Allow creating an ELF from in-memory bytes (#2574)

Author: clubby789

CHANGELOG.md

@@ -90,7 +90,8 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2504][2504] doc: add example case for `tuple` (host, port pair) in `gdb.attach`
 - [#2546][2546] ssh: Allow passing disabled_algorithms keyword argument from ssh to paramiko
 - [#2538][2538] Add `ssh -L` / `ssh.connect_remote()` workaround when `AllowTcpForwarding` is disabled
-- [#2574][2574] Detect when Terminator is being used as terminal
+- [#2574][2574] Allow creating an ELF from in-memory bytes
+- [#2575][2575] Detect when Terminator is being used as terminal
 
 [2419]: https://github.com/Gallopsled/pwntools/pull/2419
 [2551]: https://github.com/Gallopsled/pwntools/pull/2551
@@ -108,6 +109,7 @@ The table below shows which release corresponds to each branch, and what date th
 [2546]: https://github.com/Gallopsled/pwntools/pull/2546
 [2538]: https://github.com/Gallopsled/pwntools/pull/2538
 [2574]: https://github.com/Gallopsled/pwntools/pull/2574
+[2575]: https://github.com/Gallopsled/pwntools/pull/2575
 
 ## 4.15.0 (`beta`)
 

pwnlib/elf/corefile.py

@@ -568,10 +568,10 @@ def __init__(self, *a, **kw):
         self._address  = 0
 
         if self.elftype != 'CORE':
-            log.error("%s is not a valid corefile" % self.file.name)
+            log.error("%s is not a valid corefile" % self.path)
 
         if self.arch not in prstatus_types:
-            log.warn_once("%s does not use a supported corefile architecture, registers are unavailable" % self.file.name)
+            log.warn_once("%s does not use a supported corefile architecture, registers are unavailable" % self.path)
 
         prstatus_type = prstatus_types.get(self.arch)
         siginfo_type = siginfo_types.get(self.bits)

pwnlib/elf/elf.py

@@ -30,6 +30,17 @@
     >>> disasm(open('/tmp/quiet-cat','rb').read(1))
     '   0:   c3                      ret'
 
+An ELF can also be created from in-memory bytes.
+
+    >>> bytes = open('/bin/cat', 'rb').read()
+    >>> e = ELF(bytes)
+    >>> e.read(e.address+1, 3)
+    b'ELF'
+    >>> e.asm(e.address, 'ret')
+    >>> e.save('/tmp/quiet-cat')
+    >>> disasm(open('/tmp/quiet-cat','rb').read(1))
+    '   0:   c3                      ret'
+
 Module Members
 --------------
 """
@@ -211,16 +222,21 @@ class ELF(ELFFile):
     _fill_gaps = True
 
 
-    def __init__(self, path, checksec=True):
+    def __init__(self, path_or_bytes, checksec=True):
         # elftools uses the backing file for all reads and writes
         # in order to permit writing without being able to write to disk,
         # mmap() the file.
 
-        #: :class:`file`: Open handle to the ELF file on disk
-        self.file = open(path,'rb')
-
-        #: :class:`mmap.mmap`: Memory-mapped copy of the ELF file on disk
-        self.mmap = mmap.mmap(self.file.fileno(), 0, access=mmap.ACCESS_COPY)
+        if isinstance(path_or_bytes, (bytes, bytearray)) and path_or_bytes.startswith(b'\x7FELF'):
+            self.file = self.mmap = mmap.mmap(-1, len(path_or_bytes))
+            self.mmap.write(path_or_bytes)
+            path = "<bytes>"
+        else:
+            #: :class:`file`: Open handle to the ELF file on disk
+            self.file = open(path_or_bytes,'rb')
+            #: :class:`mmap.mmap`: Memory-mapped copy of the ELF file on disk
+            self.mmap = mmap.mmap(self.file.fileno(), 0, access=mmap.ACCESS_COPY)
+            path = path_or_bytes
 
         super(ELF,self).__init__(self.mmap)
 

pwnlib/rop/rop.py

@@ -1271,7 +1271,7 @@ def __cache_load(self, elf):
             return None
         gadgets = eval(open(filename).read())
         gadgets = {k - elf.load_addr + elf.address:v for k, v in gadgets.items()}
-        log.info_once('Loaded %s cached gadgets for %r', len(gadgets), elf.file.name)
+        log.info_once('Loaded %s cached gadgets for %r', len(gadgets), elf.path)
         return gadgets
 
     def __cache_save(self, elf, data):