# #-- # Ronin Exploits - A Ruby library for Ronin that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA #++ # require 'ronin/exploits/format_string_target' require 'ronin/exploits/binary_exploit' module Ronin module Exploits class FormatString < BinaryExploit objectify :ronin_format_string # Targets of the format string has n, :targets, :class_name => 'FormatStringTarget' # # Adds a new FormatStringTarget with the given _options_. If a _block_ # is given, it will be passed the new FormatStringTarget object. # def target(options={},&block) self.targets << FormatStringTarget.new(options,&block) end # # Builds the format string with the given _options_. # def build_format_string(options={}) target = (options[:target] || selected_target) payload = (options[:payload] || @payload).to_s buffer = target.overwrite.pack(target.platform.arch)+(target.overwrite+(target.platform.arch.address_length/2)).pack(target.platform.arch) low_mask = 0xff (target.platform.arch.address_length/2).times do low_mask <<= 8 low_mask |= 0xff end high_mask = low_mask << (target.platform.arch.address_length*4) high = (target.address & high_mask) >> (target.platform.arch.address_length/2) low = target.address & low_mask if low