1. modify readme

2. modify libc.py to LibcSearcher, which maybe more human readable.
3. replace log with print,so that the meesage won't be printed twice when enable DEBUG in pwntools
4. some others things

LibcSearcher.py

@@ -0,0 +1,117 @@
+#!/usr/bin/env python2
+import os
+import re
+import sys
+
+
+class LibcSearcher(object):
+    def __init__(self, func=None, address=None):
+        self.condition = {}
+        if func is not None and address is not None:
+            self.add_condition(func, address)
+        self.libc_database_path = os.path.join(
+            os.path.realpath(os.path.dirname(__file__)), "libc-database/db/")
+        self.db = ""
+
+    def add_condition(self, func, address):
+        if not isinstance(func, str):
+            print "The function should be a string"
+            sys.exit()
+        if not isinstance(address, int):
+            print "The address should be an int number"
+            sys.exit()
+        self.condition[func] = address
+
+    #Wrapper for libc-database's find shell script.
+    def decided(self):
+        if len(self.condition) == 0:
+            print "No leaked info provided."
+            print "Please supply more info using add_condition(leaked_func, leaked_address)."
+            sys.exit(0)
+
+        res = []
+        for name, address in self.condition.items():
+            addr_last12 = address & 0xfff
+            res.append(re.compile("^%s .*%x" % (name, addr_last12)))
+
+        db = self.libc_database_path
+        files = []
+        for _, _, f in os.walk(db):
+            files += f
+
+        result = []
+        for ff in files:
+            fd = open(db + ff, "r")
+            data = fd.read().split("\n")
+            for x in res:
+                if any(map(lambda line: x.match(line), data)):
+                    result.append(ff)
+            fd.close()
+
+        if len(result) == 0:
+            print "No matched libc, please add more libc or try others"
+            sys.exit(0)
+
+        if len(result) > 1:
+            print "Multi Results:"
+            for x in range(len(result)):
+                print "%2d: %s" % (x, self.pmore(result[x]))
+            print "Please supply more info using \n\tadd_condition(leaked_func, leaked_address)."
+            while True:
+                in_id = input(
+                    "You can choose it by hand\nOr type 'exit' to quit:")
+                if in_id == "exit" or in_id == "quit":
+                    sys.exit(0)
+                try:
+                    in_id = int(in_id)
+                    self.db = result[in_id]
+                    break
+                except:
+                    continue
+        self.db = result[0]
+        print "[+] %s be choosed." % self.pmore(self.db)
+
+    def pmore(self, result):
+        result = result[:-8]  # .strip(".symbols")
+        fd = open(self.libc_database_path + result + ".info")
+        info = fd.read().strip()
+        return "%s (id %s)" % (info, result)
+
+    #Wrapper for libc-database's dump shell script.
+    def dump(self, func=None):
+
+        if not self.db:
+            self.decided()
+        db = self.libc_database_path + self.db
+        fd = open(db, "r")
+        data = fd.read().strip("\n").split("\n")
+        if not func:
+            result = {}
+            func = [
+                "__libc_start_main_ret", "system", "dup2", "read", "write",
+                "str_bin_sh"
+            ]
+            for ff in func:
+                for d in data:
+                    f = d.split(" ")[0]
+                    addr = d.split(" ")[1]
+                    if ff == f:
+                        result[ff] = int(addr, 16)
+            for k, v in result.items():
+                print k, hex(v)
+            return result
+
+        for d in data:
+            f = d.split(" ")[0]
+            addr = d.split(" ")[1]
+            if func == f:
+                return int(addr, 16)
+
+        print "No matched, Make sure you supply a valid function name or just add more libc."
+        return 0
+
+
+if __name__ == "__main__":
+    obj = libc_searcher("fgets", 0x7ff39014bd90)
+    print "[+]system  offset: ", hex(obj.dump("system"))
+    print "[+]/bin/sh offset: ", hex(obj.dump("str_bin_sh"))

README.md

@@ -1,8 +1,6 @@
-Search libc function offset
----------------------------
+# Search libc function offset
 
-1. 简介
-=======
+## 简介
 
 这是针对CTF比赛所做的小工具，在泄露了Libc中的某一个函数地址后，常常为不知道对方所使用的操作系统及libc的版本而苦恼，常规方法就是挨个把常见的Libc.so从系统里拿出来，与泄露的地址对比一下最后12位。
 
@@ -10,10 +8,7 @@ Search libc function offset
 
 这里用了[libc-database](https://github.com/niklasb/libc-database)的数据库。
 
-2. 使用
-=======
-
-安装：
+## 安装
 
 ```shell
 git clone https://github.com/lieanu/libc.git
@@ -22,24 +17,22 @@ git submodule update --init --recursive
 python setup develop
 ```
 
-代码示例：
+## 示例
 
 ```python
 from libc import *
 
-#第二个参数，为已泄露的实际地址,或最后12位(比如：d90)，字符串或int均可
-obj = libc("fgets", "7ff39014bd90") 
+#第二个参数，为已泄露的实际地址,或最后12位(比如：d90)，int类型
+obj = libc("fgets", 0X7ff39014bd90) 
 
 obj.dump("system")        #system 偏移
 obj.dump("str_bin_sh")    #/bin/sh 偏移
 obj.dump("__libc_start_main_ret")    
 ```
 
-如果遇到返回多个libc版本库的情况，可以通过`add_condition(leaked_func, leaked_address)`来添加限制条件，
-也可以手工选择其中一个libc版本（如果你确定的话）。
+如果遇到返回多个libc版本库的情况，可以通过`add_condition(leaked_func, leaked_address)`来添加限制条件，也可以手工选择其中一个libc版本（如果你确定的话）。
 
-3.其它
-======
+## 其它
 
 水平一般，代码很烂，如有bug，欢迎吐槽。
 

setup.py

@@ -1,12 +1,12 @@
 from setuptools import find_packages, setup
 
-setup(name="libc",
-        version = "0.1",
-        description="Python wrapper for libc-database.",
-        author = "lieanu",
-        author_email= "liuyue0310@gmail.com",
-        platforms=["any"],
-        license="BSD",
-        url="https://github.com/lieanu/libc",
-        packages = find_packages(),
-        )
+setup(
+    name="LibcSearcher",
+    version="0.1",
+    description="Python wrapper for libc-database.",
+    author="lieanu",
+    author_email="liuyue0310@gmail.com",
+    platforms=["any"],
+    license="BSD",
+    url="https://github.com/lieanu/libc",
+    packages=find_packages(), )