search
Github

Structures

hashtag
_IO_FILE

this is the basic structure that then be extended to other structure and definition which can be seen in the source code here:

one can use pwntools built-in class to craft FILE payloads

from pwn import *
file = FileStructure(0x0)
file.flags = 0xFBAD0000
io.sendline(bytes(file))
LogolibioP.h - libio/libioP.h - Glibc source code glibc-2.31 - Bootlin Elixir Cross Referencerelixir.bootlin.comchevron-right

hashtag
_IO_jump_t

this is an array or look up tables of methods and macros that is being used by the FILE structure. these tables have the same methods, these are (in order of the array):

  1. dummy

  2. dummy2

  3. finish

  4. overflow

  5. underflow

  6. uflow

  7. pbackfail

  8. xsputn

  9. xsgetn

  10. seekoff

  11. seekpos

  12. setbuf

  13. sync

  14. doallocate

  15. read

  16. write

  17. seek

  18. close

  19. stat

  20. showmanyc

  21. imbu

those are basically the interfaces that all FILEs can call, however there are multiple vtables that are composed of these methods but they point to a different function and thus have a different implementation, those list can be seen in the source code below:

Logofileops.c - libio/fileops.c - Glibc source code glibc-2.31 - Bootlin Elixir Cross Referencerelixir.bootlin.comchevron-right

hashtag
_IO_wide_data

this is somewhat similar but not the same to _IO_FILE and I think is built to handle wide characters.

unlike _IO_FILE pwntools doesn't have a class that support this structure, however I made this boilerplate to craft fake wide_data structure:

Logolibio.h source code [glibc/libio/libio.h] - Codebrowsercodebrowser.devchevron-right

Last updated