Add --arch, machine-readable output, byte bad-chars and symbol annotation (#19-#22)#25
Merged
Conversation
…tion Implements issues #19-#22: - #19 --arch: select the architecture slice of a fat Mach-O binary (e.g. x86_64, i386); clear error for absent/unsupported slices. Threaded through Binary -> MachO. - #20 --output {text,json,csv}: machine-readable output for gadgets and ROP chains. Gadget.to_dict() provides the record; text stays the default and the non-exhaustive ropchain path keeps its laziness. - #21 --badchar-bytes: reject gadgets whose opcode bytes contain a forbidden byte (the existing --badchar still filters only the address). - #22 --symbols: annotate each gadget with the nearest symbol at or below its address (name+offset). Loaders gained get_symbols(): ELF (.symtab/ .dynsym), Mach-O (LC_SYMTAB, parsed from the file as macholib does not expand it) and PE (export table), all rebased by the same --base delta. Also: switch comments/docstrings to American English spelling. Tests: 78 pass (3.11/3.13). New coverage for byte bad-chars, symbol annotation, JSON/CSV output, ELF symbol parsing (the in-memory ELF builder now emits an optional .symtab/.strtab) and Mach-O slice selection (guarded to macOS). README usage block updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements four enhancements from the backlog.
#19 —
--archslice selection for fat Mach-OSelect which slice of a fat/universal Mach-O to analyse (e.g.
--arch x86_64,--arch i386). Without it, the first supported slice is used (unchanged). Clear errors for an unsupported (arm64) or absent slice. Threaded throughBinary→MachO.#20 — machine-readable output
--output {text,json,csv}Structured output for scripting/pwntools.
Gadget.to_dict()provides a stable record (file,vaddr,gadget,instructions,bytes,count,symbol,op,dst,src,modifies). Works for plain gadgets,--opresults and--ropchain(CSV adds achaincolumn).textremains the default and the non-exhaustive ropchain path stays lazy.#21 —
--badchar-bytesReject gadgets whose opcode bytes contain a forbidden byte (the existing
--badcharstill filters the address only). Useful when the payload itself travels through a byte-restricted sink.#22 —
--symbolsAnnotate each gadget with the nearest symbol at or below its address (
name+offset). Loaders gainedget_symbols():.symtab/.dynsymvia pyelftools.LC_SYMTAB, parsed from the file (macholib does not expand the nlist array).All symbol addresses are rebased by the same delta as
--base.Other
Testing
.symtab/.strtab, so no binary blobs are committed) and Mach-O slice selection (guarded to macOS / fat/bin/ls)./bin/ls(Mach-O) and a 32-bit busybox (ELF).Closes #19, closes #20, closes #21, closes #22.
Generated with Claude Code