pwntools icon indicating copy to clipboard operation
pwntools copied to clipboard
verified publisher icon Gallopsled

ELF.plt['unlink'] is wrong for the provided binary

Open cq674350529 opened this issue 1 year ago • 2 comments

Description

When tried to get the plt information from init elf with pwntools, it outputed the wrong address for some functions.

In [1]: from pwn import ELF

In [2]: init_elf = ELF("./init")

In [3]: hex(init_elf.plt["unlink"])
Out[3]: '0x42138'

Take the unlink function as an example, the outputed plt address is 0x42138. However, it's 0x41B60 shown in IDA Pro.

image

I tested it on the following environment:

  • Windows 10, pwntools 4.13.0
  • Ubuntu 20.04, pwntools 4.13.0
  • Ubuntu 20.04, pwntools 4.15.0.dev0 (installed from source)

The binary information are as follows, and added as an attachment below.

$ file ./init 
./init: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, BuildID[sha1]=b3444afb3a4dc34e2798e7d89505c1061b57683a, for GNU/Linux 3.2.0, stripped

init.zip

cq674350529 avatar Sep 05 '24 11:09 cq674350529

pwntools on my ubuntu machine cannot load plt in your file. Radare validates that unlink.plt is at 0x00041b60

> uv pip list| grep pwn
pwntools           4.13.0
> python
>>> from pwn import *
>>> exe = ELF('./init', checksec=False)
[!] Could not populate PLT: No module named 'pkg_resources'
>>> hex(exe.sym.unlink)
'0x41b60'

tesuji avatar Sep 11 '24 00:09 tesuji

Thanks, exe.sym.unlink or exe.symbols["unlink"] works well, I may use this instead.

cq674350529 avatar Sep 12 '24 01:09 cq674350529