You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Libc has a bunch of optimized implementations of many of its functions such as __strlen_avx2, etc. These are not exported as symbols but instead there is a function called __libc_ifunc_impl_list that can give you this information at runtime. If we can parse the info from that function, we can provide more entries in the symbols dict.
This is useful in cases where you leak the address of one of these functions and want to calculate the libc base without hardcoding the offset.
I intend to look at possible solutions but I'm starting by opening an issue here to get input and document my findings.
I tried to implement this in pwntools by emulating the function using Unicorn but it quickly became pretty messy. Instead, I ended up writing this small tool to dump the offsets separately: https://github.com/ZetaTwo/ifunc-dumper I have no idea if there is a better way to do it but at least this is something.
Libc has a bunch of optimized implementations of many of its functions such as
__strlen_avx2
, etc. These are not exported as symbols but instead there is a function called__libc_ifunc_impl_list
that can give you this information at runtime. If we can parse the info from that function, we can provide more entries in the symbols dict.This is useful in cases where you leak the address of one of these functions and want to calculate the libc base without hardcoding the offset.
I intend to look at possible solutions but I'm starting by opening an issue here to get input and document my findings.
The function follows a format like this:
The "usable" flag is not that interesting but the name-function mapping is.
The text was updated successfully, but these errors were encountered: