def __str__(self):
text = ""
for (gadget, pointer) in self.gadgets:
gadgets = []
instructions = pydis.decode(gadget, pointer)
for instruction in instructions:
gadgets.append(str(instruction))
if len(gadgets) > 0:
text += "0x%x: %s;\n" % (pointer, "; ".join(gadgets).lower())
return text.strip()
def test_example_code(self):
instructions = b'\x51\x8d\x45\xff\x50\xff\x75\x0c\xff\x75\x08\xff\x15\xa0\xa5\x48\x76\x85\xc0\x0f\x88\xfc\xda' \
b'\x02\x00'
instruction_pointer = 0x007FFFFFFF400000
lines = []
for instruction in pydis.decode(instructions, instruction_pointer):
lines.append(str(instruction))
self.assertListEqual(lines, [
'push rcx', 'lea eax, [rbp-0x01]', 'push rax', 'push [rbp+0x0C]',
'push [rbp+0x08]', 'call [0x008000007588A5B1]', 'test eax, eax',
'js 0x007FFFFFFF42DB15'
])
def resolve(self, addr, depth):
_gadgets = []
for i in range(0, 100):
if addr - i <= 0: break
if len(_gadgets) >= depth: break
pointer = utils.get_base_address() + addr - i
_bytes = self.bytes[addr - i:addr + 1]
try:
for instruction in pydis.decode(_bytes, pointer):
str(instruction) # force exception if any
_gadgets.append((_bytes, pointer))
except:
pass
self.gadgets.extend(_gadgets)
def clean(self):
cleaned = []
for (gadget, pointer) in self.gadgets:
gadgets = []
instructions = pydis.decode(gadget, pointer)
for instruction in instructions:
gadgets.append(str(instruction))
if len(gadgets) > 0 and any(
gadgets[-1].startswith(jump_filter)
for jump_filter in self.jump_filters) and all(
not_allowed not in ";".join(gadgets)
for not_allowed in self.filters):
cleaned.append((gadget, pointer))
self.gadgets = cleaned
self.remove_duplicates()
import pydis
instructions = b'\x51\x8d\x45\xff\x50\xff\x75\x0c\xff\x75\x08\xff\x15\xa0\xa5\x48\x76\x85\xc0\x0f\x88\xfc\xda\x02\x00'
instruction_pointer = 0x007FFFFFFF400000
for instruction in pydis.decode(instructions, instruction_pointer):
print(instruction)