0

Hi so I have a 32 bit little endian executable on Intel arch so I used context.binary for that and tried context.arch = vax to resolve this issue but both are not working what should I do? Code below:

from pwn import *

context.binary = binary = ELF("./vuln3-32")
rop = ROP(binary)
rop.execve('/bin/sh')

Very simple and should just call execve to open a shellcode. Any ideas? I will just try different context.archs for now.

Improve this question

1 Answer 1

Reset to default
0

You have to specify context.kernel to give pwntools more informations on your running environment : is it a 32-bit ELF executing on a 32-bit or on a 64-bit kernel ?

You can see it in "pwnlib/rop/srop.py" :

    @LocalContext
    def __init__(self):
        if context.kernel is None and context.arch == 'i386':
            log.error("kernel architecture must be specified")

        self.arch = context.arch
        self.endian = context.endian
        self._regs = [self.registers[i] for i in sorted(self.registers.keys())]
        self.update({r:0 for r in self._regs})
        self.size = len(bytes(self))
        self.update(defaults[self.arch])

        if context.arch == 'i386' and context.kernel == 'amd64':
            self.update(defaults['i386_on_amd64'])
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.