pwntools 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -3
- data/lib/pwn.rb +1 -0
- data/lib/pwnlib/abi.rb +1 -0
- data/lib/pwnlib/asm.rb +83 -42
- data/lib/pwnlib/constants/constant.rb +4 -1
- data/lib/pwnlib/constants/constants.rb +3 -0
- data/lib/pwnlib/constants/linux/amd64.rb +2 -0
- data/lib/pwnlib/constants/linux/i386.rb +2 -0
- data/lib/pwnlib/context.rb +10 -1
- data/lib/pwnlib/dynelf.rb +7 -2
- data/lib/pwnlib/elf/elf.rb +79 -6
- data/lib/pwnlib/errors.rb +3 -2
- data/lib/pwnlib/ext/array.rb +2 -1
- data/lib/pwnlib/ext/helper.rb +3 -2
- data/lib/pwnlib/ext/integer.rb +2 -1
- data/lib/pwnlib/ext/string.rb +3 -2
- data/lib/pwnlib/logger.rb +21 -1
- data/lib/pwnlib/memleak.rb +1 -0
- data/lib/pwnlib/pwn.rb +5 -1
- data/lib/pwnlib/reg_sort.rb +5 -0
- data/lib/pwnlib/runner.rb +53 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/common.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/infloop.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/memcpy.rb +5 -1
- data/lib/pwnlib/shellcraft/generators/amd64/common/mov.rb +4 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/nop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/popad.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr.rb +3 -1
- data/lib/pwnlib/shellcraft/generators/amd64/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/ret.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/common/setregs.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/cat.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/execve.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/sh.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/amd64/linux/sleep.rb +24 -0
- data/lib/pwnlib/shellcraft/generators/amd64/linux/syscall.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/helper.rb +11 -2
- data/lib/pwnlib/shellcraft/generators/i386/common/common.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/infloop.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/memcpy.rb +34 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/mov.rb +3 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/nop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/pushstr.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/common/setregs.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/cat.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/execve.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/sh.rb +3 -2
- data/lib/pwnlib/shellcraft/generators/i386/linux/sleep.rb +24 -0
- data/lib/pwnlib/shellcraft/generators/i386/linux/syscall.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/common.rb +5 -3
- data/lib/pwnlib/shellcraft/generators/x86/common/infloop.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/memcpy.rb +17 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/mov.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/pushstr.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/pushstr_array.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/common/setregs.rb +8 -6
- data/lib/pwnlib/shellcraft/generators/x86/linux/cat.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/execve.rb +3 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/exit.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/linux.rb +2 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/ls.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/open.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/sh.rb +1 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/sleep.rb +52 -0
- data/lib/pwnlib/shellcraft/generators/x86/linux/syscall.rb +10 -10
- data/lib/pwnlib/shellcraft/registers.rb +5 -1
- data/lib/pwnlib/shellcraft/shellcraft.rb +8 -3
- data/lib/pwnlib/timer.rb +6 -2
- data/lib/pwnlib/tubes/buffer.rb +4 -1
- data/lib/pwnlib/tubes/process.rb +2 -0
- data/lib/pwnlib/tubes/serialtube.rb +3 -1
- data/lib/pwnlib/tubes/sock.rb +7 -1
- data/lib/pwnlib/tubes/tube.rb +23 -3
- data/lib/pwnlib/ui.rb +21 -0
- data/lib/pwnlib/util/cyclic.rb +2 -0
- data/lib/pwnlib/util/fiddling.rb +37 -5
- data/lib/pwnlib/util/getdents.rb +1 -0
- data/lib/pwnlib/util/hexdump.rb +8 -5
- data/lib/pwnlib/util/lists.rb +3 -0
- data/lib/pwnlib/util/packing.rb +5 -2
- data/lib/pwnlib/util/ruby.rb +1 -0
- data/lib/pwnlib/version.rb +2 -1
- data/test/abi_test.rb +1 -0
- data/test/asm_test.rb +75 -85
- data/test/constants/constant_test.rb +1 -0
- data/test/constants/constants_test.rb +1 -0
- data/test/context_test.rb +1 -0
- data/test/data/assembly/aarch64.s +19 -0
- data/test/data/assembly/amd64.s +21 -0
- data/test/data/assembly/arm.s +9 -0
- data/test/data/assembly/i386.s +21 -0
- data/test/data/assembly/mips.s +16 -0
- data/test/data/assembly/mips64.s +6 -0
- data/test/data/assembly/powerpc.s +18 -0
- data/test/data/assembly/powerpc64.s +36 -0
- data/test/data/assembly/sparc.s +33 -0
- data/test/data/assembly/sparc64.s +5 -0
- data/test/data/assembly/thumb.s +37 -0
- data/test/data/echo.rb +1 -0
- data/test/dynelf_test.rb +3 -1
- data/test/elf/elf_test.rb +18 -0
- data/test/ext_test.rb +1 -0
- data/test/files/use_pwn.rb +1 -0
- data/test/files/use_pwnlib.rb +1 -0
- data/test/full_file_test.rb +6 -0
- data/test/logger_test.rb +24 -3
- data/test/memleak_test.rb +1 -0
- data/test/reg_sort_test.rb +1 -0
- data/test/runner_test.rb +32 -0
- data/test/shellcraft/infloop_test.rb +1 -0
- data/test/shellcraft/linux/cat_test.rb +1 -0
- data/test/shellcraft/linux/ls_test.rb +1 -0
- data/test/shellcraft/linux/sh_test.rb +1 -0
- data/test/shellcraft/linux/sleep_test.rb +68 -0
- data/test/shellcraft/linux/syscalls/execve_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/exit_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/open_test.rb +1 -0
- data/test/shellcraft/linux/syscalls/syscall_test.rb +1 -0
- data/test/shellcraft/memcpy_test.rb +20 -5
- data/test/shellcraft/mov_test.rb +1 -0
- data/test/shellcraft/nop_test.rb +1 -0
- data/test/shellcraft/popad_test.rb +1 -0
- data/test/shellcraft/pushstr_array_test.rb +1 -0
- data/test/shellcraft/pushstr_test.rb +1 -0
- data/test/shellcraft/registers_test.rb +1 -0
- data/test/shellcraft/ret_test.rb +1 -0
- data/test/shellcraft/setregs_test.rb +9 -8
- data/test/shellcraft/shellcraft_test.rb +1 -0
- data/test/test_helper.rb +28 -0
- data/test/timer_test.rb +2 -1
- data/test/tubes/buffer_test.rb +1 -0
- data/test/tubes/process_test.rb +8 -2
- data/test/tubes/serialtube_test.rb +1 -4
- data/test/tubes/sock_test.rb +1 -0
- data/test/tubes/tube_test.rb +10 -1
- data/test/ui_test.rb +18 -0
- data/test/util/cyclic_test.rb +1 -0
- data/test/util/fiddling_test.rb +8 -0
- data/test/util/getdents_test.rb +1 -0
- data/test/util/hexdump_test.rb +2 -1
- data/test/util/lists_test.rb +1 -0
- data/test/util/packing_test.rb +3 -2
- metadata +119 -59
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/amd64/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/sh'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload sh(argv: false)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#sh
|
|
14
|
-
def sh(
|
|
15
|
+
def sh(**kwargs)
|
|
15
16
|
context.local(arch: :amd64) do
|
|
16
|
-
cat X86::Linux.sh(
|
|
17
|
+
cat X86::Linux.sh(**kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/amd64/linux/linux'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/linux/sleep'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module Amd64
|
|
11
|
+
module Linux
|
|
12
|
+
# @overload sleep(seconds)
|
|
13
|
+
#
|
|
14
|
+
# @see Generators::X86::Linux#sleep
|
|
15
|
+
def sleep(*args)
|
|
16
|
+
context.local(arch: :amd64) do
|
|
17
|
+
cat X86::Linux.sleep(*args)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'pwnlib/abi'
|
|
2
4
|
require 'pwnlib/constants/constants'
|
|
3
5
|
require 'pwnlib/context'
|
|
@@ -31,6 +33,7 @@ module Pwnlib
|
|
|
31
33
|
def typesetting
|
|
32
34
|
indent = @_output.string.lines.map do |line|
|
|
33
35
|
next line.strip + "\n" if label_str?(line.strip)
|
|
36
|
+
|
|
34
37
|
line == "\n" ? line : ' ' * 2 + line.lstrip
|
|
35
38
|
end
|
|
36
39
|
indent.join
|
|
@@ -55,6 +58,7 @@ module Pwnlib
|
|
|
55
58
|
|
|
56
59
|
def evaluate(item)
|
|
57
60
|
return item if register?(item)
|
|
61
|
+
|
|
58
62
|
Constants.eval(item)
|
|
59
63
|
end
|
|
60
64
|
|
|
@@ -91,9 +95,14 @@ module Pwnlib
|
|
|
91
95
|
# Each method runs in an independent 'runner', so methods would not effect each other.
|
|
92
96
|
runner = Runner.new
|
|
93
97
|
method = instance_method(m).bind(runner)
|
|
94
|
-
define_singleton_method(m) do |*args|
|
|
98
|
+
define_singleton_method(m) do |*args, **kwargs|
|
|
95
99
|
runner.clear
|
|
96
|
-
|
|
100
|
+
# TODO(david942j): remove the check when we drop Ruby 2.6 support
|
|
101
|
+
if kwargs.empty?
|
|
102
|
+
method.call(*args)
|
|
103
|
+
else
|
|
104
|
+
method.call(*args, **kwargs)
|
|
105
|
+
end
|
|
97
106
|
runner.typesetting
|
|
98
107
|
end
|
|
99
108
|
end
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/i386/common/setregs'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module I386
|
|
11
|
+
module Common
|
|
12
|
+
# Like +memcpy+ in glibc.
|
|
13
|
+
#
|
|
14
|
+
# Copy +n+ bytes from +src+ to +dst+.
|
|
15
|
+
#
|
|
16
|
+
# @param [String, Symbol, Integer] dst
|
|
17
|
+
# Destination.
|
|
18
|
+
# @param [String, Symbol, Integer] src
|
|
19
|
+
# Source to be copied.
|
|
20
|
+
# @param [Integer] n
|
|
21
|
+
# The number of bytes to be copied.
|
|
22
|
+
#
|
|
23
|
+
# @see Amd64::Common#memcpy
|
|
24
|
+
def memcpy(dst, src, n)
|
|
25
|
+
cat "/* memcpy(#{pretty(dst)}, #{pretty(src)}, #{pretty(n)}) */"
|
|
26
|
+
cat 'cld'
|
|
27
|
+
cat Common.setregs({ edi: dst, esi: src, ecx: n })
|
|
28
|
+
cat 'rep movsb'
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
|
|
@@ -12,8 +13,10 @@ module Pwnlib
|
|
|
12
13
|
# See {Amd64::Common#mov} for parameters' details.
|
|
13
14
|
def mov(dst, src, stack_allowed: true)
|
|
14
15
|
raise ArgumentError, "#{dst} is not a register" unless register?(dst)
|
|
16
|
+
|
|
15
17
|
dst = get_register(dst)
|
|
16
18
|
raise ArgumentError, "cannot use #{dst} on i386" if dst.size > 32 || dst.is64bit
|
|
19
|
+
|
|
17
20
|
if register?(src)
|
|
18
21
|
src = get_register(src)
|
|
19
22
|
raise ArgumentError, "cannot use #{src} on i386" if src.size > 32 || src.is64bit
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
|
|
@@ -14,6 +15,7 @@ module Pwnlib
|
|
|
14
15
|
# This will not affect callee's +str+.
|
|
15
16
|
str += "\x00" if append_null && !str.end_with?("\x00")
|
|
16
17
|
return if str.empty?
|
|
18
|
+
|
|
17
19
|
padding = str[-1].ord >= 128 ? "\xff" : "\x00"
|
|
18
20
|
cat "/* push #{str.inspect} */"
|
|
19
21
|
group(4, str, underfull_action: :fill, fill_value: padding).reverse_each do |word|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/common/common'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/common/setregs'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload setregs(reg_context, stack_allowed: true)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Common#setregs
|
|
14
|
-
def setregs(*args)
|
|
15
|
+
def setregs(*args, **kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Common.setregs(*args)
|
|
17
|
+
cat X86::Common.setregs(*args, **kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/cat'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload cat(filename, fd: 1)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#cat
|
|
14
|
-
def cat(*args)
|
|
15
|
+
def cat(*args, **kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Linux.cat(*args)
|
|
17
|
+
cat X86::Linux.cat(*args, **kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
4
5
|
require 'pwnlib/shellcraft/generators/x86/linux/sh'
|
|
@@ -11,9 +12,9 @@ module Pwnlib
|
|
|
11
12
|
# @overload sh(argv: false)
|
|
12
13
|
#
|
|
13
14
|
# @see Generators::X86::Linux#sh
|
|
14
|
-
def sh(
|
|
15
|
+
def sh(**kwargs)
|
|
15
16
|
context.local(arch: :i386) do
|
|
16
|
-
cat X86::Linux.sh(
|
|
17
|
+
cat X86::Linux.sh(**kwargs)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/linux/linux'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/linux/sleep'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module I386
|
|
11
|
+
module Linux
|
|
12
|
+
# @overload sleep(seconds)
|
|
13
|
+
#
|
|
14
|
+
# @see Generators::X86::Linux#sleep
|
|
15
|
+
def sleep(*args)
|
|
16
|
+
context.local(arch: :i386) do
|
|
17
|
+
cat X86::Linux.sleep(*args)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'pwnlib/shellcraft/generators/helper'
|
|
2
4
|
|
|
3
5
|
module Pwnlib
|
|
@@ -8,11 +10,11 @@ module Pwnlib
|
|
|
8
10
|
module Common
|
|
9
11
|
class << self
|
|
10
12
|
def define_arch_dependent_method(method)
|
|
11
|
-
define_method(method) do |*args|
|
|
13
|
+
define_method(method) do |*args, **kwargs|
|
|
12
14
|
if context.arch == 'amd64'
|
|
13
|
-
cat Amd64::Common.public_send(method, *args)
|
|
15
|
+
cat Amd64::Common.public_send(method, *args, **kwargs)
|
|
14
16
|
elsif context.arch == 'i386'
|
|
15
|
-
cat I386::Common.public_send(method, *args)
|
|
17
|
+
cat I386::Common.public_send(method, *args, **kwargs)
|
|
16
18
|
end
|
|
17
19
|
end
|
|
18
20
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'pwnlib/shellcraft/generators/amd64/common/memcpy'
|
|
4
|
+
require 'pwnlib/shellcraft/generators/i386/common/memcpy'
|
|
5
|
+
require 'pwnlib/shellcraft/generators/x86/common/common'
|
|
6
|
+
|
|
7
|
+
module Pwnlib
|
|
8
|
+
module Shellcraft
|
|
9
|
+
module Generators
|
|
10
|
+
module X86
|
|
11
|
+
module Common
|
|
12
|
+
define_arch_dependent_method :memcpy
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding: ASCII-8BIT
|
|
2
|
+
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require 'pwnlib/shellcraft/generators/x86/common/common'
|
|
4
5
|
|
|
@@ -13,25 +14,25 @@ module Pwnlib
|
|
|
13
14
|
# The values of each registers to be set, see examples.
|
|
14
15
|
# @param [Boolean] stack_allowed
|
|
15
16
|
# If we can use stack for setting values.
|
|
16
|
-
# With +
|
|
17
|
+
# With +stack_allowed+ equals +true+, shellcode would be shorter.
|
|
17
18
|
#
|
|
18
19
|
# @example
|
|
19
20
|
# context.arch = 'i386'
|
|
20
|
-
# puts shellcraft.setregs(
|
|
21
|
-
# # mov
|
|
21
|
+
# puts shellcraft.setregs({ eax: 'ebx', ebx: 'ecx', ecx: 0x123 })
|
|
22
|
+
# # mov eax, ebx
|
|
22
23
|
# # mov ebx, ecx
|
|
23
24
|
# # xor ecx, ecx
|
|
24
25
|
# # mov cx, 0x123
|
|
25
26
|
# @example
|
|
26
27
|
# context.arch = 'amd64'
|
|
27
|
-
# puts shellcraft.setregs(rdi: 'rsi', rsi: 'rdi')
|
|
28
|
+
# puts shellcraft.setregs({ rdi: 'rsi', rsi: 'rdi' })
|
|
28
29
|
# # xchg rdi, rsi
|
|
29
30
|
#
|
|
30
|
-
# puts shellcraft.setregs(rax: -1)
|
|
31
|
+
# puts shellcraft.setregs({ rax: -1 })
|
|
31
32
|
# # push -1
|
|
32
33
|
# # pop rax
|
|
33
34
|
#
|
|
34
|
-
# puts shellcraft.setregs({rax: -1}, stack_allowed: false)
|
|
35
|
+
# puts shellcraft.setregs({ rax: -1 }, stack_allowed: false)
|
|
35
36
|
# # mov rax, -1
|
|
36
37
|
def setregs(reg_context, stack_allowed: true)
|
|
37
38
|
abi = ::Pwnlib::ABI::ABI.default
|
|
@@ -48,6 +49,7 @@ module Pwnlib
|
|
|
48
49
|
cdq = false
|
|
49
50
|
ev = lambda do |reg|
|
|
50
51
|
return reg unless reg.is_a?(String)
|
|
52
|
+
|
|
51
53
|
evaluate(reg)
|
|
52
54
|
end
|
|
53
55
|
eax = ev[eax]
|