Skip to content

Add atexit functions for glibc exploits#2683

Open
RocketMaDev wants to merge 10 commits intoGallopsled:devfrom
RocketMaDev:patch-exit-hacks
Open

Add atexit functions for glibc exploits#2683
RocketMaDev wants to merge 10 commits intoGallopsled:devfrom
RocketMaDev:patch-exit-hacks

Conversation

@RocketMaDev
Copy link
Copy Markdown
Contributor

@RocketMaDev RocketMaDev commented Feb 21, 2026

This PR closes #2633 and #2673, which try to implement glibc exit hacks. Now user can construct struct exit_function or unserialize bytes to struct exit_function via pwntools.

More information at the issue and PR mentioned above.

@peace-maker peace-maker mentioned this pull request Feb 21, 2026
Closed
3 tasks
peace-maker
peace-maker requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@peace-maker peace-maker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks nice, thank you! It's also nice to see newer Python language features making their appearance with the match-case and type hints. Now that we fully bumped to Python 3.10, we can fully embrace it. It still feels weird to add code like this though Python 2.7 flashbacks

Can you post an exploit using this feature too please? I haven't gotten around to use it in a toy program yet.

Comment thread pwnlib/libc/glibc.py Outdated
Comment thread pwnlib/libc/glibc.py Outdated
Comment thread pwnlib/libc/glibc.py Outdated
@RocketMaDev
Copy link
Copy Markdown
Contributor Author

RocketMaDev commented Apr 7, 2026

Can you post an exploit using this feature too please? I haven't gotten around to use it in a toy program yet.

I just saw these features from some random repos I looked at days ago, and learn them via official Python docs.

@RocketMaDev
Copy link
Copy Markdown
Contributor Author

RocketMaDev commented Apr 7, 2026

Why the hyperlink is not rendered correctly?

@peace-maker
Copy link
Copy Markdown
Member

peace-maker commented Apr 7, 2026

https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#external-links

Maybe put the link and text on the same line?

.. _here: https://elixir.bootlin.com/glibc/glibc-2.43/source/stdlib/exit.h#L25-L32

@peace-maker
Copy link
Copy Markdown
Member

peace-maker commented Apr 7, 2026

Can you post an exploit using this feature too please? I haven't gotten around to use it in a toy program yet.

I just saw these features from some random repos I looked at days ago, and learn them via official Python docs.

I was talking about the ExitFuncList and ExitFunc classes. Seeing them in action in an exploit we could put into the examples. 😅

@RocketMaDev
Copy link
Copy Markdown
Contributor Author

RocketMaDev commented Apr 8, 2026
edited
Loading

sphinx-doc.org/en/master/usage/restructuredtext/basics.html#external-links

Maybe put the link and text on the same line?

.. _here: https://elixir.bootlin.com/glibc/glibc-2.43/source/stdlib/exit.h#L25-L32

It seems that your link is broken in the generated docs...

https://docs.pwntools.com/en/dev/libc/glibc.html#pwnlib.libc.glibc.protect_ptr

@RocketMaDev
Copy link
Copy Markdown
Contributor Author

RocketMaDev commented Apr 8, 2026

I was talking about the ExitFuncList and ExitFunc classes. Seeing them in action in an exploit we could put into the examples. 😅

May I not write an example? The symbols are all buried in glibc, it's hard to write a generic example without many hacks... 🤔

@RocketMaDev RocketMaDev force-pushed the patch-exit-hacks branch 3 times, most recently from 08b1b97 to 961b52f Compare April 13, 2026 11:44
@RocketMaDev RocketMaDev requested a review from peace-maker April 29, 2026 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peace-maker peace-maker Awaiting requested review from peace-maker

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ExitHandler module

2 participants

@RocketMaDev @peace-maker