pwntools 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -3
- data/lib/pwn.rb +1 -0
- data/lib/pwnlib/abi.rb +1 -0
- data/lib/pwnlib/asm.rb +83 -42
- data/lib/pwnlib/constants/constant.rb +4 -1
- data/lib/pwnlib/constants/constants.rb +3 -0
- data/lib/pwnlib/constants/linux/amd64.rb +2 -0
- data/lib/pwnlib/constants/linux/i386.rb +2 -0
- data/lib/pwnlib/context.rb +10 -1
- data/lib/pwnlib/dynelf.rb +7 -2
- data/lib/pwnlib/elf/elf.rb +79 -6
- data/lib/pwnlib/errors.rb +3 -2
- data/lib/pwnlib/ext/array.rb +2 -1
- data/lib/pwnlib/ext/helper.rb +3 -2
- data/lib/pwnlib/ext/integer.rb +2 -1
- data/lib/pwnlib/ext/string.rb +3 -2
- data/lib/pwnlib/logger.rb +21 -1
- data/lib/pwnlib/memleak.rb +1 -0
- data/lib/pwnlib/pwn.rb +5 -1
- data/lib/pwnlib/reg_sort.rb +5 -0
- data/lib/pwnlib/runner.rb +53 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/common.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/infloop.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/memcpy.rb +5 -1
- data/lib/pwnlib/shellcraft/generators/amd64/common/mov.rb +4 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/nop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/popad.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr.rb +3 -1
- data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/ret.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/setregs.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/cat.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/execve.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/sh.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/sleep.rb +24 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/syscall.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/helper.rb +11 -2
- data/lib/pwnlib/shellcraft/generators/i386/common/common.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/infloop.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/memcpy.rb +34 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/mov.rb +3 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/nop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/pushstr.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/setregs.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/cat.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/execve.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/sh.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/sleep.rb +24 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/syscall.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/common.rb +5 -3
- data/lib/pwnlib/shellcraft/generators/x86/common/infloop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/memcpy.rb +17 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/mov.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/pushstr.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/setregs.rb +8 -6
- data/lib/pwnlib/shellcraft/generators/x86/linux/cat.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/execve.rb +3 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/sh.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/sleep.rb +52 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/syscall.rb +10 -10
- data/lib/pwnlib/shellcraft/registers.rb +5 -1
- data/lib/pwnlib/shellcraft/shellcraft.rb +8 -3
- data/lib/pwnlib/timer.rb +6 -2
- data/lib/pwnlib/tubes/buffer.rb +4 -1
- data/lib/pwnlib/tubes/process.rb +2 -0
- data/lib/pwnlib/tubes/serialtube.rb +3 -1
- data/lib/pwnlib/tubes/sock.rb +7 -1
- data/lib/pwnlib/tubes/tube.rb +23 -3
- data/lib/pwnlib/ui.rb +21 -0
- data/lib/pwnlib/util/cyclic.rb +2 -0
- data/lib/pwnlib/util/fiddling.rb +37 -5
- data/lib/pwnlib/util/getdents.rb +1 -0
- data/lib/pwnlib/util/hexdump.rb +8 -5
- data/lib/pwnlib/util/lists.rb +3 -0
- data/lib/pwnlib/util/packing.rb +5 -2
- data/lib/pwnlib/util/ruby.rb +1 -0
- data/lib/pwnlib/version.rb +2 -1
- data/test/abi_test.rb +1 -0
- data/test/asm_test.rb +75 -85
- data/test/constants/constant_test.rb +1 -0
- data/test/constants/constants_test.rb +1 -0
- data/test/context_test.rb +1 -0
- data/test/data/assembly/aarch64.s +19 -0
- data/test/data/assembly/amd64.s +21 -0
- data/test/data/assembly/arm.s +9 -0
- data/test/data/assembly/i386.s +21 -0
- data/test/data/assembly/mips.s +16 -0
- data/test/data/assembly/mips64.s +6 -0
- data/test/data/assembly/powerpc.s +18 -0
- data/test/data/assembly/powerpc64.s +36 -0
- data/test/data/assembly/sparc.s +33 -0
- data/test/data/assembly/sparc64.s +5 -0
- data/test/data/assembly/thumb.s +37 -0
- data/test/data/echo.rb +1 -0
- data/test/dynelf_test.rb +3 -1
- data/test/elf/elf_test.rb +18 -0
- data/test/ext_test.rb +1 -0
- data/test/files/use_pwn.rb +1 -0
- data/test/files/use_pwnlib.rb +1 -0
- data/test/full_file_test.rb +6 -0
- data/test/logger_test.rb +24 -3
- data/test/memleak_test.rb +1 -0
- data/test/reg_sort_test.rb +1 -0
- data/test/runner_test.rb +32 -0
- data/test/shellcraft/infloop_test.rb +1 -0
- data/test/shellcraft/linux/cat_test.rb +1 -0
- data/test/shellcraft/linux/ls_test.rb +1 -0
- data/test/shellcraft/linux/sh_test.rb +1 -0
- data/test/shellcraft/linux/sleep_test.rb +68 -0
- data/test/shellcraft/linux/syscalls/execve_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/exit_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/open_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/syscall_test.rb +1 -0
- data/test/shellcraft/memcpy_test.rb +20 -5
- data/test/shellcraft/mov_test.rb +1 -0
- data/test/shellcraft/nop_test.rb +1 -0
- data/test/shellcraft/popad_test.rb +1 -0
- data/test/shellcraft/pushstr_array_test.rb +1 -0
- data/test/shellcraft/pushstr_test.rb +1 -0
- data/test/shellcraft/registers_test.rb +1 -0
- data/test/shellcraft/ret_test.rb +1 -0
- data/test/shellcraft/setregs_test.rb +9 -8
- data/test/shellcraft/shellcraft_test.rb +1 -0
- data/test/test_helper.rb +28 -0
- data/test/timer_test.rb +2 -1
- data/test/tubes/buffer_test.rb +1 -0
- data/test/tubes/process_test.rb +8 -2
- data/test/tubes/serialtube_test.rb +1 -4
- data/test/tubes/sock_test.rb +1 -0
- data/test/tubes/tube_test.rb +10 -1
- data/test/ui_test.rb +18 -0
- data/test/util/cyclic_test.rb +1 -0
- data/test/util/fiddling_test.rb +8 -0
- data/test/util/getdents_test.rb +1 -0
- data/test/util/hexdump_test.rb +2 -1
- data/test/util/lists_test.rb +1 -0
- data/test/util/packing_test.rb +3 -2
- metadata +119 -59
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/amd64/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/sh'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload sh(argv: false)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#sh
|
|
14
|
-
def sh(
|
|
15
|
+
def sh(**kwargs)
|
|
15
16
|
context.local(arch: :amd64) do
|
|
16
|
-
cat X86::Linux.sh(
|
|
17
|
+
cat X86::Linux.sh(**kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/amd64/linux/linux'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/linux/sleep'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module Amd64
|
|
11
|
+
module Linux
|
|
12
|
+
# @overload sleep(seconds)
|
|
13
|
+
#
|
|
14
|
+
# @see Generators::X86::Linux#sleep
|
|
15
|
+
def sleep(*args)
|
|
16
|
+
context.local(arch: :amd64) do
|
|
17
|
+
cat X86::Linux.sleep(*args)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'pwnlib/abi'
|
|
2
4
|
require 'pwnlib/constants/constants'
|
|
3
5
|
require 'pwnlib/context'
|
|
@@ -31,6 +33,7 @@ module Pwnlib
|
|
|
31
33
|
def typesetting
|
|
32
34
|
indent = @_output.string.lines.map do |line|
|
|
33
35
|
next line.strip + "\n" if label_str?(line.strip)
|
|
36
|
+
|
|
34
37
|
line == "\n" ? line : ' ' * 2 + line.lstrip
|
|
35
38
|
end
|
|
36
39
|
indent.join
|
|
@@ -55,6 +58,7 @@ module Pwnlib
|
|
|
55
58
|
|
|
56
59
|
def evaluate(item)
|
|
57
60
|
return item if register?(item)
|
|
61
|
+
|
|
58
62
|
Constants.eval(item)
|
|
59
63
|
end
|
|
60
64
|
|
|
@@ -91,9 +95,14 @@ module Pwnlib
|
|
|
91
95
|
# Each method runs in an independent 'runner', so methods would not effect each other.
|
|
92
96
|
runner = Runner.new
|
|
93
97
|
method = instance_method(m).bind(runner)
|
|
94
|
-
define_singleton_method(m) do |*args|
|
|
98
|
+
define_singleton_method(m) do |*args, **kwargs|
|
|
95
99
|
runner.clear
|
|
96
|
-
|
|
100
|
+
# TODO(david942j): remove the check when we drop Ruby 2.6 support
|
|
101
|
+
if kwargs.empty?
|
|
102
|
+
method.call(*args)
|
|
103
|
+
else
|
|
104
|
+
method.call(*args, **kwargs)
|
|
105
|
+
end
|
|
97
106
|
runner.typesetting
|
|
98
107
|
end
|
|
99
108
|
end
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/i386/common/setregs'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module I386
|
|
11
|
+
module Common
|
|
12
|
+
# Like +memcpy+ in glibc.
|
|
13
|
+
#
|
|
14
|
+
# Copy +n+ bytes from +src+ to +dst+.
|
|
15
|
+
#
|
|
16
|
+
# @param [String, Symbol, Integer] dst
|
|
17
|
+
# Destination.
|
|
18
|
+
# @param [String, Symbol, Integer] src
|
|
19
|
+
# Source to be copied.
|
|
20
|
+
# @param [Integer] n
|
|
21
|
+
# The number of bytes to be copied.
|
|
22
|
+
#
|
|
23
|
+
# @see Amd64::Common#memcpy
|
|
24
|
+
def memcpy(dst, src, n)
|
|
25
|
+
cat "/* memcpy(#{pretty(dst)}, #{pretty(src)}, #{pretty(n)}) */"
|
|
26
|
+
cat 'cld'
|
|
27
|
+
cat Common.setregs({ edi: dst, esi: src, ecx: n })
|
|
28
|
+
cat 'rep movsb'
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
|
|
@@ -12,8 +13,10 @@ module Pwnlib
|
|
|
12
13
|
# See {Amd64::Common#mov} for parameters' details.
|
|
13
14
|
def mov(dst, src, stack_allowed: true)
|
|
14
15
|
raise ArgumentError, "#{dst} is not a register" unless register?(dst)
|
|
16
|
+
|
|
15
17
|
dst = get_register(dst)
|
|
16
18
|
raise ArgumentError, "cannot use #{dst} on i386" if dst.size > 32 || dst.is64bit
|
|
19
|
+
|
|
17
20
|
if register?(src)
|
|
18
21
|
src = get_register(src)
|
|
19
22
|
raise ArgumentError, "cannot use #{src} on i386" if src.size > 32 || src.is64bit
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
|
|
@@ -14,6 +15,7 @@ module Pwnlib
|
|
|
14
15
|
# This will not affect callee's +str+.
|
|
15
16
|
str += "\x00" if append_null && !str.end_with?("\x00")
|
|
16
17
|
return if str.empty?
|
|
18
|
+
|
|
17
19
|
padding = str[-1].ord >= 128 ? "\xff" : "\x00"
|
|
18
20
|
cat "/* push #{str.inspect} */"
|
|
19
21
|
group(4, str, underfull_action: :fill, fill_value: padding).reverse_each do |word|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/common/setregs'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload setregs(reg_context, stack_allowed: true)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Common#setregs
|
|
14
|
-
def setregs(*args)
|
|
15
|
+
def setregs(*args, **kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Common.setregs(*args)
|
|
17
|
+
cat X86::Common.setregs(*args, **kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/cat'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload cat(filename, fd: 1)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#cat
|
|
14
|
-
def cat(*args)
|
|
15
|
+
def cat(*args, **kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Linux.cat(*args)
|
|
17
|
+
cat X86::Linux.cat(*args, **kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/sh'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload sh(argv: false)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#sh
|
|
14
|
-
def sh(
|
|
15
|
+
def sh(**kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Linux.sh(
|
|
17
|
+
cat X86::Linux.sh(**kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/linux/sleep'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module I386
|
|
11
|
+
module Linux
|
|
12
|
+
# @overload sleep(seconds)
|
|
13
|
+
#
|
|
14
|
+
# @see Generators::X86::Linux#sleep
|
|
15
|
+
def sleep(*args)
|
|
16
|
+
context.local(arch: :i386) do
|
|
17
|
+
cat X86::Linux.sleep(*args)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'pwnlib/shellcraft/generators/helper'
|
|
2
4
|
|
|
3
5
|
module Pwnlib
|
|
@@ -8,11 +10,11 @@ module Pwnlib
|
|
|
8
10
|
module Common
|
|
9
11
|
class << self
|
|
10
12
|
def define_arch_dependent_method(method)
|
|
11
|
-
define_method(method) do |*args|
|
|
13
|
+
define_method(method) do |*args, **kwargs|
|
|
12
14
|
if context.arch == 'amd64'
|
|
13
|
-
cat Amd64::Common.public_send(method, *args)
|
|
15
|
+
cat Amd64::Common.public_send(method, *args, **kwargs)
|
|
14
16
|
elsif context.arch == 'i386'
|
|
15
|
-
cat I386::Common.public_send(method, *args)
|
|
17
|
+
cat I386::Common.public_send(method, *args, **kwargs)
|
|
16
18
|
end
|
|
17
19
|
end
|
|
18
20
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'pwnlib/shellcraft/generators/amd64/common/memcpy'
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/common/memcpy'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/common/common'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module X86
|
|
11
|
+
module Common
|
|
12
|
+
define_arch_dependent_method :memcpy
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/x86/common/common'
|
|
4
5
|
|
|
@@ -13,25 +14,25 @@ module Pwnlib
|
|
|
13
14
|
# The values of each registers to be set, see examples.
|
|
14
15
|
# @param [Boolean] stack_allowed
|
|
15
16
|
# If we can use stack for setting values.
|
|
16
|
-
# With +
|
|
17
|
+
# With +stack_allowed+ equals +true+, shellcode would be shorter.
|
|
17
18
|
#
|
|
18
19
|
# @example
|
|
19
20
|
# context.arch = 'i386'
|
|
20
|
-
# puts shellcraft.setregs(
|
|
21
|
-
# # mov
|
|
21
|
+
# puts shellcraft.setregs({ eax: 'ebx', ebx: 'ecx', ecx: 0x123 })
|
|
22
|
+
# # mov eax, ebx
|
|
22
23
|
# # mov ebx, ecx
|
|
23
24
|
# # xor ecx, ecx
|
|
24
25
|
# # mov cx, 0x123
|
|
25
26
|
# @example
|
|
26
27
|
# context.arch = 'amd64'
|
|
27
|
-
# puts shellcraft.setregs(rdi: 'rsi', rsi: 'rdi')
|
|
28
|
+
# puts shellcraft.setregs({ rdi: 'rsi', rsi: 'rdi' })
|
|
28
29
|
# # xchg rdi, rsi
|
|
29
30
|
#
|
|
30
|
-
# puts shellcraft.setregs(rax: -1)
|
|
31
|
+
# puts shellcraft.setregs({ rax: -1 })
|
|
31
32
|
# # push -1
|
|
32
33
|
# # pop rax
|
|
33
34
|
#
|
|
34
|
-
# puts shellcraft.setregs({rax: -1}, stack_allowed: false)
|
|
35
|
+
# puts shellcraft.setregs({ rax: -1 }, stack_allowed: false)
|
|
35
36
|
# # mov rax, -1
|
|
36
37
|
def setregs(reg_context, stack_allowed: true)
|
|
37
38
|
abi = ::Pwnlib::ABI::ABI.default
|
|
@@ -48,6 +49,7 @@ module Pwnlib
|
|
|
48
49
|
cdq = false
|
|
49
50
|
ev = lambda do |reg|
|
|
50
51
|
return reg unless reg.is_a?(String)
|
|
52
|
+
|
|
51
53
|
evaluate(reg)
|
|
52
54
|
end
|
|
53
55
|
eax = ev[eax]
|