pwnypack.util
– Utility functions¶
The util module contains various utility functions.
-
pwnypack.util.
cycle
(length, width=4)¶ Generate a de Bruijn sequence of a given length (and width). A de Bruijn sequence is a set of varying repetitions where each sequence of n characters is unique within the sequence. This type of sequence can be used to easily find the offset to the return pointer when exploiting a buffer overflow.
Parameters: - length (int) – The length of the sequence to generate.
- width (int) – The width of each element in the sequence.
Returns: The sequence.
Return type: str
Example
>>> from pwny import * >>> cycle(80) AAAABAAACAAADAAAEAAAFAAAGAAAHAAAIAAAJAAAKAAALAAAMAAANAAAOAAAPAAAQAAARAAASAAATAAA
-
pwnypack.util.
cycle_find
(key, width=4)¶ Given an element of a de Bruijn sequence, find its index in that sequence.
Parameters: - key (str) – The piece of the de Bruijn sequence to find.
- width (int) – The width of each element in the sequence.
Returns: The index of
key
in the de Bruijn sequence.Return type: int
-
pwnypack.util.
reghex
(pattern)¶ Compile a regular hexpression (a short form regular expression subset specifically designed for searching for binary strings).
A regular hexpression consists of hex tuples interspaced with control characters. The available control characters are:
?
: Any byte (optional)..
: Any byte (required).?{n}
: A set of 0 up to n bytes..{n}
: A set of exactly n bytes.*
: Any number of bytes (or no bytes at all).+
: Any number of bytes (at least one byte).
Parameters: pattern (str) – The reghex pattern. Returns: A regular expression as returned by re.compile()
.Return type: regexp
-
pwnypack.util.
pickle_call
(func, *args)¶ Create a byte sequence which when unpickled calls a callable with given arguments.
Parameters: - func (callable) – The function to call or class to instantiate.
- args (tuple) – The arguments to call the callable with.
Returns: The data that when unpickled calls
func(*args)
.Return type: bytes
Example
>>> from pwny import * >>> import pickle >>> def hello(arg): ... print('Hello, %s!' % arg) ... >>> pickle.loads(pickle_call(hello, 'world')) Hello, world!