoll_pwait +#define SYS_epoll_pwait2 __NR_epoll_pwait2 #define SYS_epoll_wait __NR_epoll_wait #define SYS_epoll_wait_old __NR_epoll_wait_old #define SYS_eventfd __NR_eventfd @@ -69,6 +71,7 @@ #define SYS_exit __NR_exit #define SYS_exit_group __NR_exit_group #define SYS_faccessat __NR_faccessat +#define SYS_faccessat2 __NR_faccessat2 #define SYS_fadvise64 __NR_fadvise64 #define SYS_fadvise64_64 __NR_fadvise64_64 #define SYS_fallocate __NR_fallocate @@ -191,6 +194,9 @@ #define SYS_kexec_load __NR_kexec_load #define SYS_keyctl __NR_keyctl #define SYS_kill __NR_kill +#define SYS_landlock_add_rule __NR_landlock_add_rule +#define SYS_landlock_create_ruleset __NR_landlock_create_ruleset +#define SYS_landlock_restrict_self __NR_landlock_restrict_self #define SYS_lchown __NR_lchown #define SYS_lchown32 __NR_lchown32 #define SYS_lgetxattr __NR_lgetxattr @@ -228,6 +234,7 @@ #define SYS_mmap2 __NR_mmap2 #define SYS_modify_ldt __NR_modify_ldt #define SYS_mount __NR_mount +#define SYS_mount_setattr __NR_mount_setattr #define SYS_move_mount __NR_move_mount #define SYS_move_pages __NR_move_pages #define SYS_mprotect __NR_mprotect @@ -402,6 +409,7 @@ #define SYS_preadv __NR_preadv #define SYS_preadv2 __NR_preadv2 #define SYS_prlimit64 __NR_prlimit64 +#define SYS_process_madvise __NR_process_madvise #define SYS_process_vm_readv __NR_process_vm_readv #define SYS_process_vm_writev __NR_process_vm_writev #define SYS_prof __NR_prof @@ -440,6 +448,7 @@ #define SYS_reserved221 __NR_reserved221 #define SYS_reserved82 __NR_reserved82 #define SYS_restart_syscall __NR_restart_syscall +#define SYS_riscv_flush_icache __NR_riscv_flush_icache #define SYS_rmdir __NR_rmdir #define SYS_rseq __NR_rseq #define SYS_rtas __NR_rtas @@ -572,6 +581,7 @@ #define SYS_sys_kexec_load __NR_sys_kexec_load #define SYS_syslog __NR_syslog #define SYS_sysmips __NR_sysmips +#define SYS_sysriscv __NR_sysriscv #define SYS_sys_setaltroot __NR_sys_setaltroot #define SYS_tee __NR_tee #define SYS_tgkill __NR_tgkill diff --git a/pwnlib/data/includes/linux/riscv64.h b/pwnlib/data/includes/linux/riscv64.h new file mode 100644 index 000000000..8151f8bd3 --- /dev/null +++ b/pwnlib/data/includes/linux/riscv64.h @@ -0,0 +1,1305 @@ +#define __NR_io_setup 0 +#define __NR_io_destroy 1 +#define __NR_io_submit 2 +#define __NR_io_cancel 3 +#define __NR_io_getevents 4 +#define __NR_setxattr 5 +#define __NR_lsetxattr 6 +#define __NR_fsetxattr 7 +#define __NR_getxattr 8 +#define __NR_lgetxattr 9 +#define __NR_fgetxattr 10 +#define __NR_listxattr 11 +#define __NR_llistxattr 12 +#define __NR_flistxattr 13 +#define __NR_removexattr 14 +#define __NR_lremovexattr 15 +#define __NR_fremovexattr 16 +#define __NR_getcwd 17 +#define __NR_lookup_dcookie 18 +#define __NR_eventfd2 19 +#define __NR_epoll_create1 20 +#define __NR_epoll_ctl 21 +#define __NR_epoll_pwait 22 +#define __NR_dup 23 +#define __NR_dup3 24 +#define __NR_fcntl 25 +#define __NR_inotify_init1 26 +#define __NR_inotify_add_watch 27 +#define __NR_inotify_rm_watch 28 +#define __NR_ioctl 29 +#define __NR_ioprio_set 30 +#define __NR_ioprio_get 31 +#define __NR_flock 32 +#define __NR_mknodat 33 +#define __NR_mkdirat 34 +#define __NR_unlinkat 35 +#define __NR_symlinkat 36 +#define __NR_linkat 37 +#define __NR_umount2 39 +#define __NR_mount 40 +#define __NR_pivot_root 41 +#define __NR_nfsservctl 42 +#define __NR_statfs 43 +#define __NR_fstatfs 44 +#define __NR_truncate 45 +#define __NR_ftruncate 46 +#define __NR_fallocate 47 +#define __NR_faccessat 48 +#define __NR_chdir 49 +#define __NR_fchdir 50 +#define __NR_chroot 51 +#define __NR_fchmod 52 +#define __NR_fchmodat 53 +#define __NR_fchownat 54 +#define __NR_fchown 55 +#define __NR_openat 56 +#define __NR_close 57 +#define __NR_vhangup 58 +#define __NR_pipe2 59 +#define __NR_quotactl 60 +#define __NR_getdents64 61 +#define __NR_lseek 62 +#define __NR_read 63 +#define __NR_write 64 +#define __NR_readv 65 +#define __NR_writev 66 +#define __NR_pread64 67 +#define __NR_pwrite64 68 +#define __NR_preadv 69 +#define __NR_pwritev 70 +#define __NR_sendfile 71 +#define __NR_pselect6 72 +#define __NR_ppoll 73 +#define __NR_signalfd4 74 +#define __NR_vmsplice 75 +#define __NR_splice 76 +#define __NR_tee 77 +#define __NR_readlinkat 78 +#define __NR_newfstatat 79 +#define __NR_fstat 80 +#define __NR_sync 81 +#define __NR_fsync 82 +#define __NR_fdatasync 83 +#define __NR_sync_file_range 84 +#define __NR_timerfd_create 85 +#define __NR_timerfd_settime 86 +#define __NR_timerfd_gettime 87 +#define __NR_utimensat 88 +#define __NR_acct 89 +#define __NR_capget 90 +#define __NR_capset 91 +#define __NR_personality 92 +#define __NR_exit 93 +#define __NR_exit_group 94 +#define __NR_waitid 95 +#define __NR_set_tid_address 96 +#define __NR_unshare 97 +#define __NR_futex 98 +#define __NR_set_robust_list 99 +#define __NR_get_robust_list 100 +#define __NR_nanosleep 101 +#define __NR_getitimer 102 +#define __NR_setitimer 103 +#define __NR_kexec_load 104 +#define __NR_init_module 105 +#define __NR_delete_module 106 +#define __NR_timer_create 107 +#define __NR_timer_gettime 108 +#define __NR_timer_getoverrun 109 +#define __NR_timer_settime 110 +#define __NR_timer_delete 111 +#define __NR_clock_settime 112 +#define __NR_clock_gettime 113 +#define __NR_clock_getres 114 +#define __NR_clock_nanosleep 115 +#define __NR_syslog 116 +#define __NR_ptrace 117 +#define __NR_sched_setparam 118 +#define __NR_sched_setscheduler 119 +#define __NR_sched_getscheduler 120 +#define __NR_sched_getparam 121 +#define __NR_sched_setaffinity 122 +#define __NR_sched_getaffinity 123 +#define __NR_sched_yield 124 +#define __NR_sched_get_priority_max 125 +#define __NR_sched_get_priority_min 126 +#define __NR_sched_rr_get_interval 127 +#define __NR_restart_syscall 128 +#define __NR_kill 129 +#define __NR_tkill 130 +#define __NR_tgkill 131 +#define __NR_sigaltstack 132 +#define __NR_rt_sigsuspend 133 +#define __NR_rt_sigaction 134 +#define __NR_rt_sigprocmask 135 +#define __NR_rt_sigpending 136 +#define __NR_rt_sigtimedwait 137 +#define __NR_rt_sigqueueinfo 138 +#define __NR_rt_sigreturn 139 +#define __NR_setpriority 140 +#define __NR_getpriority 141 +#define __NR_reboot 142 +#define __NR_setregid 143 +#define __NR_setgid 144 +#define __NR_setreuid 145 +#define __NR_setuid 146 +#define __NR_setresuid 147 +#define __NR_getresuid 148 +#define __NR_setresgid 149 +#define __NR_getresgid 150 +#define __NR_setfsuid 151 +#define __NR_setfsgid 152 +#define __NR_times 153 +#define __NR_setpgid 154 +#define __NR_getpgid 155 +#define __NR_getsid 156 +#define __NR_setsid 157 +#define __NR_getgroups 158 +#define __NR_setgroups 159 +#define __NR_uname 160 +#define __NR_sethostname 161 +#define __NR_setdomainname 162 +#define __NR_getrlimit 163 +#define __NR_setrlimit 164 +#define __NR_getrusage 165 +#define __NR_umask 166 +#define __NR_prctl 167 +#define __NR_getcpu 168 +#define __NR_gettimeofday 169 +#define __NR_settimeofday 170 +#define __NR_adjtimex 171 +#define __NR_getpid 172 +#define __NR_getppid 173 +#define __NR_getuid 174 +#define __NR_geteuid 175 +#define __NR_getgid 176 +#define __NR_getegid 177 +#define __NR_gettid 178 +#define __NR_sysinfo 179 +#define __NR_mq_open 180 +#define __NR_mq_unlink 181 +#define __NR_mq_timedsend 182 +#define __NR_mq_timedreceive 183 +#define __NR_mq_notify 184 +#define __NR_mq_getsetattr 185 +#define __NR_msgget 186 +#define __NR_msgctl 187 +#define __NR_msgrcv 188 +#define __NR_msgsnd 189 +#define __NR_semget 190 +#define __NR_semctl 191 +#define __NR_semtimedop 192 +#define __NR_semop 193 +#define __NR_shmget 194 +#define __NR_shmctl 195 +#define __NR_shmat 196 +#define __NR_shmdt 197 +#define __NR_socket 198 +#define __NR_socketpair 199 +#define __NR_bind 200 +#define __NR_listen 201 +#define __NR_accept 202 +#define __NR_connect 203 +#define __NR_getsockname 204 +#define __NR_getpeername 205 +#define __NR_sendto 206 +#define __NR_recvfrom 207 +#define __NR_setsockopt 208 +#define __NR_getsockopt 209 +#define __NR_shutdown 210 +#define __NR_sendmsg 211 +#define __NR_recvmsg 212 +#define __NR_readahead 213 +#define __NR_brk 214 +#define __NR_munmap 215 +#define __NR_mremap 216 +#define __NR_add_key 217 +#define __NR_request_key 218 +#define __NR_keyctl 219 +#define __NR_clone 220 +#define __NR_execve 221 +#define __NR_mmap 222 +#define __NR_fadvise64 223 +#define __NR_swapon 224 +#define __NR_swapoff 225 +#define __NR_mprotect 226 +#define __NR_msync 227 +#define __NR_mlock 228 +#define __NR_munlock 229 +#define __NR_mlockall 230 +#define __NR_munlockall 231 +#define __NR_mincore 232 +#define __NR_madvise 233 +#define __NR_remap_file_pages 234 +#define __NR_mbind 235 +#define __NR_get_mempolicy 236 +#define __NR_set_mempolicy 237 +#define __NR_migrate_pages 238 +#define __NR_move_pages 239 +#define __NR_rt_tgsigqueueinfo 240 +#define __NR_perf_event_open 241 +#define __NR_accept4 242 +#define __NR_recvmmsg 243 +#define __NR_arch_specific_syscall 244 +#define __NR_wait4 260 +#define __NR_prlimit64 261 +#define __NR_fanotify_init 262 +#define __NR_fanotify_mark 263 +#define __NR_name_to_handle_at 264 +#define __NR_open_by_handle_at 265 +#define __NR_clock_adjtime 266 +#define __NR_syncfs 267 +#define __NR_setns 268 +#define __NR_sendmmsg 269 +#define __NR_process_vm_readv 270 +#define __NR_process_vm_writev 271 +#define __NR_kcmp 272 +#define __NR_finit_module 273 +#define __NR_sched_setattr 274 +#define __NR_sched_getattr 275 +#define __NR_renameat2 276 +#define __NR_seccomp 277 +#define __NR_getrandom 278 +#define __NR_memfd_create 279 +#define __NR_bpf 280 +#define __NR_execveat 281 +#define __NR_userfaultfd 282 +#define __NR_membarrier 283 +#define __NR_mlock2 284 +#define __NR_copy_file_range 285 +#define __NR_preadv2 286 +#define __NR_pwritev2 287 +#define __NR_pkey_mprotect 288 +#define __NR_pkey_alloc 289 +#define __NR_pkey_free 290 +#define __NR_statx 291 +#define __NR_io_pgetevents 292 +#define __NR_rseq 293 +#define __NR_kexec_file_load 294 +#define __NR_pidfd_send_signal 424 +#define __NR_io_uring_setup 425 +#define __NR_io_uring_enter 426 +#define __NR_io_uring_register 427 +#define __NR_open_tree 428 +#define __NR_move_mount 429 +#define __NR_fsopen 430 +#define __NR_fsconfig 431 +#define __NR_fsmount 432 +#define __NR_fspick 433 +#define __NR_pidfd_open 434 +#define __NR_clone3 435 +#define __NR_close_range 436 +#define __NR_openat2 437 +#define __NR_pidfd_getfd 438 +#define __NR_faccessat2 439 +#define __NR_process_madvise 440 +#define __NR_epoll_pwait2 441 +#define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 +#define __NR_sysriscv 244 +#define __NR_riscv_flush_icache (244 + 15) +#define MAP_32BIT 0x40 +#define INADDR_ANY 0 +#define INADDR_BROADCAST 0xffffffff +#define INADDR_NONE 0xffffffff +#define INADDR_LOOPBACK 0x7f000001 +#define EPERM 1 +#define ENOENT 2 +#define ESRCH 3 +#define EINTR 4 +#define EIO 5 +#define ENXIO 6 +#define E2BIG 7 +#define ENOEXEC 8 +#define EBADF 9 +#define ECHILD 10 +#define EAGAIN 11 +#define ENOMEM 12 +#define EACCES 13 +#define EFAULT 14 +#define ENOTBLK 15 +#define EBUSY 16 +#define EEXIST 17 +#define EXDEV 18 +#define ENODEV 19 +#define ENOTDIR 20 +#define EISDIR 21 +#define EINVAL 22 +#define ENFILE 23 +#define EMFILE 24 +#define ENOTTY 25 +#define ETXTBSY 26 +#define EFBIG 27 +#define ENOSPC 28 +#define ESPIPE 29 +#define EROFS 30 +#define EMLINK 31 +#define EPIPE 32 +#define EDOM 33 +#define ERANGE 34 +#define EDEADLK 35 +#define ENAMETOOLONG 36 +#define ENOLCK 37 +#define ENOSYS 38 +#define ENOTEMPTY 39 +#define ELOOP 40 +#define EWOULDBLOCK 11 +#define ENOMSG 42 +#define EIDRM 43 +#define ECHRNG 44 +#define EL2NSYNC 45 +#define EL3HLT 46 +#define EL3RST 47 +#define ELNRNG 48 +#define EUNATCH 49 +#define ENOCSI 50 +#define EL2HLT 51 +#define EBADE 52 +#define EBADR 53 +#define EXFULL 54 +#define ENOANO 55 +#define EBADRQC 56 +#define EBADSLT 57 +#define EDEADLOCK 35 +#define EBFONT 59 +#define ENOSTR 60 +#define ENODATA 61 +#define ETIME 62 +#define ENOSR 63 +#define ENONET 64 +#define ENOPKG 65 +#define EREMOTE 66 +#define ENOLINK 67 +#define EADV 68 +#define ESRMNT 69 +#define ECOMM 70 +#define EPROTO 71 +#define EMULTIHOP 72 +#define EDOTDOT 73 +#define EBADMSG 74 +#define EOVERFLOW 75 +#define ENOTUNIQ 76 +#define EBADFD 77 +#define EREMCHG 78 +#define ELIBACC 79 +#define ELIBBAD 80 +#define ELIBSCN 81 +#define ELIBMAX 82 +#define ELIBEXEC 83 +#define EILSEQ 84 +#define ERESTART 85 +#define ESTRPIPE 86 +#define EUSERS 87 +#define ENOTSOCK 88 +#define EDESTADDRREQ 89 +#define EMSGSIZE 90 +#define EPROTOTYPE 91 +#define ENOPROTOOPT 92 +#define EPROTONOSUPPORT 93 +#define ESOCKTNOSUPPORT 94 +#define EOPNOTSUPP 95 +#define ENOTSUP 95 +#define EPFNOSUPPORT 96 +#define EAFNOSUPPORT 97 +#define EADDRINUSE 98 +#define EADDRNOTAVAIL 99 +#define ENETDOWN 100 +#define ENETUNREACH 101 +#define ENETRESET 102 +#define ECONNABORTED 103 +#define ECONNRESET 104 +#define ENOBUFS 105 +#define EISCONN 106 +#define ENOTCONN 107 +#define ESHUTDOWN 108 +#define ETOOMANYREFS 109 +#define ETIMEDOUT 110 +#define ECONNREFUSED 111 +#define EHOSTDOWN 112 +#define EHOSTUNREACH 113 +#define EALREADY 114 +#define EINPROGRESS 115 +#define ESTALE 116 +#define EUCLEAN 117 +#define ENOTNAM 118 +#define ENAVAIL 119 +#define EISNAM 120 +#define EREMOTEIO 121 +#define EDQUOT 122 +#define ENOMEDIUM 123 +#define EMEDIUMTYPE 124 +#define ECANCELED 125 +#define ENOKEY 126 +#define EKEYEXPIRED 127 +#define EKEYREVOKED 128 +#define EKEYREJECTED 129 +#define EOWNERDEAD 130 +#define ENOTRECOVERABLE 131 +#define ERFKILL 132 +#define EHWPOISON 133 +#define __SYS_NERR ((133) + 1) +#define __LITTLE_ENDIAN 1234 +#define __BIG_ENDIAN 4321 +#define __BYTE_ORDER 4321 +#define __FLOAT_WORD_ORDER 4321 +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#define BYTE_ORDER 4321 +#define __WORDSIZE 32 +#define INT8_MAX (127) +#define INT16_MAX (32767) +#define INT32_MAX (2147483647) +#define INT64_MAX (9223372036854775807) +#define INT8_MIN (-1 - (127)) +#define INT16_MIN (-1 - (32767)) +#define INT32_MIN (-1 - (2147483647)) +#define INT64_MIN (-1 - (9223372036854775807)) +#define INT_LEAST8_MAX (127) +#define INT_LEAST8_MIN (-1 - (127)) +#define INT_LEAST16_MAX (32767) +#define INT_LEAST16_MIN (-1 - (32767)) +#define INT_LEAST32_MAX (2147483647) +#define INT_LEAST32_MIN (-1 - (2147483647)) +#define INT_LEAST64_MAX (9223372036854775807) +#define INT_LEAST64_MIN (-1 - (9223372036854775807)) +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffff +#define UINT64_MAX 0xffffffffffffffff +#define UINT_LEAST8_MAX 0xff +#define UINT_LEAST16_MAX 0xffff +#define UINT_LEAST32_MAX 0xffffffff +#define UINT_LEAST64_MAX 0xffffffffffffffff +#define INTPTR_MIN (-1 - (2147483647)) +#define INTPTR_MAX (2147483647) +#define UINTPTR_MAX 0xffffffff +#define SIZE_MAX 0xffffffff +#define PTRDIFF_MIN (-1 - (2147483647)) +#define PTRDIFF_MAX (2147483647) +#define INTMAX_MIN (-1 - (9223372036854775807)) +#define INTMAX_MAX (9223372036854775807) +#define UINTMAX_MAX 0xffffffffffffffff +#define INT_FAST8_MIN (-1 - (127)) +#define INT_FAST8_MAX (127) +#define INT_FAST64_MIN (-1 - (9223372036854775807)) +#define INT_FAST64_MAX (9223372036854775807) +#define UINT_FAST8_MAX 0xff +#define UINT_FAST64_MAX 0xffffffffffffffff +#define INT_FAST16_MIN (-1 - (2147483647)) +#define INT_FAST16_MAX (2147483647) +#define UINT_FAST16_MAX 0xffffffff +#define INT_FAST32_MIN (-1 - (2147483647)) +#define INT_FAST32_MAX (2147483647) +#define UINT_FAST32_MAX 0xffffffff +#define WINT_MIN 0 +#define __FSUID_H 1 +#define NSIG 32 +#define _NSIG 65 +#define SIGHUP 1 +#define SIGINT 2 +#define SIGQUIT 3 +#define SIGILL 4 +#define SIGTRAP 5 +#define SIGABRT 6 +#define SIGIOT 6 +#define SIGFPE 8 +#define SIGKILL 9 +#define SIGSEGV 11 +#define SIGPIPE 13 +#define SIGALRM 14 +#define SIGTERM 15 +#define SIGUNUSED 31 +#define SIGRTMIN 32 +#define SIGRTMAX (65-1) +#define SA_NOCLDSTOP 0x00000001 +#define SA_NOCLDWAIT 0x00000002 +#define SA_SIGINFO 0x00000004 +#define SA_RESTORER 0x04000000 +#define SA_ONSTACK 0x08000000 +#define SA_RESTART 0x10000000 +#define SA_INTERRUPT 0x20000000 +#define SA_NODEFER 0x40000000 +#define SA_RESETHAND 0x80000000 +#define SA_NOMASK 0x40000000 +#define SA_ONESHOT 0x80000000 +#define SS_ONSTACK 1 +#define SS_DISABLE 2 +#define MINSIGSTKSZ 2048 +#define SIGSTKSZ 8192 +#define SIG_BLOCK 0 +#define SIG_UNBLOCK 1 +#define SIG_SETMASK 2 +#define SI_MAX_SIZE 128 +#define SIGEV_SIGNAL 0 +#define SIGEV_NONE 1 +#define SIGEV_THREAD 2 +#define SIGEV_THREAD_ID 4 +#define SIGEV_MAX_SIZE 64 +#define _SYS_TIME_H 1 +#define ITIMER_REAL 0 +#define ITIMER_VIRTUAL 1 +#define ITIMER_PROF 2 +#define FD_SETSIZE 1024 +#define R_OK 4 +#define W_OK 2 +#define X_OK 1 +#define F_OK 0 +#define SEEK_SET 0 +#define SEEK_CUR 1 +#define SEEK_END 2 +#define STDIN_FILENO 0 +#define STDOUT_FILENO 1 +#define STDERR_FILENO 2 +#define _CS_PATH 1 +#define _SC_CLK_TCK 1 +#define _SC_ARG_MAX 2 +#define _SC_NGROUPS_MAX 3 +#define _SC_OPEN_MAX 4 +#define _SC_PAGESIZE 5 +#define _SC_NPROCESSORS_ONLN 6 +#define _SC_NPROCESSORS_CONF 6 +#define _SC_PHYS_PAGES 7 +#define _SC_GETPW_R_SIZE_MAX 8 +#define _SC_GETGR_R_SIZE_MAX 9 +#define _PC_PATH_MAX 1 +#define _PC_VDISABLE 2 +#define L_cuserid 17 +#define _POSIX_VERSION 199506 +#define F_ULOCK 0 +#define F_LOCK 1 +#define F_TLOCK 2 +#define F_TEST 3 +#define _POSIX_MAPPED_FILES 200809 +#define S_IFMT 0xf000 +#define S_IFSOCK 0xc000 +#define S_IFLNK 0xa000 +#define S_IFREG 0x8000 +#define S_IFBLK 0x6000 +#define S_IFDIR 0x4000 +#define S_IFCHR 0x2000 +#define S_IFIFO 0x1000 +#define S_ISUID 0x800 +#define S_ISGID 0x400 +#define S_ISVTX 0x200 +#define S_IRWXU 0x1c0 +#define S_IRUSR 0x100 +#define S_IWUSR 0x80 +#define S_IXUSR 0x40 +#define S_IRWXG 0x38 +#define S_IRGRP 0x20 +#define S_IWGRP 0x10 +#define S_IXGRP 0x8 +#define S_IRWXO 0x7 +#define S_IROTH 0x4 +#define S_IWOTH 0x2 +#define S_IXOTH 0x1 +#define S_IREAD 0x100 +#define S_IWRITE 0x80 +#define S_IEXEC 0x40 +#define _SYS_UIO 1 +#define SOL_SOCKET 1 +#define SO_DEBUG 1 +#define SO_REUSEADDR 2 +#define SO_TYPE 3 +#define SO_ERROR 4 +#define SO_DONTROUTE 5 +#define SO_BROADCAST 6 +#define SO_SNDBUF 7 +#define SO_RCVBUF 8 +#define SO_KEEPALIVE 9 +#define SO_OOBINLINE 10 +#define SO_NO_CHECK 11 +#define SO_PRIORITY 12 +#define SO_LINGER 13 +#define SO_BSDCOMPAT 14 +#define SO_REUSEPORT 15 +#define SO_PASSCRED 16 +#define SO_PEERCRED 17 +#define SO_RCVLOWAT 18 +#define SO_SNDLOWAT 19 +#define SO_RCVTIMEO 20 +#define SO_SNDTIMEO 21 +#define SO_SECURITY_AUTHENTICATION 22 +#define SO_SECURITY_ENCRYPTION_TRANSPORT 23 +#define SO_SECURITY_ENCRYPTION_NETWORK 24 +#define SO_BINDTODEVICE 25 +#define SO_ATTACH_FILTER 26 +#define SO_DETACH_FILTER 27 +#define SO_GET_FILTER 26 +#define SO_PEERNAME 28 +#define SO_TIMESTAMP 29 +#define SCM_TIMESTAMP 29 +#define SO_ACCEPTCONN 30 +#define SO_PEERSEC 31 +#define SO_SNDBUFFORCE 32 +#define SO_RCVBUFFORCE 33 +#define SO_PASSSEC 34 +#define SO_TIMESTAMPNS 35 +#define SCM_TIMESTAMPNS 35 +#define SO_MARK 36 +#define SO_TIMESTAMPING 37 +#define SCM_TIMESTAMPING 37 +#define SO_PROTOCOL 38 +#define SO_DOMAIN 39 +#define SO_RXQ_OVFL 40 +#define SO_WIFI_STATUS 41 +#define SCM_WIFI_STATUS 41 +#define SO_PEEK_OFF 42 +#define SO_NOFCS 43 +#define SO_LOCK_FILTER 44 +#define SO_SELECT_ERR_QUEUE 45 +#define SO_BUSY_POLL 46 +#define SO_MAX_PACING_RATE 47 +#define SO_BPF_EXTENSIONS 48 +#define SO_INCOMING_CPU 49 +#define SO_ATTACH_BPF 50 +#define SO_DETACH_BPF 27 +#define SO_ATTACH_REUSEPORT_CBPF 51 +#define SO_ATTACH_REUSEPORT_EBPF 52 +#define SO_CNX_ADVICE 53 +#define SCM_TIMESTAMPING_OPT_STATS 54 +#define SO_MEMINFO 55 +#define SO_INCOMING_NAPI_ID 56 +#define SO_COOKIE 57 +#define SCM_TIMESTAMPING_PKTINFO 58 +#define SO_PEERGROUPS 59 +#define SO_ZEROCOPY 60 +#define SOCK_STREAM 1 +#define SOCK_DGRAM 2 +#define SOCK_RAW 3 +#define SOCK_RDM 4 +#define SOCK_SEQPACKET 5 +#define SOCK_DCCP 6 +#define SOCK_PACKET 10 +#define UIO_FASTIOV 8 +#define UIO_MAXIOV 1024 +#define SCM_RIGHTS 0x01 +#define SCM_CREDENTIALS 0x02 +#define SCM_CONNECT 0x03 +#define AF_UNSPEC 0 +#define AF_UNIX 1 +#define AF_LOCAL 1 +#define AF_INET 2 +#define AF_AX25 3 +#define AF_IPX 4 +#define AF_APPLETALK 5 +#define AF_NETROM 6 +#define AF_BRIDGE 7 +#define AF_ATMPVC 8 +#define AF_X25 9 +#define AF_INET6 10 +#define AF_ROSE 11 +#define AF_DECnet 12 +#define AF_NETBEUI 13 +#define AF_SECURITY 14 +#define AF_KEY 15 +#define AF_NETLINK 16 +#define AF_ROUTE 16 +#define AF_PACKET 17 +#define AF_ASH 18 +#define AF_ECONET 19 +#define AF_ATMSVC 20 +#define AF_SNA 22 +#define AF_IRDA 23 +#define AF_PPPOX 24 +#define AF_WANPIPE 25 +#define AF_LLC 26 +#define AF_IB 27 +#define AF_MPLS 28 +#define AF_CAN 29 +#define AF_TIPC 30 +#define AF_BLUETOOTH 31 +#define AF_IUCV 32 +#define AF_RXRPC 33 +#define AF_ISDN 34 +#define AF_PHONET 35 +#define AF_IEEE802154 36 +#define AF_CAIF 37 +#define AF_ALG 38 +#define AF_NFC 39 +#define AF_VSOCK 40 +#define AF_KCM 41 +#define AF_QIPCRTR 42 +#define AF_SMC 43 +#define AF_MAX 44 +#define PF_UNSPEC 0 +#define PF_UNIX 1 +#define PF_LOCAL 1 +#define PF_INET 2 +#define PF_AX25 3 +#define PF_IPX 4 +#define PF_APPLETALK 5 +#define PF_NETROM 6 +#define PF_BRIDGE 7 +#define PF_ATMPVC 8 +#define PF_X25 9 +#define PF_INET6 10 +#define PF_ROSE 11 +#define PF_DECnet 12 +#define PF_NETBEUI 13 +#define PF_SECURITY 14 +#define PF_KEY 15 +#define PF_NETLINK 16 +#define PF_ROUTE 16 +#define PF_PACKET 17 +#define PF_ASH 18 +#define PF_ECONET 19 +#define PF_ATMSVC 20 +#define PF_SNA 22 +#define PF_IRDA 23 +#define PF_PPPOX 24 +#define PF_WANPIPE 25 +#define PF_LLC 26 +#define PF_IB 27 +#define PF_MPLS 28 +#define PF_CAN 29 +#define PF_TIPC 30 +#define PF_BLUETOOTH 31 +#define PF_IUCV 32 +#define PF_RXRPC 33 +#define PF_ISDN 34 +#define PF_PHONET 35 +#define PF_IEEE802154 36 +#define PF_CAIF 37 +#define PF_ALG 38 +#define PF_NFC 39 +#define PF_VSOCK 40 +#define PF_KCM 41 +#define PF_QIPCRTR 42 +#define PF_SMC 43 +#define PF_MAX 44 +#define SOMAXCONN 128 +#define MSG_OOB 1 +#define MSG_PEEK 2 +#define MSG_DONTROUTE 4 +#define MSG_TRYHARD 4 +#define MSG_CTRUNC 8 +#define MSG_PROBE 0x10 +#define MSG_TRUNC 0x20 +#define MSG_DONTWAIT 0x40 +#define MSG_EOR 0x80 +#define MSG_WAITALL 0x100 +#define MSG_FIN 0x200 +#define MSG_SYN 0x400 +#define MSG_CONFIRM 0x800 +#define MSG_RST 0x1000 +#define MSG_ERRQUEUE 0x2000 +#define MSG_NOSIGNAL 0x4000 +#define MSG_MORE 0x8000 +#define MSG_WAITFORONE 0x10000 +#define MSG_SENDPAGE_NOTLAST 0x20000 +#define MSG_BATCH 0x40000 +#define MSG_EOF 0x200 +#define MSG_ZEROCOPY 0x4000000 +#define MSG_FASTOPEN 0x20000000 +#define MSG_CMSG_CLOEXEC 0x40000000 +#define SOL_IP 0 +#define SOL_TCP 6 +#define SOL_UDP 17 +#define SOL_IPV6 41 +#define SOL_ICMPV6 58 +#define SOL_SCTP 132 +#define SOL_UDPLITE 136 +#define SOL_RAW 255 +#define SOL_IPX 256 +#define SOL_AX25 257 +#define SOL_ATALK 258 +#define SOL_NETROM 259 +#define SOL_ROSE 260 +#define SOL_DECNET 261 +#define SOL_X25 262 +#define SOL_PACKET 263 +#define SOL_ATM 264 +#define SOL_AAL 265 +#define SOL_IRDA 266 +#define SOL_NETBEUI 267 +#define SOL_LLC 268 +#define SOL_DCCP 269 +#define SOL_NETLINK 270 +#define SOL_TIPC 271 +#define SOL_RXRPC 272 +#define SOL_PPPOL2TP 273 +#define SOL_BLUETOOTH 274 +#define SOL_PNPIPE 275 +#define SOL_RDS 276 +#define SOL_IUCV 277 +#define SOL_CAIF 278 +#define SOL_ALG 279 +#define SOL_NFC 280 +#define SOL_KCM 281 +#define SOL_TLS 282 +#define IPX_TYPE 1 +#define SHUT_RD 0 +#define SHUT_WR 1 +#define SHUT_RDWR 2 +#define NI_NOFQDN 1 +#define NI_NUMERICHOST 2 +#define NI_NAMEREQD 4 +#define NI_NUMERICSERV 8 +#define NI_DGRAM 16 +#define EAI_FAMILY -1 +#define EAI_SOCKTYPE -2 +#define EAI_BADFLAGS -3 +#define EAI_NONAME -4 +#define EAI_SERVICE -5 +#define EAI_ADDRFAMILY -6 +#define EAI_NODATA -7 +#define EAI_MEMORY -8 +#define EAI_FAIL -9 +#define EAI_AGAIN -10 +#define EAI_SYSTEM -11 +#define AI_NUMERICHOST 1 +#define AI_CANONNAME 2 +#define AI_PASSIVE 4 +#define AI_NUMERICSERV 8 +#define AI_ADDRCONFIG 16 +#define AI_V4MAPPED 32 +#define AI_ALL 64 +#define SIOCADDRT 0x890B +#define SIOCDELRT 0x890C +#define SIOCRTMSG 0x890D +#define SIOCGIFNAME 0x8910 +#define SIOCSIFLINK 0x8911 +#define SIOCGIFCONF 0x8912 +#define SIOCGIFFLAGS 0x8913 +#define SIOCSIFFLAGS 0x8914 +#define SIOCGIFADDR 0x8915 +#define SIOCSIFADDR 0x8916 +#define SIOCGIFDSTADDR 0x8917 +#define SIOCSIFDSTADDR 0x8918 +#define SIOCGIFBRDADDR 0x8919 +#define SIOCSIFBRDADDR 0x891a +#define SIOCGIFNETMASK 0x891b +#define SIOCSIFNETMASK 0x891c +#define SIOCGIFMETRIC 0x891d +#define SIOCSIFMETRIC 0x891e +#define SIOCGIFMEM 0x891f +#define SIOCSIFMEM 0x8920 +#define SIOCGIFMTU 0x8921 +#define SIOCSIFMTU 0x8922 +#define SIOCSIFNAME 0x8923 +#define SIOCSIFHWADDR 0x8924 +#define SIOCGIFENCAP 0x8925 +#define SIOCSIFENCAP 0x8926 +#define SIOCGIFHWADDR 0x8927 +#define SIOCGIFSLAVE 0x8929 +#define SIOCSIFSLAVE 0x8930 +#define SIOCADDMULTI 0x8931 +#define SIOCDELMULTI 0x8932 +#define SIOCGIFINDEX 0x8933 +#define SIOGIFINDEX 0x8933 +#define SIOCSIFPFLAGS 0x8934 +#define SIOCGIFPFLAGS 0x8935 +#define SIOCDIFADDR 0x8936 +#define SIOCSIFHWBROADCAST 0x8937 +#define SIOCGIFCOUNT 0x8938 +#define SIOCGIFBR 0x8940 +#define SIOCSIFBR 0x8941 +#define SIOCGIFTXQLEN 0x8942 +#define SIOCSIFTXQLEN 0x8943 +#define SIOCGIFDIVERT 0x8944 +#define SIOCSIFDIVERT 0x8945 +#define SIOCETHTOOL 0x8946 +#define SIOCDARP 0x8953 +#define SIOCGARP 0x8954 +#define SIOCSARP 0x8955 +#define SIOCDRARP 0x8960 +#define SIOCGRARP 0x8961 +#define SIOCSRARP 0x8962 +#define SIOCGIFMAP 0x8970 +#define SIOCSIFMAP 0x8971 +#define SIOCADDDLCI 0x8980 +#define SIOCDELDLCI 0x8981 +#define SIOCDEVPRIVATE 0x89F0 +#define F_LINUX_SPECIFIC_BASE 1024 +#define F_SETOWN_EX 15 +#define F_GETOWN_EX 16 +#define F_GETOWNER_UIDS 17 +#define F_OFD_GETLK 36 +#define F_OFD_SETLK 37 +#define F_OFD_SETLKW 38 +#define F_OWNER_TID 0 +#define F_OWNER_PID 1 +#define F_OWNER_PGRP 2 +#define AT_FDCWD -100 +#define AT_SYMLINK_NOFOLLOW 0x100 +#define AT_REMOVEDIR 0x200 +#define AT_SYMLINK_FOLLOW 0x400 +#define AT_NO_AUTOMOUNT 0x800 +#define AT_EMPTY_PATH 0x1000 +#define AT_EACCESS 0x200 +#define MREMAP_MAYMOVE 1 +#define MREMAP_FIXED 2 +#define PROT_READ 0x1 +#define PROT_WRITE 0x2 +#define PROT_EXEC 0x4 +#define PROT_SEM 0x8 +#define PROT_NONE 0x0 +#define PROT_GROWSDOWN 0x01000000 +#define PROT_GROWSUP 0x02000000 +#define MAP_SHARED 0x01 +#define MAP_PRIVATE 0x02 +#define MAP_TYPE 0xf +#define MADV_REMOVE 9 +#define MADV_DONTFORK 10 +#define MADV_DOFORK 11 +#define MADV_MERGEABLE 12 +#define MADV_UNMERGEABLE 13 +#define MADV_HUGEPAGE 14 +#define MADV_NOHUGEPAGE 15 +#define MADV_DONTDUMP 16 +#define MADV_DODUMP 17 +#define MADV_HWPOISON 100 +#define MADV_SOFT_OFFLINE 101 +#define MLOCK_ONFAULT 1 +#define MAP_FILE 0 +#define PTRACE_TRACEME 0 +#define PTRACE_PEEKTEXT 1 +#define PTRACE_PEEKDATA 2 +#define PTRACE_PEEKUSR 3 +#define PTRACE_PEEKUSER 3 +#define PTRACE_POKETEXT 4 +#define PTRACE_POKEDATA 5 +#define PTRACE_POKEUSR 6 +#define PTRACE_POKEUSER 6 +#define PTRACE_CONT 7 +#define PTRACE_KILL 8 +#define PTRACE_SINGLESTEP 9 +#define PTRACE_ATTACH 0x10 +#define PTRACE_DETACH 0x11 +#define PTRACE_SYSCALL 24 +#define PTRACE_GETEVENTMSG 0x4201 +#define PTRACE_GETSIGINFO 0x4202 +#define PTRACE_SETSIGINFO 0x4203 +#define PTRACE_O_TRACESYSGOOD 0x00000001 +#define PTRACE_O_TRACEFORK 0x00000002 +#define PTRACE_O_TRACEVFORK 0x00000004 +#define PTRACE_O_TRACECLONE 0x00000008 +#define PTRACE_O_TRACEEXEC 0x00000010 +#define PTRACE_O_TRACEVFORKDONE 0x00000020 +#define PTRACE_O_TRACEEXIT 0x00000040 +#define PTRACE_O_MASK 0x0000007f +#define PTRACE_EVENT_FORK 1 +#define PTRACE_EVENT_VFORK 2 +#define PTRACE_EVENT_CLONE 3 +#define PTRACE_EVENT_EXEC 4 +#define PTRACE_EVENT_VFORK_DONE 5 +#define PTRACE_EVENT_EXIT 6 +#define PT_TRACE_ME 0 +#define PT_READ_I 1 +#define PT_READ_D 2 +#define PT_READ_U 3 +#define PT_WRITE_I 4 +#define PT_WRITE_D 5 +#define PT_WRITE_U 6 +#define PT_CONTINUE 7 +#define PT_KILL 8 +#define PT_STEP 9 +#define PT_ATTACH 0x10 +#define PT_DETACH 0x11 +#define SYS_accept 202 +#define SYS_accept4 242 +#define SYS_acct 89 +#define SYS_add_key 217 +#define SYS_adjtimex 171 +#define SYS_arch_specific_syscall 244 +#define SYS_bind 200 +#define SYS_bpf 280 +#define SYS_brk 214 +#define SYS_capget 90 +#define SYS_capset 91 +#define SYS_chdir 49 +#define SYS_chroot 51 +#define SYS_clock_adjtime 266 +#define SYS_clock_getres 114 +#define SYS_clock_gettime 113 +#define SYS_clock_nanosleep 115 +#define SYS_clock_settime 112 +#define SYS_clone 220 +#define SYS_clone3 435 +#define SYS_close 57 +#define SYS_close_range 436 +#define SYS_connect 203 +#define SYS_copy_file_range 285 +#define SYS_delete_module 106 +#define SYS_dup 23 +#define SYS_dup3 24 +#define SYS_epoll_create1 20 +#define SYS_epoll_ctl 21 +#define SYS_epoll_pwait 22 +#define SYS_epoll_pwait2 441 +#define SYS_eventfd2 19 +#define SYS_execve 221 +#define SYS_execveat 281 +#define SYS_exit 93 +#define SYS_exit_group 94 +#define SYS_faccessat 48 +#define SYS_faccessat2 439 +#define SYS_fadvise64 223 +#define SYS_fallocate 47 +#define SYS_fanotify_init 262 +#define SYS_fanotify_mark 263 +#define SYS_fchdir 50 +#define SYS_fchmod 52 +#define SYS_fchmodat 53 +#define SYS_fchown 55 +#define SYS_fchownat 54 +#define SYS_fcntl 25 +#define SYS_fdatasync 83 +#define SYS_fgetxattr 10 +#define SYS_finit_module 273 +#define SYS_flistxattr 13 +#define SYS_flock 32 +#define SYS_fremovexattr 16 +#define SYS_fsconfig 431 +#define SYS_fsetxattr 7 +#define SYS_fsmount 432 +#define SYS_fsopen 430 +#define SYS_fspick 433 +#define SYS_fstat 80 +#define SYS_fstatfs 44 +#define SYS_fsync 82 +#define SYS_ftruncate 46 +#define SYS_futex 98 +#define SYS_getcpu 168 +#define SYS_getcwd 17 +#define SYS_getdents64 61 +#define SYS_getegid 177 +#define SYS_geteuid 175 +#define SYS_getgid 176 +#define SYS_getgroups 158 +#define SYS_getitimer 102 +#define SYS_get_mempolicy 236 +#define SYS_getpeername 205 +#define SYS_getpgid 155 +#define SYS_getpid 172 +#define SYS_getppid 173 +#define SYS_getpriority 141 +#define SYS_getrandom 278 +#define SYS_getresgid 150 +#define SYS_getresuid 148 +#define SYS_getrlimit 163 +#define SYS_get_robust_list 100 +#define SYS_getrusage 165 +#define SYS_getsid 156 +#define SYS_getsockname 204 +#define SYS_getsockopt 209 +#define SYS_gettid 178 +#define SYS_gettimeofday 169 +#define SYS_getuid 174 +#define SYS_getxattr 8 +#define SYS_init_module 105 +#define SYS_inotify_add_watch 27 +#define SYS_inotify_init1 26 +#define SYS_inotify_rm_watch 28 +#define SYS_io_cancel 3 +#define SYS_ioctl 29 +#define SYS_io_destroy 1 +#define SYS_io_getevents 4 +#define SYS_io_pgetevents 292 +#define SYS_ioprio_get 31 +#define SYS_ioprio_set 30 +#define SYS_io_setup 0 +#define SYS_io_submit 2 +#define SYS_io_uring_enter 426 +#define SYS_io_uring_register 427 +#define SYS_io_uring_setup 425 +#define SYS_kcmp 272 +#define SYS_kexec_file_load 294 +#define SYS_kexec_load 104 +#define SYS_keyctl 219 +#define SYS_kill 129 +#define SYS_landlock_add_rule 445 +#define SYS_landlock_create_ruleset 444 +#define SYS_landlock_restrict_self 446 +#define SYS_lgetxattr 9 +#define SYS_linkat 37 +#define SYS_listen 201 +#define SYS_listxattr 11 +#define SYS_llistxattr 12 +#define SYS_lookup_dcookie 18 +#define SYS_lremovexattr 15 +#define SYS_lseek 62 +#define SYS_lsetxattr 6 +#define SYS_madvise 233 +#define SYS_mbind 235 +#define SYS_membarrier 283 +#define SYS_memfd_create 279 +#define SYS_migrate_pages 238 +#define SYS_mincore 232 +#define SYS_mkdirat 34 +#define SYS_mknodat 33 +#define SYS_mlock 228 +#define SYS_mlock2 284 +#define SYS_mlockall 230 +#define SYS_mmap 222 +#define SYS_mount 40 +#define SYS_mount_setattr 442 +#define SYS_move_mount 429 +#define SYS_move_pages 239 +#define SYS_mprotect 226 +#define SYS_mq_getsetattr 185 +#define SYS_mq_notify 184 +#define SYS_mq_open 180 +#define SYS_mq_timedreceive 183 +#define SYS_mq_timedsend 182 +#define SYS_mq_unlink 181 +#define SYS_mremap 216 +#define SYS_msgctl 187 +#define SYS_msgget 186 +#define SYS_msgrcv 188 +#define SYS_msgsnd 189 +#define SYS_msync 227 +#define SYS_munlock 229 +#define SYS_munlockall 231 +#define SYS_munmap 215 +#define SYS_name_to_handle_at 264 +#define SYS_nanosleep 101 +#define SYS_newfstatat 79 +#define SYS_nfsservctl 42 +#define SYS_openat 56 +#define SYS_openat2 437 +#define SYS_open_by_handle_at 265 +#define SYS_open_tree 428 +#define SYS_perf_event_open 241 +#define SYS_personality 92 +#define SYS_pidfd_getfd 438 +#define SYS_pidfd_open 434 +#define SYS_pidfd_send_signal 424 +#define SYS_pipe2 59 +#define SYS_pivot_root 41 +#define SYS_pkey_alloc 289 +#define SYS_pkey_free 290 +#define SYS_pkey_mprotect 288 +#define SYS_ppoll 73 +#define SYS_prctl 167 +#define SYS_pread64 67 +#define SYS_preadv 69 +#define SYS_preadv2 286 +#define SYS_prlimit64 261 +#define SYS_process_madvise 440 +#define SYS_process_vm_readv 270 +#define SYS_process_vm_writev 271 +#define SYS_pselect6 72 +#define SYS_ptrace 117 +#define SYS_pwrite64 68 +#define SYS_pwritev 70 +#define SYS_pwritev2 287 +#define SYS_quotactl 60 +#define SYS_read 63 +#define SYS_readahead 213 +#define SYS_readlinkat 78 +#define SYS_readv 65 +#define SYS_reboot 142 +#define SYS_recvfrom 207 +#define SYS_recvmmsg 243 +#define SYS_recvmsg 212 +#define SYS_remap_file_pages 234 +#define SYS_removexattr 14 +#define SYS_renameat2 276 +#define SYS_request_key 218 +#define SYS_restart_syscall 128 +#define SYS_riscv_flush_icache (244 + 15) +#define SYS_rseq 293 +#define SYS_rt_sigaction 134 +#define SYS_rt_sigpending 136 +#define SYS_rt_sigprocmask 135 +#define SYS_rt_sigqueueinfo 138 +#define SYS_rt_sigreturn 139 +#define SYS_rt_sigsuspend 133 +#define SYS_rt_sigtimedwait 137 +#define SYS_rt_tgsigqueueinfo 240 +#define SYS_sched_getaffinity 123 +#define SYS_sched_getattr 275 +#define SYS_sched_getparam 121 +#define SYS_sched_get_priority_max 125 +#define SYS_sched_get_priority_min 126 +#define SYS_sched_getscheduler 120 +#define SYS_sched_rr_get_interval 127 +#define SYS_sched_setaffinity 122 +#define SYS_sched_setattr 274 +#define SYS_sched_setparam 118 +#define SYS_sched_setscheduler 119 +#define SYS_sched_yield 124 +#define SYS_seccomp 277 +#define SYS_semctl 191 +#define SYS_semget 190 +#define SYS_semop 193 +#define SYS_semtimedop 192 +#define SYS_sendfile 71 +#define SYS_sendmmsg 269 +#define SYS_sendmsg 211 +#define SYS_sendto 206 +#define SYS_setdomainname 162 +#define SYS_setfsgid 152 +#define SYS_setfsuid 151 +#define SYS_setgid 144 +#define SYS_setgroups 159 +#define SYS_sethostname 161 +#define SYS_setitimer 103 +#define SYS_set_mempolicy 237 +#define SYS_setns 268 +#define SYS_setpgid 154 +#define SYS_setpriority 140 +#define SYS_setregid 143 +#define SYS_setresgid 149 +#define SYS_setresuid 147 +#define SYS_setreuid 145 +#define SYS_setrlimit 164 +#define SYS_set_robust_list 99 +#define SYS_setsid 157 +#define SYS_setsockopt 208 +#define SYS_set_tid_address 96 +#define SYS_settimeofday 170 +#define SYS_setuid 146 +#define SYS_setxattr 5 +#define SYS_shmat 196 +#define SYS_shmctl 195 +#define SYS_shmdt 197 +#define SYS_shmget 194 +#define SYS_shutdown 210 +#define SYS_sigaltstack 132 +#define SYS_signalfd4 74 +#define SYS_socket 198 +#define SYS_socketpair 199 +#define SYS_splice 76 +#define SYS_statfs 43 +#define SYS_statx 291 +#define SYS_swapoff 225 +#define SYS_swapon 224 +#define SYS_symlinkat 36 +#define SYS_sync 81 +#define SYS_sync_file_range 84 +#define SYS_syncfs 267 +#define SYS_sysinfo 179 +#define SYS_syslog 116 +#define SYS_sysriscv 244 +#define SYS_tee 77 +#define SYS_tgkill 131 +#define SYS_timer_create 107 +#define SYS_timer_delete 111 +#define SYS_timerfd_create 85 +#define SYS_timerfd_gettime 87 +#define SYS_timerfd_settime 86 +#define SYS_timer_getoverrun 109 +#define SYS_timer_gettime 108 +#define SYS_timer_settime 110 +#define SYS_times 153 +#define SYS_tkill 130 +#define SYS_truncate 45 +#define SYS_umask 166 +#define SYS_umount2 39 +#define SYS_uname 160 +#define SYS_unlinkat 35 +#define SYS_unshare 97 +#define SYS_userfaultfd 282 +#define SYS_utimensat 88 +#define SYS_vhangup 58 +#define SYS_vmsplice 75 +#define SYS_wait4 260 +#define SYS_waitid 95 +#define SYS_write 64 +#define SYS_writev 66 diff --git a/pwnlib/data/syscalls/Makefile b/pwnlib/data/syscalls/Makefile index e80f50c2b..4529ffade 100644 --- a/pwnlib/data/syscalls/Makefile +++ b/pwnlib/data/syscalls/Makefile @@ -8,6 +8,6 @@ functions.py: wget https://raw.githubusercontent.com/zachriggle/functions/master/functions.py generate_darwin: - python generate_darwin.py "$(ROOT)" + python3 generate_darwin.py "$(ROOT)" .phony: all diff --git a/pwnlib/data/syscalls/generate_darwin.py b/pwnlib/data/syscalls/generate_darwin.py index 96c3572b0..870efda25 100644 --- a/pwnlib/data/syscalls/generate_darwin.py +++ b/pwnlib/data/syscalls/generate_darwin.py @@ -1,16 +1,16 @@ - # ./pwnlib/data/includes/darwin/aarch64.h # ./pwnlib/constants/darwin/aarch64.py # https://github.com/nullgemm/instant_macos_sdk (old sdk here, please use real macos device) +# https://github.com/joseluisq/macosx-sdks (old sdk here, please use real macos device) # /Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/ from pathlib import Path import re import sys -# In the future, you should change the version of `MacOSX14.sdk` -sdk_path = Path('/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/') +# In the future, you should change the version of `MacOSX15.sdk` +sdk_path = Path('/Library/Developer/CommandLineTools/SDKs/MacOSX15.sdk/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/') if not sdk_path.exists(): print('missing MacOSX sdk') exit(1) diff --git a/pwnlib/dynelf.py b/pwnlib/dynelf.py index 5c3948937..e22cf3082 100644 --- a/pwnlib/dynelf.py +++ b/pwnlib/dynelf.py @@ -652,7 +652,7 @@ def _dynamic_load_dynelf(self, libname): break if name: - self.status('Skipping %s' % name) + self.status('Skipping %r' % name) cur = leak.field(cur, LinkMap.l_next) else: diff --git a/pwnlib/elf/corefile.py b/pwnlib/elf/corefile.py index 02ac36ebf..8db885d9c 100644 --- a/pwnlib/elf/corefile.py +++ b/pwnlib/elf/corefile.py @@ -238,8 +238,8 @@ class Corefile(ELF): Registers can be accessed directly, e.g. via ``core_obj.eax`` and enumerated via :data:`Corefile.registers`. - Memory can be accessed directly via :meth:`.read` or :meth:`.write`, and also - via :meth:`.pack` or :meth:`.unpack` or even :meth:`.string`. + Memory can be accessed directly via :meth:`pwnlib.elf.elf.ELF.read` or :meth:`pwnlib.elf.elf.ELF.write`, and also + via :meth:`pwnlib.elf.elf.ELF.pack` or :meth:`pwnlib.elf.elf.ELF.unpack` or even :meth:`.string`. Arguments: core: Path to the core file. Alternately, may be a :class:`.process` instance, @@ -376,8 +376,8 @@ class Corefile(ELF): >>> core.exe.data[0:4] b'\x7fELF' - It also supports all of the features of :class:`ELF`, so you can :meth:`.read` - or :meth:`.write` or even the helpers like :meth:`.pack` or :meth:`.unpack`. + It also supports all of the features of :class:`ELF`, so you can :meth:`pwnlib.elf.elf.ELF.read` + or :meth:`pwnlib.elf.elf.ELF.write` or even the helpers like :meth:`pwnlib.elf.elf.ELF.pack` or :meth:`pwnlib.elf.elf.ELF.unpack`. Don't forget to call :meth:`.ELF.save` to save the changes to disk. @@ -1329,6 +1329,10 @@ def apport_read_crash_data(self): except Exception: pass + # Convert bytes-like object to string + if isinstance(data, bytes): + data = data.decode('utf-8') + return data def systemd_coredump_corefile(self): diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index acb0a2d7a..f5cab6d80 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -358,12 +358,21 @@ def __init__(self, path, checksec=True): self._populate_functions() self._populate_kernel_version() + self._print_checksec = checksec if checksec: self._describe() self._libs = None self._maps = None + def close(self): + """close() -> None + + Close the ELF file and release all resources associated with it. + """ + super(ELF, self).close() + self.file.close() + @staticmethod @LocalContext def from_assembly(assembly, *a, **kw): @@ -705,14 +714,14 @@ def non_writable_segments(self): @property def libs(self): - """Dictionary of {path: address} for every library loaded for this ELF.""" + """Dictionary of ``{path: address}`` for every library loaded for this ELF.""" if self._libs is None: self._populate_libraries() return self._libs @property def maps(self): - """Dictionary of {name: address} for every mapping in this ELF's address space.""" + """Dictionary of ``{name: address}`` for every mapping in this ELF's address space.""" if self._maps is None: self._populate_libraries() return self._maps @@ -722,12 +731,13 @@ def libc(self): """:class:`.ELF`: If this :class:`.ELF` imports any libraries which contain ``'libc[.-]``, and we can determine the appropriate path to it on the local system, returns a new :class:`.ELF` object pertaining to that library. + Prints the `checksec` output of the library if it was printed for the original ELF too. If not found, the value will be :const:`None`. """ for lib in self.libs: if '/libc.' in lib or '/libc-' in lib: - return ELF(lib) + return ELF(lib, self._print_checksec) def _populate_libraries(self): """ @@ -2340,7 +2350,7 @@ def disable_nx(self): @staticmethod def set_runpath(exepath, runpath): - r"""set_runpath(str, str) -> ELF + r"""set_runpath(exepath, runpath) -> ELF Patches the RUNPATH of the ELF to the given path using the `patchelf utility `_. @@ -2375,7 +2385,7 @@ def set_runpath(exepath, runpath): @staticmethod def set_interpreter(exepath, interpreter_path): - r"""set_interpreter(str, str) -> ELF + r"""set_interpreter(exepath, interpreter_path) -> ELF Patches the interpreter of the ELF to the given binary using the `patchelf utility `_. @@ -2409,7 +2419,7 @@ def set_interpreter(exepath, interpreter_path): @staticmethod def patch_custom_libraries(exe_path, custom_library_path, create_copy=True, suffix='_remotelibc'): - r"""patch_custom_libraries(str, str, bool, str) -> ELF + r"""patch_custom_libraries(exe_path, custom_library_path, create_copy=True, suffix='_remotelibc') -> ELF Looks for the interpreter binary in the given path and patches the binary to use it if available. Also patches the RUNPATH to the given path using the `patchelf utility `_. diff --git a/pwnlib/elf/plt.py b/pwnlib/elf/plt.py index 9eee5f60c..70846177f 100644 --- a/pwnlib/elf/plt.py +++ b/pwnlib/elf/plt.py @@ -70,6 +70,9 @@ def __ensure_memory_to_run_unicorn(): mm.close() except OSError: raise OSError("Cannot allocate 1GB memory to run Unicorn Engine") + except ImportError: + # Can only mmap files on Windows, would need to use VirtualAlloc. + pass def prepare_unicorn_and_context(elf, got, address, data): @@ -166,8 +169,8 @@ def hook_mem(uc, access, address, size, value, user_data): return False hooks = [ - uc.hook_add(U.UC_HOOK_MEM_READ | U.UC_HOOK_MEM_READ_UNMAPPED, - hook_mem, stopped_addr), + uc.hook_add(U.UC_HOOK_MEM_READ, hook_mem, stopped_addr), + uc.hook_add(U.UC_HOOK_MEM_READ_UNMAPPED, hook_mem, stopped_addr), ] # callback for tracing instructions diff --git a/pwnlib/encoders/i386/ascii_shellcode.py b/pwnlib/encoders/i386/ascii_shellcode.py index 0b61ca730..993cfbb1d 100644 --- a/pwnlib/encoders/i386/ascii_shellcode.py +++ b/pwnlib/encoders/i386/ascii_shellcode.py @@ -132,7 +132,7 @@ def _get_allocator(self, size, vocab): Examples: >>> context.update(arch='i386', os='linux') - >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~') + >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~') >>> encoders.i386.ascii_shellcode.encode._get_allocator(300, vocab) bytearray(b'TX-!!!!-!_``-t~~~P\\%!!!!%@@@@') """ @@ -178,7 +178,7 @@ def _find_negatives(self, vocab): Examples: >>> context.update(arch='i386', os='linux') - >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~') + >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~') >>> a, b = encoders.i386.ascii_shellcode.encode._find_negatives(vocab) >>> a & b 0 @@ -212,7 +212,7 @@ def _get_subtractions(self, shellcode, vocab): >>> context.update(arch='i386', os='linux') >>> sc = bytearray(b'ABCDEFGHIGKLMNOPQRSTUVXYZ') - >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~') + >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~') >>> encoders.i386.ascii_shellcode.encode._get_subtractions(sc, vocab) bytearray(b'-(!!!-~NNNP-!=;:-f~~~-~~~~P-!!!!-edee-~~~~P-!!!!-eddd-~~~~P-!!!!-egdd-~~~~P-!!!!-eadd-~~~~P-!!!!-eddd-~~~~P') """ @@ -255,7 +255,7 @@ def _calc_subtractions(self, last, target, vocab): Examples: >>> context.update(arch='i386', os='linux') - >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~') + >>> vocab = bytearray(b'!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~') >>> print(encoders.i386.ascii_shellcode.encode._calc_subtractions(bytearray(b'\x10'*4), bytearray(b'\x11'*4), vocab)) [bytearray(b'!!!!'), bytearray(b'`___'), bytearray(b'~~~~')] >>> print(encoders.i386.ascii_shellcode.encode._calc_subtractions(bytearray(b'\x11\x12\x13\x14'), bytearray(b'\x15\x16\x17\x18'), vocab)) diff --git a/pwnlib/encoders/mips/xor.py b/pwnlib/encoders/mips/xor.py index 6d14f9c33..bd2fcbc83 100644 --- a/pwnlib/encoders/mips/xor.py +++ b/pwnlib/encoders/mips/xor.py @@ -41,7 +41,7 @@ b'\xff\xff\x08\x21', # addi t0,t0,-1 b'\xff\xff\x10\x05', # bltzal t0,14 b'\x82\x82\x08\x28', # slti t0,zero,-32126 - b'\xe2\xff\xfd\x23', # addi sp,ra,-30 + b'\xe0\xff\xfd\x23', # addi sp,ra,-32 b'\x27\x58\x60\x01', # nor t3,t3,zero b'\x21\xc8\xeb\x03', # addu t9,ra,t3 b'\x82\x82\x17\x28', # slti s7,zero,-32126 @@ -72,7 +72,7 @@ b'\x21\x08\xff\xff', # addi t0,t0,-1 b'\x05\x10\xff\xff', # bltzal t0,14 b'\x28\x08\x82\x82', # slti t0,zero,-32126 - b'\x23\xfd\xff\xe2', # addi sp,ra,-30 + b'\x23\xfd\xff\xe0', # addi sp,ra,-32 b'\x01\x60\x58\x27', # nor t3,t3,zero b'\x03\xeb\xc8\x21', # addu t9,ra,t3 b'\x28\x17\x82\x82', # slti s7,zero,-32126 diff --git a/pwnlib/fmtstr.py b/pwnlib/fmtstr.py index 2b8508806..97a534916 100644 --- a/pwnlib/fmtstr.py +++ b/pwnlib/fmtstr.py @@ -841,6 +841,12 @@ def fmtstr_payload(offset, writes, numbwritten=0, write_size='byte', write_size_ The overflows argument is a format-string-length to output-amount tradeoff: Larger values for ``overflows`` produce shorter format strings that generate more output at runtime. + The writes argument is a dictionary with address/value pairs like ``{addr: value, addr2: value2}``. + If the value is an ``int`` datatype, it will be automatically casted into a bytestring with the length of a ``long`` (8 bytes in 64-bit, 4 bytes in 32-bit). + If a specific number of bytes is intended to be written (such as only a single byte, single short, or single int and not an entire long), + then provide a bytestring like ``b'\x37\x13'`` or ``p16(0x1337)``. + Note that the ``write_size`` argument does not determine **total** bytes written, only the size of each consecutive write. + Arguments: offset(int): the first formatter's offset you control writes(dict): dict with addr, value ``{addr: value, addr2: value2}`` @@ -857,6 +863,8 @@ def fmtstr_payload(offset, writes, numbwritten=0, write_size='byte', write_size_ >>> context.clear(arch = 'amd64') >>> fmtstr_payload(1, {0x0: 0x1337babe}, write_size='int') b'%322419390c%4$llnaaaabaa\x00\x00\x00\x00\x00\x00\x00\x00' + >>> fmtstr_payload(1, {0x0: p32(0x1337babe)}, write_size='int') + b'%322419390c%3$na\x00\x00\x00\x00\x00\x00\x00\x00' >>> fmtstr_payload(1, {0x0: 0x1337babe}, write_size='short') b'%47806c%5$lln%22649c%6$hnaaaabaa\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00' >>> fmtstr_payload(1, {0x0: 0x1337babe}, write_size='byte') @@ -872,6 +880,8 @@ def fmtstr_payload(offset, writes, numbwritten=0, write_size='byte', write_size_ b'%19c%12$hhn%36c%13$hhn%131c%14$hhn%4c%15$hhn\x03\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00' >>> fmtstr_payload(1, {0x0: 0x00000001}, write_size='byte') b'c%3$naaa\x00\x00\x00\x00' + >>> fmtstr_payload(1, {0x0: b'\x01'}, write_size='byte') + b'c%3$hhna\x00\x00\x00\x00' >>> fmtstr_payload(1, {0x0: b"\xff\xff\x04\x11\x00\x00\x00\x00"}, write_size='short') b'%327679c%7$lln%18c%8$hhn\x00\x00\x00\x00\x03\x00\x00\x00' >>> fmtstr_payload(10, {0x404048 : 0xbadc0ffe, 0x40403c : 0xdeadbeef}, no_dollars=True) @@ -999,7 +1009,7 @@ def write(self, addr, data): Arguments: addr(int): the address where you want to write - data(int): the data that you want to write ``addr`` + data(int or bytes): the data that you want to write ``addr`` Returns: None @@ -1013,6 +1023,10 @@ def write(self, addr, data): >>> f.write(0x08040506, 0x1337babe) >>> f.execute_writes() b'%19c%16$hhn%36c%17$hhn%131c%18$hhn%4c%19$hhn\t\x05\x04\x08\x08\x05\x04\x08\x07\x05\x04\x08\x06\x05\x04\x08' + >>> f2 = FmtStr(send_fmt_payload, offset=5) + >>> f2.write(0x08040506, p16(0x1337)) + >>> f2.execute_writes() + b'%19c%11$hhn%36c%12$hhnaa\x07\x05\x04\x08\x06\x05\x04\x08' """ self.writes[addr] = data diff --git a/pwnlib/gdb.py b/pwnlib/gdb.py index 33aac5810..08c319bc4 100644 --- a/pwnlib/gdb.py +++ b/pwnlib/gdb.py @@ -195,7 +195,7 @@ def debug_assembly(asm, gdbscript=None, vma=None, api=False): >>> assembly = shellcraft.echo("Hello world!\n") >>> io = gdb.debug_assembly(assembly) - >>> io.recvline() + >>> io.recvline(timeout=1) b'Hello world!\n' """ tmp_elf = make_elf_from_assembly(asm, vma=vma, extract=False) @@ -230,7 +230,7 @@ def debug_shellcode(data, gdbscript=None, vma=None, api=False): >>> assembly = shellcraft.echo("Hello world!\n") >>> shellcode = asm(assembly) >>> io = gdb.debug_shellcode(shellcode) - >>> io.recvline() + >>> io.recvline(timeout=1) b'Hello world!\n' """ if isinstance(data, six.text_type): @@ -283,7 +283,7 @@ def _execve_script(argv, executable, env, ssh): return tmp.name -def _gdbserver_args(pid=None, path=None, args=None, which=None, env=None, python_wrapper_script=None): +def _gdbserver_args(pid=None, path=None, port=0, gdbserver_args=None, args=None, which=None, env=None, python_wrapper_script=None): """_gdbserver_args(pid=None, path=None, args=None, which=None, env=None) -> list Sets up a listening gdbserver, to either connect to the specified @@ -292,6 +292,8 @@ def _gdbserver_args(pid=None, path=None, args=None, which=None, env=None, python Arguments: pid(int): Process ID to attach to path(str): Process to launch + port(int): Port to use for gdbserver, default: random + gdbserver_args(list): List of additional arguments to pass to gdbserver args(list): List of arguments to provide on the debugger command line which(callaable): Function to find the path of a binary. env(dict): Environment variables to pass to the program @@ -300,6 +302,11 @@ def _gdbserver_args(pid=None, path=None, args=None, which=None, env=None, python Returns: A list of arguments to invoke gdbserver. """ + if gdbserver_args is None: + gdbserver_args = list() + elif not isinstance(gdbserver_args, (list, tuple)): + gdbserver_args = [gdbserver_args] + if [pid, path, args].count(None) != 2: log.error("Must specify exactly one of pid, path, or args") @@ -323,7 +330,7 @@ def _gdbserver_args(pid=None, path=None, args=None, which=None, env=None, python orig_args = args - gdbserver_args = [gdbserver, '--multi'] + gdbserver_args = [gdbserver, '--multi'] + gdbserver_args if context.aslr: gdbserver_args += ['--no-disable-randomization'] else: @@ -346,8 +353,12 @@ def _gdbserver_args(pid=None, path=None, args=None, which=None, env=None, python gdbserver_args += ['--wrapper', python_wrapper_script, '--'] elif env is not None: gdbserver_args += ['--wrapper', which('env'), '-i'] + env_args + ['--'] + # --no-startup-with-shell is required for forking shells like SHELL=/bin/fish + # https://github.com/Gallopsled/pwntools/issues/2377 + else: + gdbserver_args += ['--no-startup-with-shell'] - gdbserver_args += ['localhost:0'] + gdbserver_args += ['localhost:%d' % port] gdbserver_args += args return gdbserver_args @@ -412,7 +423,7 @@ def _get_runner(ssh=None): else: return tubes.process.process @LocalContext -def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api=False, **kwargs): +def debug(args, gdbscript=None, gdb_args=None, exe=None, ssh=None, env=None, port=0, gdbserver_args=None, sysroot=None, api=False, **kwargs): r""" Launch a GDB server with the specified command line, and launches GDB to attach to it. @@ -420,9 +431,12 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= Arguments: args(list): Arguments to the process, similar to :class:`.process`. gdbscript(str): GDB script to run. + gdb_args(list): List of additional arguments to pass to GDB. exe(str): Path to the executable on disk env(dict): Environment to start the binary in ssh(:class:`.ssh`): Remote ssh session to use to launch the process. + port(int): Gdb port to use, default: random + gdbserver_args(list): List of additional arguments to pass to gdbserver sysroot(str): Set an alternate system root. The system root is used to load absolute shared library symbol files. This is useful to instruct gdb to load a local version of binaries/libraries instead of downloading @@ -476,12 +490,12 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= Send a command to Bash >>> io.sendline(b"echo hello") - >>> io.recvline() + >>> io.recvline(timeout=30) b'hello\n' Interact with the process - >>> io.interactive() # doctest: +SKIP + >>> io.interactive(timeout=1) # doctest: +SKIP >>> io.close() Create a new process, and stop it at '_start' @@ -500,7 +514,7 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= Send a command to Bash >>> io.sendline(b"echo hello") - >>> io.recvline() + >>> io.recvline(timeout=10) b'hello\n' Interact with the process @@ -512,53 +526,24 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= >>> io = gdb.debug(args=[b'\xde\xad\xbe\xef'], gdbscript='continue', exe="/bin/sh") >>> io.sendline(b"echo $0") - >>> io.recvline() + >>> io.recvline(timeout=10) b'\xde\xad\xbe\xef\n' >>> io.close() Demonstrate that LD_PRELOAD is respected >>> io = process(["grep", "libc.so.6", "/proc/self/maps"]) - >>> real_libc_path = io.recvline().split()[-1] + >>> real_libc_path = io.recvline(timeout=1).split()[-1] >>> io.close() >>> import shutil >>> local_path = shutil.copy(real_libc_path, "./local-libc.so") # make a copy of libc to demonstrate that it is loaded >>> io = gdb.debug(["grep", "local-libc.so", "/proc/self/maps"], gdbscript="continue", env={"LD_PRELOAD": "./local-libc.so"}) - >>> io.recvline().split()[-1] # doctest: +ELLIPSIS + >>> io.recvline(timeout=1).split()[-1] # doctest: +ELLIPSIS b'.../local-libc.so' >>> io.close() >>> os.remove("./local-libc.so") # cleanup - Using GDB Python API: - - .. doctest:: - :skipif: is_python2 - - Debug a new process - - >>> io = gdb.debug(['echo', 'foo'], api=True) - - Stop at 'write' - - >>> bp = io.gdb.Breakpoint('write', temporary=True) - >>> io.gdb.continue_and_wait() - - Dump 'count' - - >>> count = io.gdb.parse_and_eval('$rdx') - >>> long = io.gdb.lookup_type('long') - >>> int(count.cast(long)) - 4 - - Resume the program - - >>> io.gdb.continue_nowait() - >>> io.recvline() - b'foo\n' - >>> io.close() - - Using SSH: You can use :func:`debug` to spawn new processes on remote machines as well, @@ -587,7 +572,7 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= >>> io = gdb.debug(args=[b'\xde\xad\xbe\xef'], gdbscript='continue', exe="/bin/sh", ssh=shell) >>> io.sendline(b"echo $0") - >>> io.recvline() + >>> io.recvline(timeout=10) b'$ \xde\xad\xbe\xef\n' >>> io.close() @@ -595,9 +580,55 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= >>> io = gdb.debug(args=[], gdbscript='continue', exe="/bin/sh", ssh=shell) >>> io.sendline(b"echo $0") - >>> io.recvline() + >>> io.recvline(timeout=10) b'$ \n' >>> io.close() + + + Using GDB Python API: + + .. doctest:: + :skipif: is_python2 + + Debug a new process + + >>> io = gdb.debug(['echo', 'foo'], api=True) + + or using ssh + + >>> shell = ssh('travis', 'example.pwnme', password='demopass') + >>> ssh_io = gdb.debug(['/bin/echo', 'foo'], ssh=shell, api=True) + + Stop at 'write' + + >>> bp = io.gdb.Breakpoint('write', temporary=True) + >>> io.gdb.continue_and_wait() + >>> ssh_bp = ssh_io.gdb.Breakpoint('write', temporary=True) + >>> ssh_io.gdb.continue_and_wait() + + Dump 'count' + + >>> count = io.gdb.parse_and_eval('$rdx') + >>> long = io.gdb.lookup_type('long') + >>> int(count.cast(long)) + 4 + >>> count = ssh_io.gdb.parse_and_eval('$rdx') + >>> long = ssh_io.gdb.lookup_type('long') + >>> int(count.cast(long)) + 4 + + Resume the program + + >>> io.gdb.continue_nowait() + >>> io.recvline(timeout=1) + b'foo\n' + >>> io.close() + + >>> ssh_io.gdb.continue_nowait() + >>> ssh_io.recvline(timeout=1) + b'foo\n' + >>> ssh_io.close() + >>> shell.close() """ if isinstance(args, six.integer_types + (tubes.process.process, tubes.ssh.ssh_channel)): log.error("Use gdb.attach() to debug a running process") @@ -611,8 +642,8 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= which = _get_which(ssh) gdbscript = gdbscript or '' - if api and runner is not tubes.process.process: - raise ValueError('GDB Python API is supported only for local processes') + if api and runner is not tubes.process.process and not ssh: + raise ValueError('GDB Python API is supported only for local and ssh processes') args, env = misc.normalize_argv_env(args, env, log) if env: @@ -628,7 +659,7 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= if ssh or context.native or (context.os == 'android'): if len(args) > 0 and which(packing._decode(args[0])) == packing._decode(exe): - args = _gdbserver_args(args=args, which=which, env=env) + args = _gdbserver_args(gdbserver_args=gdbserver_args, args=args, port=port, which=which, env=env) else: # GDBServer is limited in it's ability to manipulate argv[0] @@ -636,9 +667,9 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= # ``execve`` calls. # Therefore, we use a wrapper script to execute the target binary script = _execve_script(args, executable=exe, env=env, ssh=ssh) - args = _gdbserver_args(args=args, which=which, env=env, python_wrapper_script=script) + args = _gdbserver_args(gdbserver_args=gdbserver_args, args=args, port=port, which=which, env=env, python_wrapper_script=script) else: - qemu_port = random.randint(1024, 65535) + qemu_port = port if port != 0 else random.randint(1024, 65535) qemu_user = qemu.user_path() sysroot = sysroot or qemu.ld_prefix(env=env) if not qemu_user: @@ -667,9 +698,11 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= # Set the .executable on the process object. gdbserver.executable = exe - # Find what port we need to connect to if ssh or context.native or (context.os == 'android'): - port = _gdbserver_port(gdbserver, ssh) + gdb_port = _gdbserver_port(gdbserver, ssh) + if port != 0 and port != gdb_port: + log.error("gdbserver port (%d) doesn't equals set port (%d)" % (gdb_port, port)) + port = gdb_port else: port = qemu_port @@ -677,19 +710,20 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= if not ssh and context.os == 'android': host = context.adb_host - tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api) + tmp = attach((host, port), exe=exe, gdbscript=gdbscript, gdb_args=gdb_args, ssh=ssh, sysroot=sysroot, api=api) if api: _, gdb = tmp gdbserver.gdb = gdb # gdbserver outputs a message when a client connects garbage = gdbserver.recvline(timeout=1) - # Some versions of gdbserver output an additional message - try: - garbage2 = gdbserver.recvline_startswith(b"Remote debugging from host ", timeout=2) - except EOFError: - pass + message = b"Remote debugging from host " + if not garbage.startswith(message): + try: + garbage2 = gdbserver.recvline_startswith(message, timeout=2) + except EOFError: + pass return gdbserver @@ -916,6 +950,8 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr Process name. The youngest process is selected. :obj:`tuple` Host, port pair of a listening ``gdbserver`` + Tries to look up the target exe from the ``gdbserver`` commandline, + requires explicit ``exe`` argument if the target exe is not in the commandline. :class:`.process` Process to connect to :class:`.sock` @@ -944,7 +980,7 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr ... detach ... quit ... ''') - >>> io.recvline() + >>> io.recvline(timeout=10) b'Hello from process debugger!\n' >>> io.sendline(b'echo Hello from bash && exit') >>> io.recvall() @@ -971,7 +1007,7 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr Observe the forced line - >>> io.recvline() + >>> io.recvline(timeout=1) b'Hello from process debugger!\n' Interact with the program in a regular way @@ -995,11 +1031,35 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr ... detach ... quit ... ''') - >>> io.recvline() + >>> io.recvline(timeout=10) b'Hello from remote debugger!\n' >>> io.sendline(b'echo Hello from bash && exit') >>> io.recvall() b'Hello from bash\n' + >>> server.close() + + Attach to a gdbserver / gdbstub running on the local machine + by specifying the host and port tuple it is listening on. + (gdbserver always listens on 0.0.0.0) + + >>> gdbserver = process(['gdbserver', '1.2.3.4:12345', '/bin/bash']) + >>> gdbserver.recvline_contains(b'Listening on port', timeout=10) + b'Listening on port 12345' + >>> pid = gdb.attach(('0.0.0.0', 12345), gdbscript=''' + ... tbreak main + ... commands + ... call puts("Hello from gdbserver debugger!") + ... continue + ... end + ... ''') + >>> gdbserver.recvline(timeout=10) # doctest: +ELLIPSIS + b'Remote debugging from host 127.0.0.1, ...\n' + >>> gdbserver.recvline(timeout=10) + b'Hello from gdbserver debugger!\n' + >>> gdbserver.sendline(b'echo Hello from bash && exit') + >>> gdbserver.recvline(timeout=10) + b'Hello from bash\n' + >>> gdbserver.close() Attach to processes running on a remote machine via an SSH :class:`.ssh` process @@ -1014,7 +1074,7 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr >>> io.recvline(timeout=5) # doctest: +SKIP b'Hello from ssh debugger!\n' >>> io.sendline(b'This will be echoed back') - >>> io.recvline() + >>> io.recvline(timeout=1) b'This will be echoed back\n' >>> io.close() """ @@ -1169,7 +1229,7 @@ def findexe(): cmd += [exe] if pid and not context.os == 'android': - cmd += [str(pid)] + cmd += ['-p', str(pid)] if context.os == 'android' and pid: runner = _get_runner() @@ -1217,7 +1277,7 @@ def preexec_fn(): gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn) if pid and context.native: - proc.wait_for_debugger(pid, gdb_pid) + gdb_pid = proc.wait_for_debugger(pid, gdb_pid) if not api: return gdb_pid @@ -1241,7 +1301,7 @@ def preexec_fn(): else: # Check to see if RPyC is installed at all in GDB rpyc_check = [gdb_binary, '--nx', '-batch', '-ex', - 'python import rpyc; import sys; sys.exit(123)'] + 'python import rpyc; import gdb; gdb.execute("quit 123")'] if 123 != tubes.process.process(rpyc_check).poll(block=True): log.error('Failed to connect to GDB: rpyc is not installed') diff --git a/pwnlib/libcdb.py b/pwnlib/libcdb.py index 0902c40d6..b1e969e34 100644 --- a/pwnlib/libcdb.py +++ b/pwnlib/libcdb.py @@ -8,13 +8,14 @@ import time import six import tempfile +import struct from pwnlib.context import context from pwnlib.elf import ELF from pwnlib.filesystem.path import Path from pwnlib.log import getLogger from pwnlib.tubes.process import process -from pwnlib.util.fiddling import enhex +from pwnlib.util.fiddling import enhex, unhex from pwnlib.util.hashes import sha1filehex, sha256filehex, md5filehex from pwnlib.util.misc import read from pwnlib.util.misc import which @@ -23,12 +24,46 @@ log = getLogger(__name__) -HASHES = { - 'build_id': lambda path: enhex(ELF(path, checksec=False).buildid or b''), + +def _turbofast_extract_build_id(path): + """ + Elf_External_Note: + + 0x00 +--------+ + | namesz | <- Size of entry's owner string + 0x04 +--------+ + | descsz | <- Size of the note descriptor + 0x08 +--------+ + | type | <- Interpretation of the descriptor + 0x0c +--------+ + | name | <- Start of the name+desc data + ... +-------- + | desc | + ... +--------+ + """ + data = read(path, 0x1000) + # search NT_GNU_BUILD_ID and b"GNU\x00" (type+name) + idx = data.find(unhex("03000000474e5500")) + if idx == -1: + return enhex(ELF(path, checksec=False).buildid or b'') + descsz, = struct.unpack(" 1: @@ -104,16 +147,17 @@ def provider_libc_rip(hex_encoded_id, hash_type): url = libc_match[0]['download_url'] log.debug("Downloading data from libc.rip: %s", url) + url = url.replace("https://libc.rip", LIBC_RIP_URL) data = wget(url, timeout=20) if not data: - log.warn_once("Could not fetch libc binary for %s %s from libc.rip", hash_type, hex_encoded_id) + log.warn_once("Could not fetch libc binary for %s %s from libc.rip", search_type, search_target) return None return data # Check if the local system libc matches the requested hash. -def provider_local_system(hex_encoded_id, hash_type): - if hash_type == 'id': +def provider_local_system(hex_encoded_id, search_type): + if search_type == 'libs_id': return None shell_path = os.environ.get('SHELL', None) or '/bin/sh' if not os.path.exists(shell_path): @@ -123,12 +167,12 @@ def provider_local_system(hex_encoded_id, hash_type): if not local_libc: log.debug('Cannot lookup libc from shell %r. Skipping local system libc matching.', shell_path) return None - if HASHES[hash_type](local_libc.path) == hex_encoded_id: + if TYPES[search_type](local_libc.path) == hex_encoded_id: return local_libc.data return None # Offline search https://github.com/niklasb/libc-database for hash type -def provider_local_database(hex_encoded_id, hash_type): +def provider_local_database(search_target, search_type): if not context.local_libcdb: return None @@ -136,35 +180,105 @@ def provider_local_database(hex_encoded_id, hash_type): if not localdb.is_dir(): return None - log.debug("Searching local libc database, %s: %s", hash_type, hex_encoded_id) + # Handle the specific search type 'libs_id' + if search_type == 'libs_id': + libc_list = list(localdb.rglob("%s.so" % search_target)) + if len(libc_list) == 0: + return None + return read(libc_list[0]) + + log.debug("Searching local libc database, %s: %s", search_type, search_target) for libc_path in localdb.rglob("*.so"): - if hex_encoded_id == HASHES[hash_type](libc_path): + if search_target == TYPES[search_type](libc_path): return read(libc_path) return None -PROVIDERS = [provider_local_system, provider_local_database, provider_libcdb, provider_libc_rip] +def query_local_database(params): + if not context.local_libcdb or not params.get("symbols"): + return None + + localdb = Path(context.local_libcdb) + if not localdb.is_dir(): + return None + + res = [] + query_syms = params["symbols"] + + # Loop through each '.symbols' file in the local database + # Make sure `Path.rglod` order stable + for symbol_file in sorted(localdb.rglob("*.symbols"), key=lambda x: x.as_posix()): + libc_syms = _parse_libc_symbol(symbol_file) -def search_by_hash(hex_encoded_id, hash_type='build_id', unstrip=True): - assert hash_type in HASHES, hash_type + matched = 0 + for name, addr in query_syms.items(): + if isinstance(addr, str): + addr = int(addr, 16) + + # Compare last 12 bits + if libc_syms.get(name) and (libc_syms.get(name) & 0xfff) == (addr & 0xfff): + matched += 1 + else: + # aborting this loop once there was a mismatch. + break + + # Check if all symbols have been matched + if matched == len(query_syms): + libs_id = symbol_file.stem + libc_path = symbol_file.parent / ("%s.so" % libs_id) + libs_url = read(symbol_file.parent / ("%s.url" % libs_id)).decode().strip() + res.append(_pack_libs_info(libc_path, libs_id, libs_url, libc_syms)) + + return res + +PROVIDERS = { + "offline": [provider_local_system, provider_local_database], + "online": [provider_libcdb, provider_libc_rip] +} + +def search_by_hash(search_target, search_type='build_id', unstrip=True, offline_only=False): + """search_by_hash(str, str, bool, bool) -> str + Arguments: + search_target(str): + Use for searching the libc. This could be a hex encoded ID (`hex_encoded_id`) or a library + name (`libs_id`). Depending on `search_type`, this can represent different types of encoded + values or names. + search_type(str): + The type of the search to be performed, it should be one of the keys in the `TYPES` dictionary. + unstrip(bool): + Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + If True, restricts the search to offline providers only (local database). If False, it will also + search online providers. Default is False. + + Returns: + The path to the cached directory containing the downloaded libraries. + """ + assert search_type in TYPES, search_type # Ensure that the libcdb cache directory exists - cache, cache_valid = _check_elf_cache('libcdb', hex_encoded_id, hash_type) + cache, cache_valid = _check_elf_cache('libcdb', search_target, search_type) if cache_valid: + if unstrip: + unstrip_libc(cache) return cache # We searched for this buildid before, but didn't find anything. if cache is None: return None + providers = PROVIDERS["offline"] + if not offline_only: + providers += PROVIDERS["online"] + # Run through all available libc database providers to see if we have a match. - for provider in PROVIDERS: - data = provider(hex_encoded_id, hash_type) + for provider in providers: + data = provider(search_target, search_type) if data and data.startswith(b'\x7FELF'): break if not data: - log.warn_once("Could not find libc for %s %s anywhere", hash_type, hex_encoded_id) + log.warn_once("Could not find libc for %s %s anywhere", search_type, search_target) # Save whatever we got to the cache write(cache, data or b'') @@ -213,7 +327,7 @@ def _search_debuginfo_by_hash(base_url, hex_encoded_id): return cache -def _check_elf_cache(cache_type, hex_encoded_id, hash_type): +def _check_elf_cache(cache_type, search_target, search_type): """ Check if there already is an ELF file for this hash in the cache. @@ -226,14 +340,14 @@ def _check_elf_cache(cache_type, hex_encoded_id, hash_type): True """ # Ensure that the cache directory exists - cache_dir = os.path.join(context.cache_dir, cache_type, hash_type) + cache_dir = os.path.join(context.cache_dir, cache_type, search_type) if not os.path.isdir(cache_dir): os.makedirs(cache_dir) # If we already downloaded the file, and it looks even passingly like # a valid ELF file, return it. - cache = os.path.join(cache_dir, hex_encoded_id) + cache = os.path.join(cache_dir, search_target) if not os.path.exists(cache): return cache, False @@ -245,7 +359,7 @@ def _check_elf_cache(cache_type, hex_encoded_id, hash_type): # Retry failed lookups after some time if time.time() > os.path.getmtime(cache) + NEGATIVE_CACHE_EXPIRY: return cache, False - log.info_once("Skipping invalid cached ELF %s", hex_encoded_id) + log.info_once("Skipping invalid cached ELF %s", search_target) return None, False log.info_once("Using cached data from %r", cache) @@ -422,7 +536,9 @@ def _find_libc_package_lib_url(libc): libc_match = query_libc_rip({'buildid': enhex(libc.buildid)}) if libc_match is not None: for match in libc_match: - yield match['libs_url'] + # Allow to override url with a caching proxy in CI + ubuntu_archive_url = os.environ.get('PWN_UBUNTU_ARCHIVE_URL', 'http://archive.ubuntu.com').rstrip('/') + yield match['libs_url'].replace('http://archive.ubuntu.com', ubuntu_archive_url) # Check launchpad.net if it's an Ubuntu libc # GNU C Library (Ubuntu GLIBC 2.36-0ubuntu4) @@ -539,7 +655,7 @@ def _handle_multiple_matching_libcs(matching_libcs): selected_index = options("Select the libc version to use:", [libc['id'] for libc in matching_libcs]) return matching_libcs[selected_index] -def search_by_symbol_offsets(symbols, select_index=None, unstrip=True, return_as_list=False): +def search_by_symbol_offsets(symbols, select_index=None, unstrip=True, offline_only=False, search_type='build_id', return_as_list=False, return_raw=False): """ Lookup possible matching libc versions based on leaked function addresses. @@ -558,9 +674,16 @@ def search_by_symbol_offsets(symbols, select_index=None, unstrip=True, return_as The libc to select if there are multiple matches (starting at 1). unstrip(bool): Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass `offline_only=True`, restricts search mode to offline sources only, + disable online lookup. Defaults to `False`, and enable both offline and online providers. + search_type(str): + An option to select searched hash. return_as_list(bool): Return a list of build ids of all matching libc versions instead of a path to a downloaded file. + return_raw(bool): + Return raw list of matched libc. Returns: Path to the downloaded library on disk, or :const:`None`. @@ -579,35 +702,91 @@ def search_by_symbol_offsets(symbols, select_index=None, unstrip=True, return_as >>> for buildid in matched_libcs: # doctest +SKIP ... libc = ELF(search_by_build_id(buildid)) # doctest +SKIP """ + assert search_type in TYPES, search_type + for symbol, address in symbols.items(): if isinstance(address, int): symbols[symbol] = hex(address) params = {'symbols': symbols} log.debug('Request: %s', params) - matching_libcs = query_libc_rip(params) - log.debug('Result: %s', matching_libcs) - if matching_libcs is None or len(matching_libcs) == 0: - log.warn_once("No matching libc for symbols %r on libc.rip", symbols) + + offline_matching = query_local_database(params) + online_matching = query_libc_rip(params) if not offline_only else None + + if offline_matching is None: + offline_matching = [] + if online_matching is None: + online_matching = [] + + # Aggregate and deduplicate matches from both sources + matching_libcs = {} + for libc in offline_matching + online_matching: + if libc['id'] not in matching_libcs: + matching_libcs[libc['id']] = libc + + log.debug('Offline search result: %s', offline_matching) + if not offline_only: + log.debug('Online search result: %s', online_matching) + + # Check if no matches are found + if len(matching_libcs) == 0: + log.warn_once("No matching libc for symbols %r", symbols) return None + matching_list = list(matching_libcs.values()) + if return_as_list: - return [libc['buildid'] for libc in matching_libcs] + return [libc['buildid'] for libc in matching_list] + + if return_raw: + return matching_list + + mapped_type = MAP_TYPES.get(search_type, search_type) - if len(matching_libcs) == 1: - return search_by_build_id(matching_libcs[0]['buildid'], unstrip=unstrip) + # If there's only one match, return it directly + if len(matching_list) == 1: + return search_by_hash(matching_list[0][mapped_type], search_type=search_type, unstrip=unstrip, offline_only=offline_only) + # If a specific index is provided, validate it and return the selected libc if select_index is not None: - if select_index > 0 and select_index <= len(matching_libcs): - return search_by_build_id(matching_libcs[select_index - 1]['buildid'], unstrip=unstrip) + if select_index > 0 and select_index <= len(matching_list): + return search_by_hash(matching_list[select_index - 1][mapped_type], search_type=search_type, unstrip=unstrip, offline_only=offline_only) else: - log.error('Invalid selected libc index. %d is not in the range of 1-%d.', select_index, len(matching_libcs)) + log.error('Invalid selected libc index. %d is not in the range of 1-%d.', select_index, len(matching_list)) return None - selected_libc = _handle_multiple_matching_libcs(matching_libcs) - return search_by_build_id(selected_libc['buildid'], unstrip=unstrip) + # Handle multiple matches interactively if no index is specified + selected_libc = _handle_multiple_matching_libcs(matching_list) + return search_by_hash(selected_libc[mapped_type], search_type=search_type, unstrip=unstrip, offline_only=offline_only) -def search_by_build_id(hex_encoded_id, unstrip=True): +def search_by_libs_id(libs_id, unstrip=True, offline_only=False): + """ + Given a Libs ID, attempt to download a matching libc from libcdb. + + Arguments: + libs_id(str): + Libs ID (e.g. ``'libc6_...'``) of the library + unstrip(bool): + Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass ``offline_only=True``, restricts search mode to offline sources only, + disable online lookup. Defaults to :const:`False`, and enable both offline and online providers. + + Returns: + Path to the downloaded library on disk, or :const:`None`. + + Examples: + + >>> None == search_by_libs_id('XX') + True + >>> filename = search_by_libs_id('libc6_2.31-3_amd64') + >>> hex(ELF(filename).symbols.read) + '0xeef40' + """ + return search_by_hash(libs_id, 'libs_id', unstrip, offline_only) + +def search_by_build_id(hex_encoded_id, unstrip=True, offline_only=False): """ Given a hex-encoded Build ID, attempt to download a matching libc from libcdb. @@ -616,6 +795,9 @@ def search_by_build_id(hex_encoded_id, unstrip=True): Hex-encoded Build ID (e.g. 'ABCDEF...') of the library unstrip(bool): Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass `offline_only=True`, restricts search mode to offline sources only, + disable online lookup. Defaults to `False`, and enable both offline and online providers. Returns: Path to the downloaded library on disk, or :const:`None`. @@ -631,9 +813,9 @@ def search_by_build_id(hex_encoded_id, unstrip=True): >>> hex(ELF(filename).symbols.read) '0xeef40' """ - return search_by_hash(hex_encoded_id, 'build_id', unstrip) + return search_by_hash(hex_encoded_id, 'build_id', unstrip, offline_only) -def search_by_md5(hex_encoded_id, unstrip=True): +def search_by_md5(hex_encoded_id, unstrip=True, offline_only=False): """ Given a hex-encoded md5sum, attempt to download a matching libc from libcdb. @@ -642,6 +824,9 @@ def search_by_md5(hex_encoded_id, unstrip=True): Hex-encoded md5sum (e.g. 'ABCDEF...') of the library unstrip(bool): Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass `offline_only=True`, restricts search mode to offline sources only, + disable online lookup. Defaults to `False`, and enable both offline and online providers. Returns: Path to the downloaded library on disk, or :const:`None`. @@ -657,9 +842,9 @@ def search_by_md5(hex_encoded_id, unstrip=True): >>> hex(ELF(filename).symbols.read) '0xeef40' """ - return search_by_hash(hex_encoded_id, 'md5', unstrip) + return search_by_hash(hex_encoded_id, 'md5', unstrip, offline_only) -def search_by_sha1(hex_encoded_id, unstrip=True): +def search_by_sha1(hex_encoded_id, unstrip=True, offline_only=False): """ Given a hex-encoded sha1, attempt to download a matching libc from libcdb. @@ -668,6 +853,9 @@ def search_by_sha1(hex_encoded_id, unstrip=True): Hex-encoded sha1sum (e.g. 'ABCDEF...') of the library unstrip(bool): Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass `offline_only=True`, restricts search mode to offline sources only, + disable online lookup. Defaults to `False`, and enable both offline and online providers. Returns: Path to the downloaded library on disk, or :const:`None`. @@ -683,10 +871,9 @@ def search_by_sha1(hex_encoded_id, unstrip=True): >>> hex(ELF(filename).symbols.read) '0xeef40' """ - return search_by_hash(hex_encoded_id, 'sha1', unstrip) - + return search_by_hash(hex_encoded_id, 'sha1', unstrip, offline_only) -def search_by_sha256(hex_encoded_id, unstrip=True): +def search_by_sha256(hex_encoded_id, unstrip=True, offline_only=False): """ Given a hex-encoded sha256, attempt to download a matching libc from libcdb. @@ -695,6 +882,9 @@ def search_by_sha256(hex_encoded_id, unstrip=True): Hex-encoded sha256sum (e.g. 'ABCDEF...') of the library unstrip(bool): Try to fetch debug info for the libc and apply it to the downloaded file. + offline_only(bool): + When pass `offline_only=True`, restricts search mode to offline sources only, + disable online lookup. Defaults to `False`, and enable both offline and online providers. Returns: Path to the downloaded library on disk, or :const:`None`. @@ -710,9 +900,54 @@ def search_by_sha256(hex_encoded_id, unstrip=True): >>> hex(ELF(filename).symbols.read) '0xeef40' """ - return search_by_hash(hex_encoded_id, 'sha256', unstrip) + return search_by_hash(hex_encoded_id, 'sha256', unstrip, offline_only) + +def _parse_libc_symbol(path): + """ + Parse symbols file to `dict`, the format is same as https://github.com/niklasb/libc-database/ + """ + + syms = {} + + with open(path, "r") as fd: + for x in fd: + name, addr = x.split(" ") + syms[name] = int(addr, 16) + + return syms + +def _pack_libs_info(path, libs_id, libs_url, syms): + """ + The JSON format is the same as libc.rip, and the "download_url" field is by default an empty string, + as it's not required in offline mode. + """ + + info = {} + + info["id"] = libs_id + info["libs_url"] = libs_url + info["download_url"] = "" + + for search_type, hash_func in TYPES.items(): + # pass libs_id + if search_type == 'libs_id': + continue + + # replace search_type + if search_type in MAP_TYPES.keys(): + search_type = MAP_TYPES[search_type] + + info[search_type] = hash_func(path) + + default_symbol_list = [ + "__libc_start_main_ret", "dup2", "printf", "puts", "read", "system", "str_bin_sh" + ] + info["symbols"] = {} + for name in default_symbol_list: + info["symbols"][name] = hex(syms[name]) + return info def get_build_id_offsets(): @@ -767,4 +1002,4 @@ def get_build_id_offsets(): }.get(context.arch, []) -__all__ = ['get_build_id_offsets', 'search_by_build_id', 'search_by_sha1', 'search_by_sha256', 'search_by_md5', 'unstrip_libc', 'search_by_symbol_offsets', 'download_libraries'] +__all__ = ['get_build_id_offsets', 'search_by_build_id', 'search_by_sha1', 'search_by_sha256', 'search_by_md5', 'search_by_libs_id', 'unstrip_libc', 'search_by_symbol_offsets', 'download_libraries'] diff --git a/pwnlib/qemu.py b/pwnlib/qemu.py index 0ac957c97..ee9fe218e 100644 --- a/pwnlib/qemu.py +++ b/pwnlib/qemu.py @@ -139,7 +139,7 @@ def user_path(): def ld_prefix(path=None, env=None): """Returns the linker prefix for the selected qemu-user binary - >>> pwnlib.qemu.ld_prefix(arch='arm') + >>> pwnlib.qemu.ld_prefix(arch='arm') # doctest: +SKIP '/etc/qemu-binfmt/arm' """ if context.os == 'baremetal': diff --git a/pwnlib/rop/ret2dlresolve.py b/pwnlib/rop/ret2dlresolve.py index 6b9aeaca5..08a05420a 100644 --- a/pwnlib/rop/ret2dlresolve.py +++ b/pwnlib/rop/ret2dlresolve.py @@ -219,11 +219,24 @@ class Ret2dlresolvePayload(object): elf (ELF): Binary to search symbol (str): Function to search for args (list): List of arguments to pass to the function + data_addr (int|None): The address where the payload will + be written to. If not provided, a suitable address will + be chosen automatically (recommended). + resolution_addr (int|None): The address where the location + of the resolved symbol will be written to. If not provided + will be equal to data_addr. Returns: - A ``Ret2dlresolvePayload`` object which can be passed to ``rop.ret2dlresolve`` + A ``Ret2dlresolvePayload`` object. It can be passed to ``rop.ret2dlresolve`` + for automatic exploitation. + + If that is not suitable the object generates useful values (.reloc_index + and .payload) which can be used to aid manual exploitation. In this case + it is recommended to set .resolution_addr to the GOT address of an easily + callable function (do not set it when passing the object to + rop.ret2dlresolve). """ - def __init__(self, elf, symbol, args, data_addr=None): + def __init__(self, elf, symbol, args, data_addr=None, resolution_addr=None): self.elf = elf self.elf_load_address_fixup = self.elf.address - self.elf.load_addr self.strtab = elf.dynamic_value_by_tag("DT_STRTAB") + self.elf_load_address_fixup @@ -236,6 +249,7 @@ def __init__(self, elf, symbol, args, data_addr=None): self.unreliable = False self.data_addr = data_addr if data_addr is not None else self._get_recommended_address() + self.resolution_addr = resolution_addr if resolution_addr is not None else self.data_addr # Will be set when built self.reloc_index = -1 @@ -302,11 +316,11 @@ def _build_structures(self): # ElfRel rel_addr = self.jmprel + self.reloc_index * ElfRel.size rel_type = 7 - rel = ElfRel(r_offset=self.data_addr, r_info=(index< <% - sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + if network == 'ipv4': + sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + elif network == 'ipv6': + sockaddr, length, address_family = sockaddr('::1', 1, network) socktype = { 'tcp': SOCK_STREAM, 'udp': SOCK_DGRAM diff --git a/pwnlib/shellcraft/templates/amd64/linux/socket.asm b/pwnlib/shellcraft/templates/amd64/linux/socket.asm index bb6b3f473..be8b74f28 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/socket.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/socket.asm @@ -6,7 +6,10 @@ Creates a new socket <% - sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + if network == 'ipv4': + sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + elif network == 'ipv6': + sockaddr, length, address_family = sockaddr('::1', 1, network) socktype = { 'tcp': SOCK_STREAM, 'udp': SOCK_DGRAM diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/close_range.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/close_range.asm new file mode 100644 index 000000000..ecb77a9b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/close_range.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>close_range(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall close_range. + +See 'man 2 close_range' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_close_range']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* close_range(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/epoll_pwait2.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/epoll_pwait2.asm new file mode 100644 index 000000000..a06777704 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/epoll_pwait2.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>epoll_pwait2(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall epoll_pwait2. + +See 'man 2 epoll_pwait2' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_epoll_pwait2']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* epoll_pwait2(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/faccessat2.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/faccessat2.asm new file mode 100644 index 000000000..5d6f05d18 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/faccessat2.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>faccessat2(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall faccessat2. + +See 'man 2 faccessat2' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_faccessat2']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* faccessat2(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_add_rule.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_add_rule.asm new file mode 100644 index 000000000..920d91e97 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_add_rule.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>landlock_add_rule(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall landlock_add_rule. + +See 'man 2 landlock_add_rule' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_landlock_add_rule']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* landlock_add_rule(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_create_ruleset.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_create_ruleset.asm new file mode 100644 index 000000000..179d2f7f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_create_ruleset.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>landlock_create_ruleset(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall landlock_create_ruleset. + +See 'man 2 landlock_create_ruleset' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_landlock_create_ruleset']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* landlock_create_ruleset(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_restrict_self.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_restrict_self.asm new file mode 100644 index 000000000..0a138bcc2 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/landlock_restrict_self.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>landlock_restrict_self(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall landlock_restrict_self. + +See 'man 2 landlock_restrict_self' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_landlock_restrict_self']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* landlock_restrict_self(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/mount_setattr.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/mount_setattr.asm new file mode 100644 index 000000000..33cc2f5af --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/mount_setattr.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>mount_setattr(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall mount_setattr. + +See 'man 2 mount_setattr' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_mount_setattr']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* mount_setattr(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/process_madvise.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/process_madvise.asm new file mode 100644 index 000000000..6a6357a2c --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/process_madvise.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>process_madvise(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall process_madvise. + +See 'man 2 process_madvise' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_process_madvise']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* process_madvise(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/riscv_flush_icache.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/riscv_flush_icache.asm new file mode 100644 index 000000000..532c6802b --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/riscv_flush_icache.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>riscv_flush_icache(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall riscv_flush_icache. + +See 'man 2 riscv_flush_icache' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_riscv_flush_icache']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* riscv_flush_icache(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/common/linux/syscalls/sysriscv.asm b/pwnlib/shellcraft/templates/common/linux/syscalls/sysriscv.asm new file mode 100644 index 000000000..d65886016 --- /dev/null +++ b/pwnlib/shellcraft/templates/common/linux/syscalls/sysriscv.asm @@ -0,0 +1,101 @@ +<% +import collections +import pwnlib.abi +import pwnlib.constants +import pwnlib.shellcraft +import six +%> +<%docstring>sysriscv(vararg_0, vararg_1, vararg_2, vararg_3, vararg_4) -> str + +Invokes the syscall sysriscv. + +See 'man 2 sysriscv' for more information. + +Arguments: + vararg(int): vararg +Returns: + long + +<%page args="vararg_0=None, vararg_1=None, vararg_2=None, vararg_3=None, vararg_4=None"/> +<% + abi = pwnlib.abi.ABI.syscall() + stack = abi.stack + regs = abi.register_arguments[1:] + allregs = pwnlib.shellcraft.registers.current() + + can_pushstr = [] + can_pushstr_array = [] + + argument_names = ['vararg_0', 'vararg_1', 'vararg_2', 'vararg_3', 'vararg_4'] + argument_values = [vararg_0, vararg_1, vararg_2, vararg_3, vararg_4] + + # Load all of the arguments into their destination registers / stack slots. + register_arguments = dict() + stack_arguments = collections.OrderedDict() + string_arguments = dict() + dict_arguments = dict() + array_arguments = dict() + syscall_repr = [] + + for name, arg in zip(argument_names, argument_values): + if arg is not None: + syscall_repr.append('%s=%s' % (name, pwnlib.shellcraft.pretty(arg, False))) + + # If the argument itself (input) is a register... + if arg in allregs: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[index] = arg + + # The argument is not a register. It is a string value, and we + # are expecting a string value + elif name in can_pushstr and isinstance(arg, (six.binary_type, six.text_type)): + if isinstance(arg, six.text_type): + arg = arg.encode('utf-8') + string_arguments[name] = arg + + # The argument is not a register. It is a dictionary, and we are + # expecting K:V paris. + elif name in can_pushstr_array and isinstance(arg, dict): + array_arguments[name] = ['%s=%s' % (k,v) for (k,v) in arg.items()] + + # The arguent is not a register. It is a list, and we are expecting + # a list of arguments. + elif name in can_pushstr_array and isinstance(arg, (list, tuple)): + array_arguments[name] = arg + + # The argument is not a register, string, dict, or list. + # It could be a constant string ('O_RDONLY') for an integer argument, + # an actual integer value, or a constant. + else: + index = argument_names.index(name) + if index < len(regs): + target = regs[index] + register_arguments[target] = arg + elif arg is not None: + stack_arguments[target] = arg + + # Some syscalls have different names on various architectures. + # Determine which syscall number to use for the current architecture. + for syscall in ['SYS_sysriscv']: + if hasattr(pwnlib.constants, syscall): + break + else: + raise Exception("Could not locate any syscalls: %r" % syscalls) +%> + /* sysriscv(${', '.join(syscall_repr)}) */ +%for name, arg in string_arguments.items(): + ${pwnlib.shellcraft.pushstr(arg, append_null=(b'\x00' not in arg))} + ${pwnlib.shellcraft.mov(regs[argument_names.index(name)], abi.stack)} +%endfor +%for name, arg in array_arguments.items(): + ${pwnlib.shellcraft.pushstr_array(regs[argument_names.index(name)], arg)} +%endfor +%for name, arg in stack_arguments.items(): + ${pwnlib.shellcraft.push(arg)} +%endfor + ${pwnlib.shellcraft.setregs(register_arguments)} + ${pwnlib.shellcraft.syscall(syscall)} diff --git a/pwnlib/shellcraft/templates/riscv64/__doc__ b/pwnlib/shellcraft/templates/riscv64/__doc__ new file mode 100644 index 000000000..a5420bbe2 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/__doc__ @@ -0,0 +1 @@ +Shellcraft module containing generic RISCV64 shellcodes. diff --git a/pwnlib/shellcraft/templates/riscv64/linux/__doc__ b/pwnlib/shellcraft/templates/riscv64/linux/__doc__ new file mode 100644 index 000000000..af7cba2ce --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/linux/__doc__ @@ -0,0 +1 @@ +Shellcraft module containing RISCV64 shellcodes for Linux. diff --git a/pwnlib/shellcraft/templates/riscv64/linux/syscall.asm b/pwnlib/shellcraft/templates/riscv64/linux/syscall.asm new file mode 100644 index 000000000..85bd4bdd1 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/linux/syscall.asm @@ -0,0 +1,109 @@ +<% + from pwnlib.shellcraft import riscv64, pretty + from pwnlib.constants import Constant + from pwnlib.abi import linux_riscv64_syscall as abi + from six import text_type +%> +<%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4=None, arg5=None"/> +<%docstring> +Args: [syscall_number, \*args] + Does a syscall + +Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constants.eval`. + +Example: + + >>> print(pwnlib.shellcraft.riscv64.linux.syscall('SYS_execve', 1, 'sp', 2, 0).rstrip()) + /* call execve(1, 'sp', 2, 0) */ + c.li a0, 1 + c.mv a1, sp + c.li a2, 2 + c.li a3, 0 + /* mv a7, 0xdd */ + xori a7, zero, 0x722 + xori a7, a7, 0x7ff + ecall + >>> print(pwnlib.shellcraft.riscv64.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip()) + /* call execve(2, 1, 0, 0x14) */ + c.li a0, 2 + c.li a1, 1 + c.li a2, 0 + c.li a3, 0x14 + /* mv a7, 0xdd */ + xori a7, zero, 0x722 + xori a7, a7, 0x7ff + ecall + >>> print(pwnlib.shellcraft.riscv64.linux.syscall().rstrip()) + /* call syscall() */ + ecall + >>> print(pwnlib.shellcraft.riscv64.linux.syscall('a7', 'a0', 'a1').rstrip()) + /* call syscall('a7', 'a0', 'a1') */ + /* setregs noop */ + ecall + >>> print(pwnlib.shellcraft.riscv64.linux.syscall('a3', None, None, 1).rstrip()) + /* call syscall('a3', ?, ?, 1) */ + c.li a2, 1 + c.mv a7, a3 + ecall + >>> print(pwnlib.shellcraft.riscv64.linux.syscall( + ... 'SYS_mmap', 0, 0x1000, + ... 'PROT_READ | PROT_WRITE | PROT_EXEC', + ... 'MAP_PRIVATE', + ... -1, 0).rstrip()) + /* call mmap(0, 0x1000, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE', -1, 0) */ + c.li a0, 0 + c.lui a1, 1 /* mv a1, 0x1000 */ + c.li a2, 7 + c.li a3, 2 + c.li a4, 0xffffffffffffffff + c.li a5, 0 + /* mv a7, 0xde */ + xori a7, zero, 0x721 + xori a7, a7, 0x7ff + ecall + >>> print(pwnlib.shellcraft.openat('AT_FDCWD', '/home/pwn/flag').rstrip()) + /* openat(fd='AT_FDCWD', file='/home/pwn/flag', oflag=0) */ + /* push b'/home/pwn/flag\x00' */ + li t4, 0x77702f656d6f682f + sd t4, -16(sp) + li t4, 0x67616c662f6e + sd t4, -8(sp) + addi sp, sp, -16 + c.mv a1, sp + xori a0, zero, 0xffffffffffffff9c + c.li a2, 0 + /* call openat() */ + /* mv a7, 0x38 */ + xori a7, zero, 0x7c7 + xori a7, a7, 0x7ff + ecall + +<% + if isinstance(syscall, (str, text_type, Constant)) and str(syscall).startswith('SYS_'): + syscall_repr = str(syscall)[4:] + "(%s)" + args = [] + else: + syscall_repr = 'syscall(%s)' + if syscall is None: + args = ['?'] + else: + args = [pretty(syscall, False)] + + for arg in [arg0, arg1, arg2, arg3, arg4, arg5]: + if arg is None: + args.append('?') + else: + args.append(pretty(arg, False)) + while args and args[-1] == '?': + args.pop() + syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) +%>\ + /* call ${syscall_repr} */ +%if any(a is not None for a in arguments): + ${riscv64.setregs(regctx)} +%endif + ecall diff --git a/pwnlib/shellcraft/templates/riscv64/linux/syscalls b/pwnlib/shellcraft/templates/riscv64/linux/syscalls new file mode 120000 index 000000000..82bc97edb --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/linux/syscalls @@ -0,0 +1 @@ +../../common/linux/syscalls \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/riscv64/mov.asm b/pwnlib/shellcraft/templates/riscv64/mov.asm new file mode 100644 index 000000000..8005b47d1 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/mov.asm @@ -0,0 +1,131 @@ +<% + from pwnlib.util import lists, packing, fiddling, misc + from pwnlib.constants import eval, Constant + from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.log import getLogger + from pwnlib.shellcraft import riscv64, registers, pretty, okay + import six + log = getLogger('pwnlib.shellcraft.riscv64.mov') +%> +<%page args="dst, src"/> +<%docstring> +Move src into dst without newlines and null bytes. + +Registers t4 and t6 are not guaranteed to be preserved. + +If src is a string that is not a register, then it will locally set +`context.arch` to `'riscv64'` and use :func:`pwnlib.constants.eval` to evaluate the +string. Note that this means that this shellcode can change behavior depending +on the value of `context.os`. + +Args: + + dst (str): The destination register. + src (str): Either the input register, or an immediate value. + +Example: + + >>> print(shellcraft.riscv64.mov('t0', 0).rstrip()) + c.li t0, 0 + >>> print(shellcraft.riscv64.mov('t0', 0x2000).rstrip()) + c.lui t0, 2 /* mv t0, 0x2000 */ + >>> print(shellcraft.riscv64.mov('t5', 0x601).rstrip()) + xori t5, zero, 0x601 + >>> print(shellcraft.riscv64.mov('t5', 0x600).rstrip()) + /* mv t5, 0x600 */ + xori t5, zero, 0x1ff + xori t5, t5, 0x7ff + >>> print(shellcraft.riscv64.mov('t6', 0x181f).rstrip()) + /* mv t6, 0x181f */ + lui t6, 0xffffe + xori t6, t6, 0xfffffffffffff81f + >>> print(shellcraft.riscv64.mov('t5', 0x40b561f).rstrip()) + /* mv t5, 0x40b561f */ + lui t5, 0x40b5 + xori t5, t5, 0x61f + >>> print(shellcraft.riscv64.mov('t0', 0xcafebabe).rstrip()) + li t0, 0xcafebabe + >>> print(shellcraft.riscv64.mov('a0', 't2').rstrip()) + c.mv a0, t2 + >>> print(shellcraft.riscv64.mov('t1', 'sp').rstrip()) + c.mv t6, sp + c.mv t1, t6 /* mv t1, sp */ + + +<% +if not isinstance(dst, str) or dst not in registers.riscv: + log.error("Unknown register %r", dst) + return + +if isinstance(src, str) and src not in registers.riscv: + src = eval(src) + +if isinstance(src, str) and src not in registers.riscv: + log.error("Unknown register %r", src) + return + +src_reg = registers.riscv.get(src, None) +dst_reg = registers.riscv[dst] +tmp = 't6' if dst_reg != registers.riscv['t6'] else 't4' + +# If source register is zero, treat it as immediate 0 +if src_reg == 0: + src = 0 + src_reg = None + +encodes_no_newline = lambda a, not_a: not (a & 0xf == 0 or (a & 0xff0) >> 8 in [0, 10]) and not (((not_a & 0xf000) >> 8 | (dst_reg >> 1) in [0, 10]) or (not_a & 0xff0000) >> 16 in [0, 10] or not_a >> 24 in [0, 10]) +%> + +% if dst_reg == 0 or dst_reg == src_reg: + /* mv ${dst}, ${src} is a noop */ + +% elif src_reg is not None: +## Source is a register +## Special case where c.mv would produce a newline +% if src_reg == 2 and dst_reg % 2 == 0: + c.mv ${tmp}, ${src} + c.mv ${dst}, ${tmp} /* mv ${dst}, ${src} */ +% else: + c.mv ${dst}, ${src} +% endif +% else: +## Source is an immediate, normalize to [0, 2**64) + +<% src = packing.unpack(packing.pack(src, word_size=64), word_size=64, sign=False) %> +## Immediates are always sign-extended to 64-bit + +## 6-bit immediate for c.li +% if src < 0x20 or src >= 0xffffffffffffffe0: + c.li ${dst}, ${pretty(src)} + +## 6-bit immediate for c.lui +% elif dst_reg != 2 and src & 0xfff == 0 and ((src>>12) < 0x20 or (src>>12) >= 0xffffffffffffffe0): + c.lui ${dst}, ${pretty(src>>12)} /* mv ${dst}, ${pretty(src)} */ + +## 12-bit immediate +% elif src < 0x800 or src >= 0xfffffffffffff800: + % if src & 0xf == 0 or (src & 0xfff) >> 8 in [0, 10]: + /* mv ${dst}, ${pretty(src)} */ + xori ${dst}, zero, ${pretty(src ^ 0x7ff)} + xori ${dst}, ${dst}, ${pretty(0x7ff)} + % else: + xori ${dst}, zero, ${pretty(src)} + % endif + +## 32-bit immediate with lui and xori +% elif (src < 0x80000000 or src >= 0xffffffff80000000) and src & 0x800 == 0 and encodes_no_newline(src, src): + /* mv ${dst}, ${pretty(src)} */ + lui ${dst}, ${pretty(src >> 12)} + xori ${dst}, ${dst}, ${pretty(src & 0xfff)} +% elif (src < 0x80000000 or src >= 0xffffffff80000000) and src & 0x800 == 0x800 and encodes_no_newline(src, ~src): + /* mv ${dst}, ${pretty(src)} */ + lui ${dst}, ${pretty((~src >> 12) & 0xfffff)} + xori ${dst}, ${dst}, ${pretty(src & 0xfff | 0xfffffffffffff000)} + +## 64-bit immediate with lui, addi, and slli +## FIXME: Make this null and newline free +% else: + li ${dst}, ${pretty(src)} + +% endif +% endif diff --git a/pwnlib/shellcraft/templates/riscv64/nop.asm b/pwnlib/shellcraft/templates/riscv64/nop.asm new file mode 100644 index 000000000..dbb731dd4 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/nop.asm @@ -0,0 +1,2 @@ +<%docstring>RISCV64 nop instruction. + add x31, x0, x31 diff --git a/pwnlib/shellcraft/templates/riscv64/push.asm b/pwnlib/shellcraft/templates/riscv64/push.asm new file mode 100644 index 000000000..0a9f97adc --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/push.asm @@ -0,0 +1,27 @@ +<% + from pwnlib.shellcraft import riscv64 + from pwnlib import constants + from pwnlib.shellcraft import registers + from six import text_type, binary_type +%> +<%page args="value"/> +<%docstring> +Pushes a value onto the stack. + +Register t4 is not guaranteed to be preserved. + +<% +is_reg = value in registers.riscv + +if not is_reg and isinstance(value, (binary_type, text_type)): + try: + value = constants.eval(value) + except (ValueError, AttributeError): + pass +%> +% if not is_reg: + ${riscv64.mov('t4', value)} + <% value = 't4' %>\ +%endif + sd ${value}, -8(sp) + addi sp, sp, -8 diff --git a/pwnlib/shellcraft/templates/riscv64/pushstr.asm b/pwnlib/shellcraft/templates/riscv64/pushstr.asm new file mode 100644 index 000000000..252536e27 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/pushstr.asm @@ -0,0 +1,98 @@ +<% + from pwnlib.util import lists, packing, fiddling + from pwnlib.shellcraft import riscv64, pretty + import six +%>\ +<%page args="string, append_null = True"/> +<%docstring> +Pushes a string onto the stack without using +null bytes or newline characters. + +Example: + + >>> print(shellcraft.riscv64.pushstr('').rstrip()) + /* push b'\x00' */ + sw zero, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr('a').rstrip()) + /* push b'a\x00' */ + /* mv t4, 0x61 */ + xori t4, zero, 0x79e + xori t4, t4, 0x7ff + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr('aa').rstrip()) + /* push b'aa\x00' */ + li t4, 0x6161 + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr('aaaa').rstrip()) + /* push b'aaaa\x00' */ + /* mv t4, 0x61616161 */ + lui t4, 0x61616 + xori t4, t4, 0x161 + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr('aaaaa').rstrip()) + /* push b'aaaaa\x00' */ + li t4, 0x6161616161 + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr('aaaa', append_null = False).rstrip()) + /* push b'aaaa' */ + /* mv t4, 0x61616161 */ + lui t4, 0x61616 + xori t4, t4, 0x161 + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr(b'\xc3').rstrip()) + /* push b'\xc3\x00' */ + /* mv t4, 0xc3 */ + xori t4, zero, 0x73c + xori t4, t4, 0x7ff + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(shellcraft.riscv64.pushstr(b'\xc3', append_null = False).rstrip()) + /* push b'\xc3' */ + /* mv t4, 0xc3 */ + xori t4, zero, 0x73c + xori t4, t4, 0x7ff + sd t4, -8(sp) + addi sp, sp, -8 + >>> print(enhex(asm(shellcraft.riscv64.pushstr("/bin/sh")))) + b79e39349b8e7e7bb20e938ebe34b60e938efe22233cd1ff6111 + >>> print(enhex(asm(shellcraft.riscv64.pushstr("")))) + 232c01fe6111 + >>> print(enhex(asm(shellcraft.riscv64.pushstr("\x00", append_null = False)))) + 232c01fe6111 + +Args: + string (str): The string to push. + append_null (bool): Whether to append a single NULL-byte before pushing. + +<% + if isinstance(string, six.text_type): + string = string.encode('utf-8') + if append_null: + string += b'\x00' + if not string: + return + + split_string = lists.group(8, string, 'fill', b'\x00') + stack_offset = len(split_string) * -8 +%>\ + /* push ${pretty(string, False)} */ +% for index, word in enumerate(split_string): +% if word == b'\x00\x00\x00\x00\x00\x00\x00\x00': + sw zero, ${stack_offset+(8 * index)}(sp) +<% + continue +%>\ +% endif +<% + word = packing.u64(word, sign=True) +%>\ + ${riscv64.mov('t4', word)} + sd t4, ${stack_offset+(8 * index)}(sp) +% endfor + addi sp, sp, ${stack_offset} diff --git a/pwnlib/shellcraft/templates/riscv64/pushstr_array.asm b/pwnlib/shellcraft/templates/riscv64/pushstr_array.asm new file mode 100644 index 000000000..a7a40fd52 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/pushstr_array.asm @@ -0,0 +1,38 @@ +<% from pwnlib.shellcraft import riscv64, pretty %> +<%docstring> +Pushes an array/envp-style array of pointers onto the stack. + +Arguments: + reg(str): + Destination register to hold the pointer. + array(str,list): + Single argument or list of arguments to push. + NULL termination is normalized so that each argument + ends with exactly one NULL byte. + +<%page args="reg, array"/> +<% +if isinstance(array, (str)): + array = [array] + +array_str = '' + +# Normalize all of the arguments' endings +array = [arg.rstrip('\x00') + '\x00' for arg in array] +array_str = ''.join(array) + +word_size = 8 +offset = len(array_str) + word_size + +%>\ + /* push argument array ${pretty(array, False)} */ + ${riscv64.pushstr(array_str)} + ${riscv64.mov(reg, 0)} + ${riscv64.push(reg)} /* null terminate */ +% for i,arg in enumerate(reversed(array)): + ${riscv64.mov(reg, offset + word_size*i - len(arg))} + add ${reg}, sp, ${reg} + ${riscv64.push(reg)} /* ${pretty(arg, False)} */ + <% offset -= len(arg) %>\ +% endfor + ${riscv64.mov(reg,'sp')} diff --git a/pwnlib/shellcraft/templates/riscv64/setregs.asm b/pwnlib/shellcraft/templates/riscv64/setregs.asm new file mode 100644 index 000000000..90306e106 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/setregs.asm @@ -0,0 +1,46 @@ +<% + from pwnlib.regsort import regsort + from pwnlib.constants import Constant, eval + from pwnlib.shellcraft import registers + from pwnlib.shellcraft import riscv64 +%> +<%page args="reg_context, stack_allowed = True"/> +<%docstring> +Sets multiple registers, taking any register dependencies into account +(i.e., given eax=1,ebx=eax, set ebx first). + +Args: + reg_context (dict): Desired register context + stack_allowed (bool): Can the stack be used? + +Example: + + >>> print(shellcraft.setregs({'t0':1, 'a3':'0'}).rstrip()) + c.li a3, 0 + c.li t0, 1 + >>> print(shellcraft.setregs({'a0':'a1', 'a1':'a0', 'a2':'a1'}).rstrip()) + c.mv a2, a1 + c.mv t4, a1 + xor a1, a0, t4 /* xchg a1, a0 */ + c.mv t4, a0 + xor a0, a1, t4 + c.mv t4, a1 + xor a1, a0, t4 + +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} +sorted_regs = regsort(reg_context, registers.riscv) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, src, dst in regsort(reg_context, registers.riscv): +% if how == 'xchg': + ${riscv64.xor(dst, dst, src)} /* xchg ${dst}, ${src} */ + ${riscv64.xor(src, src, dst)} + ${riscv64.xor(dst, dst, src)} +% else: + ${riscv64.mov(src, dst)} +% endif +% endfor +% endif diff --git a/pwnlib/shellcraft/templates/riscv64/trap.asm b/pwnlib/shellcraft/templates/riscv64/trap.asm new file mode 100644 index 000000000..fade233c0 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/trap.asm @@ -0,0 +1,2 @@ +<%docstring>A trap instruction. + ebreak diff --git a/pwnlib/shellcraft/templates/riscv64/xor.asm b/pwnlib/shellcraft/templates/riscv64/xor.asm new file mode 100644 index 000000000..5a506e284 --- /dev/null +++ b/pwnlib/shellcraft/templates/riscv64/xor.asm @@ -0,0 +1,34 @@ +<% + from pwnlib.shellcraft import riscv64 + from pwnlib.shellcraft import registers +%> +<%page args="dst,rs1,rs2"/> +<%docstring> +XOR two registers rs1 and rs2, store result in register dst. + +Register t4 is not guaranteed to be preserved. + +<% +if not isinstance(dst, str) or dst not in registers.riscv: + log.error("Unknown register %r", dst) + return +if not isinstance(rs1, str) or rs1 not in registers.riscv: + log.error("Unknown register %r", rs1) + return +if not isinstance(rs2, str) or rs2 not in registers.riscv: + log.error("Unknown register %r", rs2) + return + +rs1_reg = registers.riscv[rs1] +rs2_reg = registers.riscv[rs2] +%> +## 0000000 rs2 rs1 +## 0000000 00000 0000 +% if rs1_reg & 0x10 > 0 and (rs2_reg > 1 or rs1_reg & 0xf > 0) and (rs1_reg != 0x10 and rs2_reg != 10): + xor ${dst}, ${rs2}, ${rs1} +% elif rs2_reg & 0x10 > 0 and (rs1_reg > 1 or rs2_reg & 0xf > 0) and (rs2_reg != 0x10 and rs1_reg != 10): + xor ${dst}, ${rs1}, ${rs2} +% else: + ${riscv64.mov('t4', rs1)} + xor ${dst}, ${rs2}, t4 +% endif diff --git a/pwnlib/term/text.py b/pwnlib/term/text.py index 8e5ddef63..2bab52d46 100644 --- a/pwnlib/term/text.py +++ b/pwnlib/term/text.py @@ -27,9 +27,7 @@ class Module(types.ModuleType): def __init__(self): self.__file__ = __file__ self.__name__ = __name__ - self.num_colors = 8 - self.has_bright = self.num_colors >= 16 - self.has_gray = self.has_bright + self.num_colors = termcap.get('colors', default=8) if sys.platform == 'win32' else 8 self.when = 'auto' self._colors = { 'black': 0, @@ -61,6 +59,14 @@ def when(self): def when(self, val): self._when = eval_when(val) + @property + def has_bright(self): + return self.num_colors >= 16 + + @property + def has_gray(self): + return self.has_bright + def _fg_color(self, c): c = termcap.get('setaf', c) or termcap.get('setf', c) if not hasattr(c, 'encode'): diff --git a/pwnlib/tubes/process.py b/pwnlib/tubes/process.py index e5f143e75..71dcbca39 100644 --- a/pwnlib/tubes/process.py +++ b/pwnlib/tubes/process.py @@ -12,6 +12,7 @@ import subprocess import sys import time +from collections import namedtuple IS_WINDOWS = sys.platform.startswith('win') @@ -802,15 +803,6 @@ def close(self): # First check if we are already dead self.poll() - # close file descriptors - for fd in [self.proc.stdin, self.proc.stdout, self.proc.stderr]: - if fd is not None: - try: - fd.close() - except IOError as e: - if e.errno != errno.EPIPE and e.errno != errno.EINVAL: - raise - if not self._stop_noticed: try: self.proc.kill() @@ -820,6 +812,15 @@ def close(self): except OSError: pass + # close file descriptors + for fd in [self.proc.stdin, self.proc.stdout, self.proc.stderr]: + if fd is not None: + try: + fd.close() + except IOError as e: + if e.errno != errno.EPIPE and e.errno != errno.EINVAL: + raise + def fileno(self): if not self.connected(): @@ -883,6 +884,440 @@ def __pty_make_controlling_tty(self, tty_fd): else: os.close(fd) + def maps(self): + """maps() -> [mapping] + + Returns a list of process mappings. + + A mapping object has the following fields: + addr, address (addr alias), start (addr alias), end, size, perms, path, rss, pss, shared_clean, shared_dirty, private_clean, private_dirty, referenced, anonymous, swap + + perms is a permissions object, with the following fields: + read, write, execute, private, shared, string + + Example: + + >>> p = process(['cat']) + >>> p.sendline(b"meow") + >>> p.recvline() + b'meow\\n' + >>> proc_maps = open("/proc/" + str(p.pid) + "/maps", "r").readlines() + >>> pwn_maps = p.maps() + >>> len(proc_maps) == len(pwn_maps) + True + >>> checker_arr = [] + >>> for proc, pwn in zip(proc_maps, pwn_maps): + ... proc = proc.split(' ') + ... p_addrs = proc[0].split('-') + ... checker_arr.append(int(p_addrs[0], 16) == pwn.addr == pwn.address == pwn.start) + ... checker_arr.append(int(p_addrs[1], 16) == pwn.end) + ... checker_arr.append(pwn.size == pwn.end - pwn.start) + ... checker_arr.append(pwn.perms.string == proc[1]) + ... proc_path = proc[-1].strip() + ... checker_arr.append(pwn.path == proc_path or (pwn.path == '[anon]' and proc_path == '')) + ... + >>> checker_arr == [True] * len(proc_maps) * 5 + True + + Useful information about this can be found at: https://man7.org/linux/man-pages/man5/proc.5.html + specifically the /proc/pid/maps section. + + memory_maps() returns a list of pmmap_ext objects. The definition (from psutil/_pslinux.py) is: + + .. code-block:: python + + pmmap_grouped = namedtuple( + 'pmmap_grouped', + ['path', 'rss', 'size', 'pss', 'shared_clean', 'shared_dirty', + 'private_clean', 'private_dirty', 'referenced', 'anonymous', 'swap']) + pmmap_ext = namedtuple( + 'pmmap_ext', 'addr perms ' + ' '.join(pmmap_grouped._fields)) + + + Here is an example of a pmmap_ext entry: + + .. code-block:: python + + pmmap_ext(addr='15555551c000-155555520000', perms='r--p', path='[vvar]', rss=0, size=16384, pss=0, shared_clean=0, shared_dirty=0, private_clean=0, private_dirty=0, referenced=0, anonymous=0, swap=0) + """ + + permissions = namedtuple("permissions", "read write execute private shared string") + mapping = namedtuple("mapping", + "addr address start end size perms path rss pss shared_clean shared_dirty private_clean private_dirty referenced anonymous swap") + # addr = address (alias) = start (alias) + + from pwnlib.util.proc import memory_maps + raw_maps = memory_maps(self.pid) + + maps = [] + # raw_mapping + for r_m in raw_maps: + p_perms = permissions('r' in r_m.perms, 'w' in r_m.perms, 'x' in r_m.perms, 'p' in r_m.perms, 's' in r_m.perms, r_m.perms) + addr_split = r_m.addr.split('-') + p_addr = int(addr_split[0], 16) + p_mapping = mapping(p_addr, p_addr, p_addr, int(addr_split[1], 16), r_m.size, p_perms, r_m.path, r_m.rss, + r_m.pss, r_m.shared_clean, r_m.shared_dirty, r_m.private_clean, r_m.private_dirty, + r_m.referenced, r_m.anonymous, r_m.swap) + maps.append(p_mapping) + + return maps + + def get_mapping(self, path_value, single=True): + """get_mapping(path_value, single=True) -> mapping + get_mapping(path_value, False) -> [mapping] + + Arguments: + path_value(str): The exact path of the requested mapping, + valid values are also [stack], [heap], etc.. + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns found mapping(s) in process memory according to + path_value. + + Example: + + >>> p = process(['cat']) + >>> mapping = p.get_mapping('[stack]') + >>> mapping.path == '[stack]' + True + >>> mapping.perms.execute + False + >>> + >>> mapping = p.get_mapping('does not exist') + >>> print(mapping) + None + >>> + >>> mappings = p.get_mapping(which('cat'), single=False) + >>> len(mappings) > 1 + True + + """ + all_maps = self.maps() + + if single: + for mapping in all_maps: + if path_value == mapping.path: + return mapping + return None + + m_mappings = [] + for mapping in all_maps: + if path_value == mapping.path: + m_mappings.append(mapping) + return m_mappings + + def stack_mapping(self, single=True): + """stack_mapping(single=True) -> mapping + stack_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns :meth:`.process.get_mapping` with '[stack]' and single as arguments. + + Example: + + >>> p = process(['cat']) + >>> mapping = p.stack_mapping() + >>> mapping.path + '[stack]' + >>> mapping.perms.execute + False + >>> mapping.perms.write + True + >>> hex(mapping.address) # doctest: +SKIP + '0x7fffd99fe000' + >>> mappings = p.stack_mapping(single=False) + >>> len(mappings) + 1 + + """ + return self.get_mapping('[stack]', single) + + def heap_mapping(self, single=True): + """heap_mapping(single=True) -> mapping + heap_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns :meth:`.process.get_mapping` with '[heap]' and single as arguments. + + Example: + + >>> p = process(['cat']) + >>> p.sendline(b'meow') + >>> p.recvline() + b'meow\\n' + >>> mapping = p.heap_mapping() + >>> mapping.path + '[heap]' + >>> mapping.perms.execute + False + >>> mapping.perms.write + True + >>> hex(mapping.address) # doctest: +SKIP + '0x557650fae000' + >>> mappings = p.heap_mapping(single=False) + >>> len(mappings) + 1 + + """ + return self.get_mapping('[heap]', single) + + def vdso_mapping(self, single=True): + """vdso_mapping(single=True) -> mapping + vdso_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns :meth:`.process.get_mapping` with '[vdso]' and single as arguments. + + Example: + + >>> p = process(['cat']) + >>> mapping = p.vdso_mapping() + >>> mapping.path + '[vdso]' + >>> mapping.perms.execute + True + >>> mapping.perms.write + False + >>> hex(mapping.address) # doctest: +SKIP + '0x7ffcf13af000' + >>> mappings = p.vdso_mapping(single=False) + >>> len(mappings) + 1 + + """ + return self.get_mapping('[vdso]', single) + + def vvar_mapping(self, single=True): + """vvar_mapping(single=True) -> mapping + vvar_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns :meth:`.process.get_mapping` with '[vvar]' and single as arguments. + + Example: + + >>> p = process(['cat']) + >>> mapping = p.vvar_mapping() + >>> mapping.path + '[vvar]' + >>> mapping.perms.execute + False + >>> mapping.perms.write + False + >>> hex(mapping.address) # doctest: +SKIP + '0x7ffee5f60000' + >>> mappings = p.vvar_mapping(single=False) + >>> len(mappings) + 1 + + """ + return self.get_mapping('[vvar]', single) + + def libc_mapping(self, single=True): + """libc_mapping(single=True) -> mapping + libc_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns either the first libc mapping found in process memory, + or all libc mappings, depending on "single". + + Example: + + >>> p = process(['cat']) + >>> p.sendline(b'meow') + >>> p.recvline() + b'meow\\n' + >>> mapping = p.libc_mapping() + >>> mapping.path # doctest: +ELLIPSIS + '...libc...' + >>> mapping.perms.execute + False + >>> mapping.perms.write + False + >>> hex(mapping.address) # doctest: +SKIP + '0x7fbde7fd7000' + >>> + >>> mappings = p.libc_mapping(single=False) + >>> len(mappings) > 1 + True + >>> hex(mappings[1].address) # doctest: +SKIP + '0x7fbde7ffd000' + >>> mappings[0].end == mappings[1].start + True + >>> mappings[1].perms.execute + True + + """ + all_maps = self.maps() + + if single: + for mapping in all_maps: + lib_basename = os.path.basename(mapping.path) + if 'libc.so' in lib_basename or ('libc-' in lib_basename and '.so' in lib_basename): + return mapping + return None + + l_mappings = [] + for mapping in all_maps: + lib_basename = os.path.basename(mapping.path) + if 'libc.so' in lib_basename or ('libc-' in lib_basename and '.so' in lib_basename): + l_mappings.append(mapping) + return l_mappings + + def musl_mapping(self, single=True): + """musl_mapping(single=True) -> mapping + musl_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns either the first musl mapping found in process memory, + or all musl mappings, depending on "single". + """ + all_maps = self.maps() + + if single: + for mapping in all_maps: + lib_basename = os.path.basename(mapping.path) + if 'musl.so' in lib_basename or ('musl-' in lib_basename and '.so' in lib_basename): + return mapping + return None + + m_mappings = [] + for mapping in all_maps: + lib_basename = os.path.basename(mapping.path) + if 'musl.so' in lib_basename or ('musl-' in lib_basename and '.so' in lib_basename): + m_mappings.append(mapping) + return m_mappings + + def elf_mapping(self, single=True): + """elf_mapping(single=True) -> mapping + elf_mapping(False) -> [mapping] + + Arguments: + single(bool=True): Whether to only return the first + mapping matched, or all of them. + + Returns :meth:`.process.get_mapping` with the :meth:`.process.elf` path and single as arguments. + + Example: + + >>> p = process(['cat']) + >>> p.sendline(b'meow') + >>> p.recvline() + b'meow\\n' + >>> mapping = p.elf_mapping() + >>> mapping.path # doctest: +ELLIPSIS + '...cat...' + >>> mapping.perms.execute + False + >>> mapping.perms.write + False + >>> hex(mapping.address) # doctest: +SKIP + '0x55a2abba0000' + >>> mappings = p.elf_mapping(single=False) + >>> len(mappings) > 1 + True + >>> hex(mappings[1].address) # doctest: +SKIP + '0x55a2abba2000' + >>> mappings[0].end == mappings[1].start + True + >>> mappings[1].perms.execute + True + + """ + return self.get_mapping(self.elf.path, single) + + def lib_size(self, path_value): + """lib_size(path_value) -> int + + Arguments: + path_value(str): The exact path of the shared library + loaded by the process + + Returns the size of the shared library in process memory. + If the library is not found, zero is returned. + + Example: + + >>> from pwn import * + >>> p = process(['cat']) + >>> libc_size = p.lib_size(p.libc.path) + >>> hex(libc_size) # doctest: +SKIP + '0x1d5000' + >>> libc_mappings = p.libc_mapping(single=False) + >>> libc_size == (libc_mappings[-1].end - libc_mappings[0].start) + True + + """ + + # Expecting this to be sorted + lib_mappings = self.get_mapping(path_value, single=False) + + if len(lib_mappings) == 0: + return 0 + + is_contiguous = True + total_size = lib_mappings[0].size + for i in range(1, len(lib_mappings)): + total_size += lib_mappings[i].size + + if lib_mappings[i].start != lib_mappings[i - 1].end: + is_contiguous = False + + if not is_contiguous: + log.warn("lib_size(): %s mappings aren't contiguous" % path_value) + + return total_size + + def address_mapping(self, address): + """address_mapping(address) -> mapping + + Returns the mapping at the specified address. + + Example: + + >>> p = process(['cat']) + >>> p.sendline(b'meow') + >>> p.recvline() + b'meow\\n' + >>> libc = p.libc_mapping().address + >>> heap = p.heap_mapping().address + >>> elf = p.elf_mapping().address + >>> p.address_mapping(libc).path # doctest: +ELLIPSIS + '.../libc...' + >>> p.address_mapping(heap + 0x123).path + '[heap]' + >>> p.address_mapping(elf + 0x1234).path # doctest: +ELLIPSIS + '.../cat' + >>> p.address_mapping(elf - 0x1234) == None + True + + """ + + all_maps = self.maps() + for mapping in all_maps: + if mapping.addr <= address < mapping.end: + return mapping + return None + def libs(self): """libs() -> dict @@ -937,7 +1372,8 @@ def libc(self): from pwnlib.elf import ELF for lib, address in self.libs().items(): - if 'libc.so' in lib or 'libc-' in lib: + lib_basename = os.path.basename(lib) + if 'libc.so' in lib_basename or ('libc-' in lib_basename and '.so' in lib_basename): e = ELF(lib) e.address = address return e diff --git a/pwnlib/tubes/remote.py b/pwnlib/tubes/remote.py index 58008194c..e9cc82ea0 100644 --- a/pwnlib/tubes/remote.py +++ b/pwnlib/tubes/remote.py @@ -23,11 +23,11 @@ class remote(sock): fam: The string "any", "ipv4" or "ipv6" or an integer to pass to :func:`socket.getaddrinfo`. typ: The string "tcp" or "udp" or an integer to pass to :func:`socket.getaddrinfo`. timeout: A positive number, None or the string "default". + sock(:class:`socket.socket`): Socket to inherit, rather than connecting ssl(bool): Wrap the socket with SSL ssl_context(ssl.SSLContext): Specify SSLContext used to wrap the socket. - sni: Set 'server_hostname' in ssl_args based on the host parameter. - sock(socket.socket): Socket to inherit, rather than connecting - ssl_args(dict): Pass ssl.wrap_socket named arguments in a dictionary. + ssl_args(dict): Pass :func:`ssl.wrap_socket` named arguments in a dictionary. + sni(str,bool): Set 'server_hostname' in ssl_args. Set to True to set it based on the host argument. Set to False to not provide any value. Default is True. Examples: @@ -57,7 +57,7 @@ class remote(sock): def __init__(self, host, port, fam = "any", typ = "tcp", - ssl=False, sock=None, ssl_context=None, ssl_args=None, sni=True, + sock=None, ssl=False, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs): super(remote, self).__init__(*args, **kwargs) @@ -89,6 +89,8 @@ def __init__(self, host, port, import ssl as _ssl ssl_args = ssl_args or {} + if "server_hostname" in ssl_args and sni: + log.error("sni and server_hostname cannot be set at the same time") ssl_context = ssl_context or _ssl.SSLContext(_ssl.PROTOCOL_TLSv1_2) if isinstance(sni, str): ssl_args["server_hostname"] = sni diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py index 53b8be0d5..8f19b57a2 100644 --- a/pwnlib/tubes/ssh.py +++ b/pwnlib/tubes/ssh.py @@ -544,24 +544,37 @@ class ssh(Timeout, Logger): #: Remote port (``int``) port = None + #: Remote username (``str``) + user = None + + #: Remote password (``str``) + password = None + + #: Remote private key (``str``) + key = None + + #: Remote private key file (``str``) + keyfile = None + #: Enable caching of SSH downloads (``bool``) cache = True + #: Enable raw mode and don't probe the environment (``bool``) + raw = False + #: Paramiko SSHClient which backs this object client = None - #: Paramiko SFTPClient object which is used for file transfers. - #: Set to :const:`None` to disable ``sftp``. - sftp = None - #: PID of the remote ``sshd`` process servicing this connection. pid = None _cwd = '.' + _tried_sftp = False def __init__(self, user=None, host=None, port=22, password=None, key=None, keyfile=None, proxy_command=None, proxy_sock=None, level=None, - cache=True, ssh_agent=False, ignore_config=False, raw=False, *a, **kw): + cache=True, ssh_agent=False, ignore_config=False, raw=False, + auth_none=False, *a, **kw): """Creates a new ssh connection. Arguments: @@ -575,10 +588,11 @@ def __init__(self, user=None, host=None, port=22, password=None, key=None, proxy_sock(str): Use this socket instead of connecting to the host. timeout: Timeout, in seconds level: Log level - cache: Cache downloaded files (by hash/size/timestamp) - ssh_agent: If :const:`True`, enable usage of keys via ssh-agent - ignore_config: If :const:`True`, disable usage of ~/.ssh/config and ~/.ssh/authorized_keys - raw: If :const:`True`, assume a non-standard shell and don't probe the environment + cache(bool): Cache downloaded files (by hash/size/timestamp) + ssh_agent(bool): If :const:`True`, enable usage of keys via ssh-agent + ignore_config(bool): If :const:`True`, disable usage of ~/.ssh/config and ~/.ssh/authorized_keys + raw(bool): If :const:`True`, assume a non-standard shell and don't probe the environment + auth_none(bool): If :const:`True`, try to authenticate with no authentication methods NOTE: The proxy_command and proxy_sock arguments is only available if a fairly new version of paramiko is used. @@ -674,6 +688,11 @@ def __init__(self, user=None, host=None, port=22, password=None, key=None, " To remove the existing entry from your known_hosts and trust the new key, run the following commands:\n" " $ ssh-keygen -R %(host)s\n" " $ ssh-keygen -R [%(host)s]:%(port)s" % locals()) + except paramiko.SSHException as e: + if user and auth_none and str(e) == "No authentication methods available": + self.client.get_transport().auth_none(user) + else: + raise self.transport = self.client.get_transport() self.transport.use_compression(True) @@ -719,6 +738,9 @@ def cwd(self, cwd): @property def sftp(self): + """Paramiko SFTPClient object which is used for file transfers. + Set to :const:`None` to disable ``sftp``. + """ if not self._tried_sftp: try: self._sftp = self.transport.open_sftp_client() @@ -2030,7 +2052,7 @@ def user_shstk(self): Example: >>> s = ssh("travis", "example.pwnme") - >>> s.user_shstk + >>> s.user_shstk # doctest: +SKIP False """ if self._user_shstk is None: diff --git a/pwnlib/tubes/tube.py b/pwnlib/tubes/tube.py index 89ae3fcce..1a82f145c 100644 --- a/pwnlib/tubes/tube.py +++ b/pwnlib/tubes/tube.py @@ -21,6 +21,8 @@ from pwnlib.log import Logger from pwnlib.timeout import Timeout from pwnlib.tubes.buffer import Buffer +from pwnlib.util import fiddling +from pwnlib.util import iters from pwnlib.util import misc from pwnlib.util import packing @@ -467,19 +469,31 @@ def recvline(self, keepends=True, timeout=default): Receive a single line from the tube. A "line" is any sequence of bytes terminated by the byte sequence - set in :attr:`newline`, which defaults to ``'\n'``. + set in :attr:`newline`, which defaults to ``b'\n'``. + + If the connection is closed (:class:`EOFError`) before a newline + is received, the buffered data is returned by default and a warning + is logged. If the buffer is empty, an :class:`EOFError` is raised. + This behavior can be changed by setting :meth:`pwnlib.context.ContextType.throw_eof_on_incomplete_line`. If the request is not satisfied before ``timeout`` seconds pass, - all data is buffered and an empty string (``''``) is returned. + all data is buffered and an empty byte string (``b''``) is returned. Arguments: keepends(bool): Keep the line ending (:const:`True`). timeout(int): Timeout + Raises: + :class:`EOFError`: The connection closed before the request + could be satisfied and the buffer is empty + Return: All bytes received over the tube until the first newline ``'\n'`` is received. Optionally retains - the ending. + the ending. If the connection is closed before a newline + is received, the remaining data received up to this point + is returned. + Examples: @@ -494,8 +508,31 @@ def recvline(self, keepends=True, timeout=default): >>> t.newline = b'\r\n' >>> t.recvline(keepends = False) b'Foo\nBar' + >>> t = tube() + >>> def _recv_eof(n): + ... if not _recv_eof.throw: + ... _recv_eof.throw = True + ... return b'real line\ntrailing data' + ... raise EOFError + >>> _recv_eof.throw = False + >>> t.recv_raw = _recv_eof + >>> t.recvline() + b'real line\n' + >>> t.recvline() + b'trailing data' + >>> t.recvline() # doctest: +ELLIPSIS + Traceback (most recent call last): + ... + EOFError """ - return self.recvuntil(self.newline, drop = not keepends, timeout = timeout) + try: + return self.recvuntil(self.newline, drop = not keepends, timeout = timeout) + except EOFError: + if not context.throw_eof_on_incomplete_line and self.buffer.size > 0: + if context.throw_eof_on_incomplete_line is None: + self.warn_once('EOFError during recvline. Returning buffered data without trailing newline.') + return self.buffer.get() + raise def recvline_pred(self, pred, keepends=False, timeout=default): r"""recvline_pred(pred, keepends=False) -> bytes @@ -1042,6 +1079,131 @@ def clean_and_log(self, timeout = 0.05): with context.local(log_level='debug'): return cached_data + self.clean(timeout) + def upload_manually(self, data, target_path = './payload', prompt = b'$', chunk_size = 0x200, chmod_flags = 'u+x', compression='auto', end_marker = 'PWNTOOLS_DONE'): + """upload_manually(data, target_path = './payload', prompt = b'$', chunk_size = 0x200, chmod_flags = 'u+x', compression='auto', end_marker = 'PWNTOOLS_DONE') + + Upload a file manually using base64 encoding and compression. + This can be used when the tube is connected to a shell. + + The file is uploaded in base64-encoded chunks by appending to a file + and then decompressing it: + + .. code-block:: + + loop: + echo | base64 -d >> . + -d -f . + chmod + + It is assumed that a `base64` command is available on the target system. + When ``compression`` is ``auto`` the best compression utility available + between ``gzip`` and ``xz`` is chosen with a fallback to uncompressed + upload. + + Arguments: + + data(bytes): The data to upload. + target_path(str): The path to upload the data to. + prompt(bytes): The shell prompt to wait for. + chunk_size(int): The size of each chunk to upload. + chmod_flags(str): The flags to use with chmod. ``""`` to ignore. + compression(str): The compression to use. ``auto`` to automatically choose the best compression or ``gzip`` or ``xz``. + end_marker(str): The marker to use to detect the end of the output. Only used when prompt is not set. + + Examples: + + >>> l = listen() + >>> l.spawn_process('/bin/sh') + >>> r = remote('127.0.0.1', l.lport) + >>> r.upload_manually(b'some\\xca\\xfedata\\n', prompt=b'', chmod_flags='') + >>> r.sendline(b'cat ./payload') + >>> r.recvline() + b'some\\xca\\xfedata\\n' + + >>> r.upload_manually(cyclic(0x1000), target_path='./cyclic_pattern', prompt=b'', chunk_size=0x10, compression='gzip') + >>> r.sendline(b'sha256sum ./cyclic_pattern') + >>> r.recvlineS(keepends=False).startswith(sha256sumhex(cyclic(0x1000))) + True + + >>> blob = ELF.from_assembly(shellcraft.echo('Hello world!\\n') + shellcraft.exit(0)) + >>> r.upload_manually(blob.data, prompt=b'') + >>> r.sendline(b'./payload') + >>> r.recvline() + b'Hello world!\\n' + >>> r.close() + >>> l.close() + """ + echo_end = "" + if not prompt: + echo_end = "; echo {}".format(end_marker) + end_markerb = end_marker.encode() + else: + end_markerb = prompt + + # Detect available compression utility, fallback to uncompressed upload. + compression_mode = None + possible_compression = ['gzip'] + if six.PY3: + possible_compression.insert(0, 'xz') + if not prompt: + self.sendline("echo {}".format(end_marker).encode()) + if compression == 'auto': + for utility in possible_compression: + self.sendlineafter(end_markerb, "command -v {} && echo YEP || echo NOPE{}".format(utility, echo_end).encode()) + result = self.recvuntil([b'YEP', b'NOPE']) + if b'YEP' in result: + compression_mode = utility + break + elif compression in possible_compression: + compression_mode = compression + else: + self.error('Invalid compression mode: %s, has to be one of %s', compression, possible_compression) + + self.debug('Manually uploading using compression mode: %s', compression_mode) + + compressed_data = b'' + if compression_mode == 'xz': + import lzma + compressed_data = lzma.compress(data, format=lzma.FORMAT_XZ, preset=9) + compressed_path = target_path + '.xz' + elif compression_mode == 'gzip': + import gzip + from six import BytesIO + f = BytesIO() + with gzip.GzipFile(fileobj=f, mode='wb', compresslevel=9) as g: + g.write(data) + compressed_data = f.getvalue() + compressed_path = target_path + '.gz' + else: + compressed_path = target_path + + # Don't compress if it doesn't reduce the size. + if len(compressed_data) >= len(data): + compression_mode = None + compressed_path = target_path + else: + data = compressed_data + + # Upload data in `chunk_size` chunks. Assume base64 is available. + with self.progress('Uploading payload') as p: + for idx, chunk in enumerate(iters.group(chunk_size, data)): + if None in chunk: + chunk = chunk[:chunk.index(None)] + if idx == 0: + self.sendlineafter(end_markerb, "echo {} | base64 -d > {}{}".format(fiddling.b64e(bytearray(chunk)), compressed_path, echo_end).encode()) + else: + self.sendlineafter(end_markerb, "echo {} | base64 -d >> {}{}".format(fiddling.b64e(bytearray(chunk)), compressed_path, echo_end).encode()) + p.status('{}/{} {}'.format(idx+1, len(data)//chunk_size+1, misc.size(idx*chunk_size + len(chunk)))) + p.success(misc.size(len(data))) + + # Decompress the file and set the permissions. + if compression_mode is not None: + self.sendlineafter(end_markerb, '{} -d -f {}{}'.format(compression_mode, compressed_path, echo_end).encode()) + if chmod_flags: + self.sendlineafter(end_markerb, 'chmod {} {}{}'.format(chmod_flags, target_path, echo_end).encode()) + if not prompt: + self.recvuntil(end_markerb + b'\n') + def connect_input(self, other): """connect_input(other) diff --git a/pwnlib/update.py b/pwnlib/update.py index dd8f0ed8a..57b01fbd6 100644 --- a/pwnlib/update.py +++ b/pwnlib/update.py @@ -74,12 +74,15 @@ def available_on_pypi(prerelease=current_version.is_prerelease): False """ # Deferred import to save startup time - from six.moves.xmlrpc_client import ServerProxy + import requests versions = getattr(available_on_pypi, 'cached', None) if versions is None: - client = ServerProxy('https://pypi.python.org/pypi') - versions = client.package_releases('pwntools', True) + response = requests.get("https://pypi.org/simple/pwntools/", + headers={"Accept": "application/vnd.pypi.simple.v1+json"}, + timeout=5) + response.raise_for_status() + versions = response.json()["versions"] available_on_pypi.cached = versions versions = map(packaging.version.Version, versions) diff --git a/pwnlib/util/crc/__init__.py b/pwnlib/util/crc/__init__.py index f4271b23f..80a5c5649 100644 --- a/pwnlib/util/crc/__init__.py +++ b/pwnlib/util/crc/__init__.py @@ -74,6 +74,8 @@ class BitPolynom(object): def __init__(self, n): if isinstance(n, (bytes, six.text_type)): + from pwnlib.util.packing import _need_text + n = _need_text(n) self.n = 0 x = BitPolynom(2) try: diff --git a/pwnlib/util/fiddling.py b/pwnlib/util/fiddling.py index 2b7ec7296..51541be2f 100644 --- a/pwnlib/util/fiddling.py +++ b/pwnlib/util/fiddling.py @@ -320,14 +320,19 @@ def xor(*args, **kwargs): The string of the arguments xor'ed together. Example: + >>> xor(b'lol', b'hello', 42) b'. ***' + >>> xor(cut = 'min', other = '') + Traceback (most recent call last): + ... + TypeError: xor() got an unexpected keyword argument 'other' """ cut = kwargs.pop('cut', 'max') if kwargs != {}: - raise TypeError("xor() got an unexpected keyword argument '%s'" % kwargs.pop()[0]) + raise TypeError("xor() got an unexpected keyword argument '%s'" % kwargs.popitem()[0]) if len(args) == 0: raise ValueError("Must have something to xor") @@ -1092,3 +1097,29 @@ def js_unescape(s, **kwargs): p += 1 return b''.join(res) + +def tty_escape(s, lnext=b'\x16', dangerous=bytes(bytearray(range(0x20)))): + r"""tty_escape(s, lnext=b'\x16', dangerous=bytes(bytearray(range(0x20)))) -> bytes + + Escape data for terminal output. This is useful when sending data to a + terminal that may interpret certain bytes as control characters. + + Check ``stty --all`` for the current settings on your terminal. + + Arguments: + s (bytes): The data to escape + lnext (bytes): The byte to prepend to escape the next character. Defaults to ^V. + dangerous (bytes): The bytes to escape + + Returns: + The escaped data. + + >>> tty_escape(b'abc\x04d\x18e\x16f') + b'abc\x16\x04d\x16\x18e\x16\x16f' + """ + s = s.replace(lnext, lnext * 2) + for b in bytearray(dangerous): + b = bytes(bytearray([b])) + if b in lnext: continue + s = s.replace(b, lnext + b) + return s diff --git a/pwnlib/util/lists.py b/pwnlib/util/lists.py index 4d200f8e7..ada0c44f7 100644 --- a/pwnlib/util/lists.py +++ b/pwnlib/util/lists.py @@ -25,8 +25,8 @@ def partition(lst, f, save_keys = False): >>> partition([1,2,3,4,5], lambda x: x&1) [[1, 3, 5], [2, 4]] - >>> partition([1,2,3,4,5], lambda x: x%3, save_keys=True) - OrderedDict([(1, [1, 4]), (2, [2, 5]), (0, [3])]) + >>> partition([1,2,3,4,5], lambda x: x%3, save_keys=True) == collections.OrderedDict([(1, [1, 4]), (2, [2, 5]), (0, [3])]) + True """ d = collections.OrderedDict() diff --git a/pwnlib/util/misc.py b/pwnlib/util/misc.py index d1622154e..e55465d33 100644 --- a/pwnlib/util/misc.py +++ b/pwnlib/util/misc.py @@ -13,11 +13,13 @@ import sys import tempfile import inspect +import time import types from pwnlib import atexit from pwnlib.context import context from pwnlib.log import getLogger +from pwnlib.timeout import Timeout from pwnlib.util import fiddling from pwnlib.util import lists from pwnlib.util import packing @@ -368,13 +370,13 @@ def run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, pr terminal = 'cmd.exe' args = ['/c', 'start'] distro_name = os.getenv('WSL_DISTRO_NAME') + current_dir = os.getcwd() # Split pane in Windows Terminal if 'WT_SESSION' in os.environ and which('wt.exe'): - args.extend(['wt.exe', '-w', '0', 'split-pane', '-d', '.']) - + args.extend(['wt.exe', '-w', '0', 'split-pane']) if distro_name: - args.extend(['wsl.exe', '-d', distro_name, 'bash', '-c']) + args.extend(['wsl.exe', '-d', distro_name, '--cd', current_dir, 'bash', '-c']) else: args.extend(['bash.exe', '-c']) @@ -439,15 +441,22 @@ def run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, pr tmp.flush() os.chmod(tmp.name, 0o700) argv = [which(terminal), tmp.name] + # cmd.exe does not support WSL UNC paths as working directory + # so it gets reset to %WINDIR% before starting wsl again. + # Set the working directory correctly in WSL. + elif terminal == 'cmd.exe': + argv[-1] = "cd '{}' && {}".format(os.getcwd(), argv[-1]) log.debug("Launching a new terminal: %r" % argv) stdin = stdout = stderr = open(os.devnull, 'r+b') - if terminal == 'tmux': + if terminal == 'tmux' or terminal == 'kitty': stdout = subprocess.PIPE p = subprocess.Popen(argv, stdin=stdin, stdout=stdout, stderr=stderr, preexec_fn=preexec_fn) + kittyid = None + if terminal == 'tmux': out, _ = p.communicate() try: @@ -460,14 +469,42 @@ def run_in_new_terminal(command, terminal=None, args=None, kill_at_exit=True, pr with subprocess.Popen((qdbus, konsole_dbus_service, '/Sessions/{}'.format(last_konsole_session), 'org.kde.konsole.Session.processId'), stdout=subprocess.PIPE) as proc: pid = int(proc.communicate()[0].decode()) + elif terminal == 'kitty': + pid = p.pid + + out, _ = p.communicate() + try: + kittyid = int(out) + except ValueError: + kittyid = None + if kittyid is None: + log.error("Could not parse kitty window ID from output (%r)", out) + elif terminal == 'cmd.exe': + # p.pid is cmd.exe's pid instead of the WSL process we want to start eventually. + # I don't know how to trace the execution through Windows and back into the WSL2 VM. + # Do a best guess by waiting for a new process matching the command to be run. + # Otherwise it's better to return nothing instead of a know wrong pid. + from pwnlib.util.proc import pid_by_name + pid = None + ran_program = command.split(' ')[0] if isinstance(command, six.string_types) else command[0] + t = Timeout() + with t.countdown(timeout=5): + while t.timeout: + new_pid = pid_by_name(ran_program) + if new_pid and new_pid[0] > p.pid: + pid = new_pid[0] + break + time.sleep(0.01) else: pid = p.pid - if kill_at_exit: + if kill_at_exit and pid: def kill(): try: if terminal == 'qdbus': os.kill(pid, signal.SIGHUP) + elif terminal == 'kitty': + subprocess.Popen(["kitten", "@", "close-window", "--match", "id:{}".format(kittyid)], stderr=stderr) else: os.kill(pid, signal.SIGTERM) except OSError: diff --git a/pwnlib/util/net.py b/pwnlib/util/net.py index fab1dacbb..df8cd5662 100644 --- a/pwnlib/util/net.py +++ b/pwnlib/util/net.py @@ -259,17 +259,17 @@ def sockinfos(addr, f, t): infos |= set(socket.getaddrinfo(sockaddr[0], sockaddr[1], socket.AF_INET6, t, proto, socket.AI_V4MAPPED)) return infos - if local is not None: - local = sockinfos(local, fam, typ) - remote = sockinfos(remote, fam, typ) + local = sockinfos(local, fam, typ) + if remote is not None: + remote = sockinfos(remote, fam, typ) def match(c): laddrs = sockinfos(c.laddr, c.family, c.type) raddrs = sockinfos(c.raddr, c.family, c.type) - if not (raddrs & remote): + if not (laddrs & local): return False - if local is None: + if remote is None: return True - return bool(laddrs & local) + return bool(raddrs & remote) return match diff --git a/pwnlib/util/proc.py b/pwnlib/util/proc.py index 0bcaca4d8..9889bb697 100644 --- a/pwnlib/util/proc.py +++ b/pwnlib/util/proc.py @@ -3,6 +3,7 @@ import errno import socket +import sys import time import psutil @@ -26,6 +27,11 @@ def pidof(target): - :class:`pwnlib.tubes.sock.sock`: singleton list of the PID at the remote end of `target` if it is running on the host. Otherwise an empty list. + - :class:`pwnlib.tubes.ssh.ssh_channel`: singleton list of the PID of + `target` on the remote system. + - :class:`tuple`: singleton list of the PID at the local end of the + connection to `target` if it is running on the host. Otherwise an + empty list. Arguments: target(object): The target whose PID(s) to find. @@ -37,7 +43,7 @@ def pidof(target): >>> l = tubes.listen.listen() >>> p = process(['curl', '-s', 'http://127.0.0.1:%d'%l.lport]) - >>> pidof(p) == pidof(l) == pidof(('127.0.0.1', l.lport)) + >>> pidof(p) == pidof(l) == pidof(('127.0.0.1', l.rport)) True """ if isinstance(target, tubes.ssh.ssh_channel): @@ -50,7 +56,7 @@ def pidof(target): return [c.pid for c in psutil.net_connections() if match(c)] elif isinstance(target, tuple): - match = sock_match(None, target) + match = sock_match(target, None) return [c.pid for c in psutil.net_connections() if match(c)] elif isinstance(target, tubes.process.process): @@ -81,6 +87,8 @@ def match(p): try: if p.exe() == name: return True + if p.cmdline()[0] == name: + return True except Exception: pass return False @@ -315,6 +323,42 @@ def status(pid): raise return out +def _tracer_windows(pid): + import ctypes + from ctypes import wintypes + + def _check_bool(result, func, args): + if not result: + raise ctypes.WinError(ctypes.get_last_error()) + return args + + kernel32 = ctypes.WinDLL("kernel32", use_last_error=True) + OpenProcess = kernel32.OpenProcess + OpenProcess.argtypes = [wintypes.DWORD, wintypes.BOOL, wintypes.DWORD] + OpenProcess.restype = wintypes.HANDLE + OpenProcess.errcheck = _check_bool + + CheckRemoteDebuggerPresent = kernel32.CheckRemoteDebuggerPresent + CheckRemoteDebuggerPresent.argtypes = [wintypes.HANDLE, ctypes.POINTER(wintypes.BOOL)] + CheckRemoteDebuggerPresent.restype = wintypes.BOOL + CheckRemoteDebuggerPresent.errcheck = _check_bool + + CloseHandle = kernel32.CloseHandle + CloseHandle.argtypes = [wintypes.HANDLE] + CloseHandle.restype = wintypes.BOOL + CloseHandle.errcheck = _check_bool + + PROCESS_QUERY_INFORMATION = 0x0400 + proc_handle = OpenProcess(PROCESS_QUERY_INFORMATION, False, pid) + present = wintypes.BOOL() + CheckRemoteDebuggerPresent(proc_handle, ctypes.byref(present)) + ret = 0 + if present.value: + ret = pid + CloseHandle(proc_handle) + + return ret + def tracer(pid): """tracer(pid) -> int @@ -329,7 +373,10 @@ def tracer(pid): >>> tracer(os.getpid()) is None True """ - tpid = int(status(pid)['TracerPid']) + if sys.platform == 'win32': + tpid = _tracer_windows(pid) + else: + tpid = int(status(pid)['TracerPid']) return tpid if tpid > 0 else None def state(pid): @@ -358,7 +405,7 @@ def wait_for_debugger(pid, debugger_pid=None): pid (int): PID of the process. Returns: - None + The PID of the debugger that attached to the process. """ t = Timeout() with t.countdown(timeout=15): @@ -376,9 +423,11 @@ def wait_for_debugger(pid, debugger_pid=None): else: time.sleep(0.01) - if tracer(pid): + tracer_pid = tracer(pid) + if tracer_pid: l.success() elif debugger_pid == 0: l.failure("debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)") else: l.failure('Debugger did not attach to pid %d within 15 seconds', pid) + return tracer_pid diff --git a/pwnlib/util/safeeval.py b/pwnlib/util/safeeval.py index 6c4a7c5a3..35694976d 100644 --- a/pwnlib/util/safeeval.py +++ b/pwnlib/util/safeeval.py @@ -29,8 +29,8 @@ def _get_opcodes(codeobj): Extract the actual opcodes as a list from a code object >>> c = compile("[1 + 2, (1,2)]", "", "eval") - >>> _get_opcodes(c) - [100, 100, 103, 83] + >>> _get_opcodes(c) # doctest: +ELLIPSIS + [...100, 100, 103, 83] """ import dis if hasattr(dis, 'get_instructions'): diff --git a/pwnlib/version.py b/pwnlib/version.py index 8e5051f7e..f7dfb7bdc 100644 --- a/pwnlib/version.py +++ b/pwnlib/version.py @@ -1 +1 @@ -__version__ = '4.14.0dev' +__version__ = '4.15.0dev' diff --git a/pwnlib/windbg.py b/pwnlib/windbg.py new file mode 100644 index 000000000..588714572 --- /dev/null +++ b/pwnlib/windbg.py @@ -0,0 +1,239 @@ +""" +During exploit development, it is frequently useful to debug the +target binary under WinDbg. This module provides a simple interface +to do so under Windows. + +Useful Functions +---------------- + +- :func:`attach` - Attach to an existing process + +Debugging Tips +-------------- + +The :func:`attach` and :func:`debug` functions will likely be your bread and +butter for debugging. + +Both allow you to provide a script to pass to WinDbg when it is started, so that +it can automatically set your breakpoints. + +Attaching to Processes +~~~~~~~~~~~~~~~~~~~~~~ + +To attach to an existing process, just use :func:`attach`. You can pass a PID, +a process name (including file extension), or a :class:`.process`. + +Spawning New Processes +~~~~~~~~~~~~~~~~~~~~~~ + +Attaching to processes with :func:`attach` is useful, but the state the process +is in may vary. If you need to attach to a process very early, and debug it from +the very first instruction (or even the start of ``main``), you instead should use +:func:`debug`. + +When you use :func:`debug`, the return value is a :class:`.tube` object +that you interact with exactly like normal. + +Tips and Troubleshooting +------------------------ + +``NOPTRACE`` magic argument +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +It's quite cumbersom to comment and un-comment lines containing `attach`. + +You can cause these lines to be a no-op by running your script with the +``NOPTRACE`` argument appended, or with ``PWNLIB_NOPTRACE=1`` in the environment. +(The name is borrowed from ptrace syscall on Linux.) + +:: + + $ python exploit.py NOPTRACE + [+] Starting local process 'chall.exe': Done + [!] Skipping debug attach since context.noptrace==True + ... + +Member Documentation +=============================== +""" +from __future__ import absolute_import +import atexit +import os +import signal + +import subprocess + +import six + +from pwnlib import tubes +from pwnlib.context import LocalContext +from pwnlib.context import context +from pwnlib.log import getLogger +from pwnlib.util import misc +from pwnlib.util import proc + +log = getLogger(__name__) + +CREATE_SUSPENDED = 0x00000004 + +@LocalContext +def debug(args, windbgscript=None, exe=None, env=None, creationflags=0, **kwargs): + """debug(args, windbgscript=None, exe=None, env=None, creationflags=0) -> tube + + Launch a process in suspended state, attach debugger and resume process. + + Arguments: + args(list): Arguments to the process, similar to :class:`.process`. + windbgscript(str): windbg script to run. + exe(str): Path to the executable on disk. + env(dict): Environment to start the binary in. + creationflags(int): Flags to pass to :func:`.process.process`. + + Returns: + :class:`.process`: A tube connected to the target process. + + Notes: + + .. code-block: python + + # Create a new process, and stop it at 'main' + io = windbg.debug('calc', ''' + bp $exentry + go + ''') + + When WinDbg opens via :func:`.debug`, it will initially be stopped on the very first + instruction of the entry point. + """ + if isinstance( + args, six.integer_types + (tubes.process.process, tubes.ssh.ssh_channel) + ): + log.error("Use windbg.attach() to debug a running process") + + if context.noptrace: + log.warn_once("Skipping debugger since context.noptrace==True") + return tubes.process.process(args, executable=exe, env=env, creationflags=creationflags) + + windbgscript = windbgscript or '' + if isinstance(windbgscript, six.string_types): + windbgscript = windbgscript.split('\n') + # resume main thread + windbgscript = ['~0m'] + windbgscript + creationflags |= CREATE_SUSPENDED + io = tubes.process.process(args, executable=exe, env=env, creationflags=creationflags) + attach(target=io, windbgscript=windbgscript, **kwargs) + + return io + +def binary(): + """binary() -> str + + Returns the path to the WinDbg binary. + + Returns: + str: Path to the appropriate ``windbg`` binary to use. + """ + windbg = misc.which('windbgx.exe') or misc.which('windbg.exe') + if not windbg: + log.error('windbg is not installed or in system PATH') + return windbg + +@LocalContext +def attach(target, windbgscript=None, windbg_args=[]): + """attach(target, windbgscript=None, windbg_args=[]) -> int + + Attach to a running process with WinDbg. + + Arguments: + target(int, str, process): Process to attach to. + windbgscript(str, list): WinDbg script to run after attaching. + windbg_args(list): Additional arguments to pass to WinDbg. + + Returns: + int: PID of the WinDbg process. + + Notes: + + The ``target`` argument is very robust, and can be any of the following: + + :obj:`int` + PID of a process + :obj:`str` + Process name. The youngest process is selected. + :class:`.process` + Process to connect to + + Examples: + + Attach to a process by PID + + >>> pid = windbg.attach(1234) # doctest: +SKIP + + Attach to the youngest process by name + + >>> pid = windbg.attach('cmd.exe') # doctest: +SKIP + + Attach a debugger to a :class:`.process` tube and automate interaction + + >>> io = process('cmd') # doctest: +SKIP + >>> pid = windbg.attach(io, windbgscript=''' + ... bp kernelbase!WriteFile + ... g + ... ''') # doctest: +SKIP + """ + if context.noptrace: + log.warn_once("Skipping debug attach since context.noptrace==True") + return + + # let's see if we can find a pid to attach to + pid = None + if isinstance(target, six.integer_types): + # target is a pid, easy peasy + pid = target + elif isinstance(target, str): + # pidof picks the youngest process + pids = list(proc.pidof(target)) + if not pids: + log.error('No such process: %s', target) + pid = pids[0] + log.info('Attaching to youngest process "%s" (PID = %d)' % + (target, pid)) + elif isinstance(target, tubes.process.process): + pid = proc.pidof(target)[0] + else: + log.error("don't know how to attach to target: %r", target) + + if not pid: + log.error('could not find target process') + + cmd = [binary()] + if windbg_args: + cmd.extend(windbg_args) + + cmd.extend(['-p', str(pid)]) + + windbgscript = windbgscript or '' + if isinstance(windbgscript, six.string_types): + windbgscript = windbgscript.split('\n') + if isinstance(windbgscript, list): + windbgscript = ';'.join(script.strip() for script in windbgscript if script.strip()) + if windbgscript: + cmd.extend(['-c', windbgscript]) + + log.info("Launching a new process: %r" % cmd) + + io = subprocess.Popen(cmd) + windbg_pid = io.pid + + def kill(): + try: + os.kill(windbg_pid, signal.SIGTERM) + except OSError: + pass + + atexit.register(kill) + + if context.native: + proc.wait_for_debugger(pid, windbg_pid) + + return windbg_pid diff --git a/pyproject.toml b/pyproject.toml index ce59233f9..1e394d838 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -53,7 +53,8 @@ dependencies = [ "unicorn>=2.0.1", "six>=1.12.0", "rpyc", - "colored_traceback", + "colored_traceback<0.4; python_version < '3'", + "colored_traceback; python_version >= '3'", "pathlib2; python_version < '3.4'", "unix-ar; python_version >= '3'", "zstandard", diff --git a/setup.py b/setup.py index 7d57ff7c5..637f5cd7a 100755 --- a/setup.py +++ b/setup.py @@ -59,11 +59,11 @@ PythonH = os.path.join(get_python_inc(), 'Python.h') if not os.path.exists(PythonH): print("You must install the Python development headers!", file=sys.stderr) - print("$ apt-get install python-dev", file=sys.stderr) + print("$ sudo apt-get install python-dev", file=sys.stderr) sys.exit(-1) setup( - version = '4.14.0dev', + version = '4.15.0dev', data_files = [('pwntools-doc', glob.glob('*.md') + glob.glob('*.txt')), ], diff --git a/travis/libcdb_nginx_cache.conf b/travis/libcdb_nginx_cache.conf new file mode 100644 index 000000000..689784978 --- /dev/null +++ b/travis/libcdb_nginx_cache.conf @@ -0,0 +1,69 @@ +events { + worker_connections 1024; +} + +http { + proxy_cache_path /var/cache/nginx keys_zone=my_cache:1m max_size=1g inactive=12w use_temp_path=off; + log_format cache_st '$remote_addr - $remote_user - $upstream_cache_status [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /dev/stdout cache_st; + + server { + listen 3000; + proxy_cache my_cache; + + location / { + proxy_set_header Host debuginfod.elfutils.org; + proxy_cache_revalidate on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 404 12w; + proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_429; + proxy_pass https://debuginfod.elfutils.org/; + } + } + + server { + listen 3001; + proxy_cache my_cache; + + location / { + proxy_set_header Host libc.rip; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_key $scheme://$host$uri$is_args$query_string$request_body; + proxy_cache_valid 200 404 12w; + proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_429; + proxy_pass https://libc.rip/; + } + } + + server { + listen 3002; + proxy_cache my_cache; + + location / { + proxy_set_header Host archive.ubuntu.com; + proxy_cache_revalidate on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 404 12w; + proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_429; + proxy_pass http://archive.ubuntu.com/; + } + } + + server { + listen 3003; + proxy_cache my_cache; + + location / { + proxy_set_header Host gitlab.com; + proxy_ssl_server_name on; + proxy_cache_revalidate on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 404 12w; + proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_429; + proxy_pass https://gitlab.com/; + } + } +} diff --git a/travis/setup_avd_fast.sh b/travis/setup_avd_fast.sh index 01cd9c4c0..c177fa934 100644 --- a/travis/setup_avd_fast.sh +++ b/travis/setup_avd_fast.sh @@ -9,16 +9,18 @@ set -ex # - x86 # - x86_64 ANDROID_ABI='x86_64' -ANDROIDV=android-24 +ANDROIDV=android-34 +export ANDROID_AVD_HOME="$HOME/.android/avd" +mkdir -p "$ANDROID_AVD_HOME" # Create our emulator Android Virtual Device (AVD) # --snapshot flag is deprecated, see bitrise-steplib/steps-create-android-emulator#18 -export PATH=$PATH:"$ANDROID_HOME"/cmdline-tools/latest/bin:"$ANDROID_HOME"/platform-tools -yes | sdkmanager --sdk_root="$ANDROID_HOME" --install "system-images;$ANDROIDV;default;$ANDROID_ABI" "emulator" "platform-tools" "platforms;$ANDROIDV" +export PATH=$PATH:"$ANDROID_HOME"/cmdline-tools/latest/bin:"$ANDROID_HOME"/platform-tools:"$ANDROID_HOME"/emulator +yes | sdkmanager --sdk_root="$ANDROID_HOME" --install "system-images;$ANDROIDV;default;$ANDROID_ABI" "emulator" "platform-tools" # "platforms;$ANDROIDV" yes | sdkmanager --sdk_root="$ANDROID_HOME" --licenses -echo no | avdmanager --silent create avd --name android-$ANDROID_ABI --force --package "system-images;$ANDROIDV;default;$ANDROID_ABI" -"$ANDROID_HOME"/emulator/emulator -avd android-$ANDROID_ABI -no-window -no-boot-anim -read-only -no-audio -no-window -no-snapshot -gpu off -accel off & +echo no | avdmanager --verbose create avd --name android-$ANDROID_ABI --force --abi "default/$ANDROID_ABI" --package "system-images;$ANDROIDV;default;$ANDROID_ABI" +emulator -avd android-$ANDROID_ABI -no-window -no-boot-anim -read-only -no-audio -no-window -no-snapshot -gpu off -accel off -no-metrics & adb wait-for-device adb shell id adb shell getprop