def print_payload_code(self, constraints=None, print_instructions=True):
"""
:param print_instructions: prints the instructions that the rop gadgets use
:return: prints the code for the rop payload
"""
if self._p.arch.bits == 32:
pack = "p32(%#x)"
pack_rebase = "p32(%#x + base_addr)"
else:
pack = "p64(%#x)"
pack_rebase = "p64(%#x + base_addr)"
if self._pie:
payload = "base_addr = 0x0\n"
else:
payload = ""
payload += 'chain = ""\n'
gadget_dict = {g.addr: g for g in self._gadgets}
concrete_vals = self._concretize_chain_values(constraints)
for value, needs_rebase in concrete_vals:
instruction_code = ""
if print_instructions:
if needs_rebase:
#dealing with pie code
value_in_gadget = AT.from_lva(
value, self._p.loader.main_object).to_mva()
else:
value_in_gadget = value
if value_in_gadget in gadget_dict:
asmstring = rop_utils.gadget_to_asmstring(
self._p, gadget_dict[value_in_gadget])
if asmstring != "":
instruction_code = "\t# " + asmstring
if needs_rebase:
payload += "chain += " + pack_rebase % value + instruction_code
else:
payload += "chain += " + pack % value + instruction_code
payload += "\n"
print(payload)
def print_payload_code(self, constraints=None, print_instructions=True):
"""
:param print_instructions: prints the instructions that the rop gadgets use
:return: prints the code for the rop payload
"""
if self._p.arch.bits == 32:
pack = "p32(%#x)"
pack_rebase = "p32(%#x + base_addr)"
else:
pack = "p64(%#x)"
pack_rebase = "p64(%#x + base_addr)"
if self._pie:
payload = "base_addr = 0x0\n"
else:
payload = ""
payload += 'chain = ""\n'
gadget_dict = {g.addr:g for g in self._gadgets}
concrete_vals = self._concretize_chain_values(constraints)
for value, needs_rebase in concrete_vals:
instruction_code = ""
if print_instructions:
if needs_rebase:
#dealing with pie code
value_in_gadget = AT.from_lva(value, self._p.loader.main_object).to_mva()
else:
value_in_gadget = value
if value_in_gadget in gadget_dict:
asmstring = rop_utils.gadget_to_asmstring(self._p,gadget_dict[value_in_gadget])
if asmstring != "":
instruction_code = "\t# " + asmstring
if needs_rebase:
payload += "chain += " + pack_rebase % value + instruction_code
else:
payload += "chain += " + pack % value + instruction_code
payload += "\n"
print(payload)
def test_lva_mva_translation():
nose.tools.assert_equal(AT.from_lva(0x8048000, owner).to_mva(), 0xa000000)
nose.tools.assert_equal(AT.from_mva(0xa1b9a1b, owner).to_lva(), 0x8201a1b)
def rebase(self):
super(AngrExternObject, self).rebase()
self._next_addr = AT.from_lva(self._next_addr, self).to_mva()
def test_lva_mva_translation():
nose.tools.assert_equal(AT.from_lva(0x8048000, owner).to_mva(), 0xa000000)
nose.tools.assert_equal(AT.from_mva(0xa1b9a1b, owner).to_lva(), 0x8201a1b)
