Target Module

enum class RopActionId : uint32_t

Enum for predefined ROP action IDs.

Values:

enumerator MSLEEP

enumerator COMMIT_INIT_TASK_CREDS

enumerator SWITCH_TASK_NAMESPACES

enumerator WRITE_WHAT_WHERE_64

enumerator FORK

enumerator TELEFORK

enumerator KPTI_TRAMPOLINE

enum class RopItemType : uint8_t

Enum for the types of ROP items.

Values:

enumerator CONSTANT_VALUE

enumerator SYMBOL

enumerator ARGUMENT

struct RopItem: #include <Target.h>

Represents a single item in a ROP chain.

struct RopActionArgMeta: #include <Target.h>

Metadata for a ROP action argument.

struct RopActionMeta: #include <Target.h>

Metadata for a ROP action.

struct StructField: #include <Target.h>

Represents a field within a struct.

struct Struct: #include <Target.h>

Represents a kernel struct definition.

class Target

#include <Target.h>

Represents a specific kernel target with its symbols, ROP gadgets, and other definitions.

Public Functions

Target(const std::string &distro, const std::string &release_name, const std::string &version = "")

Constructor for a Target.

Parameters:

distro – The distribution name.
release_name – The release name.
version – The version string (optional).

uint32_t GetSymbolOffset(std::string symbol_name)

Get the offset of a symbol within the target.

Parameters:: symbol_name – The name of the symbol.
Throws:: ExpKitError – if the symbol is not found or has an offset of 0.
Returns:: The offset of the symbol.

std::vector<RopItem> GetRopActionItems(RopActionId id)

Get the ROP items for a specific ROP action ID.

Parameters:: id – The ROP action ID.
Throws:: ExpKitError – if the ROP action ID is not found.
Returns:: A vector of ROP items for the specified action.

void AddSymbol(const std::string &name, uint64_t value)

Add a symbol to the target.

Parameters:

name – The name of the symbol.
value – The value (offset) of the symbol without the base address.

void AddRopAction(const std::string &name, std::vector<RopItem> value)

Add a ROP Action to the target.

Parameters:

name – The name of the ROP Action.
value – The ROP Action items (array of RopItem).

void AddStruct(const Struct &value)

Add a struct definition to the target.

Parameters:: value – The struct structure

void AddStruct(const std::string &name, uint64_t size, const std::vector<StructField> &fields)

Add a struct definition to the target.

Parameters:

name – The name of the struct.
size – The size of the struct.
fields – A vector of StructField objects representing the fields of the struct.

void SetPivots(const Pivots &pivots)

Sets the Pivots struct for the target.

Parameters:: pivots – The pivots struct

class TargetDb

#include <TargetDb.h>

Manages a database of kernel targets, including both static and dynamically parsed ones.

Public Functions

TargetDb(const std::string &filename)

Constructs a TargetDb object.

Parameters:: filename – A database file to read from.

TargetDb(const std::vector<uint8_t> &data)

Constructs a TargetDb object from a byte buffer.

Parameters:: data – The buffer containing the KXDB file data.

TargetDb(const std::string &filename, const std::vector<uint8_t> &fallback_kxdb)

Constructs a TargetDb object.

Parameters:

filename – A database file to read from if exists.
fallback_kxdb – The buffer containing the fallback / built-in KXDB file data if the file does not exists.

void AddTarget(const Target &target)

Adds a target to the database.

Parameters:: target – The target to add.

Target GetTarget(const std::string &distro, const std::string &release_name)

Retrieves a Target object by distro and release name.

Parameters:

distro – The distribution name.
release_name – The release name.

Returns:

The Target object.

Target GetTarget(const std::string &version)

Retrieves a Target object by version.

Parameters:: version – The version string.
Returns:: The Target object.

Target AutoDetectTarget()

Automatically detects the target based on the system’s kernel version.

Throws:: ExpKitError – if the target cannot be detected.
Returns:: The detected Target object.