def print_payload_code(self, constraints=None, print_instructions=True): """ :param print_instructions: prints the instructions that the rop gadgets use :return: prints the code for the rop payload """ if self._p.arch.bits == 32: pack = "p32(%#x)" pack_rebase = "p32(%#x + base_addr)" else: pack = "p64(%#x)" pack_rebase = "p64(%#x + base_addr)" if self._pie: payload = "base_addr = 0x0\n" else: payload = "" payload += 'chain = ""\n' gadget_dict = {g.addr: g for g in self._gadgets} concrete_vals = self._concretize_chain_values(constraints) for value, needs_rebase in concrete_vals: instruction_code = "" if print_instructions: if needs_rebase: #dealing with pie code value_in_gadget = AT.from_lva( value, self._p.loader.main_object).to_mva() else: value_in_gadget = value if value_in_gadget in gadget_dict: asmstring = rop_utils.gadget_to_asmstring( self._p, gadget_dict[value_in_gadget]) if asmstring != "": instruction_code = "\t# " + asmstring if needs_rebase: payload += "chain += " + pack_rebase % value + instruction_code else: payload += "chain += " + pack % value + instruction_code payload += "\n" print(payload)
def print_payload_code(self, constraints=None, print_instructions=True): """ :param print_instructions: prints the instructions that the rop gadgets use :return: prints the code for the rop payload """ if self._p.arch.bits == 32: pack = "p32(%#x)" pack_rebase = "p32(%#x + base_addr)" else: pack = "p64(%#x)" pack_rebase = "p64(%#x + base_addr)" if self._pie: payload = "base_addr = 0x0\n" else: payload = "" payload += 'chain = ""\n' gadget_dict = {g.addr:g for g in self._gadgets} concrete_vals = self._concretize_chain_values(constraints) for value, needs_rebase in concrete_vals: instruction_code = "" if print_instructions: if needs_rebase: #dealing with pie code value_in_gadget = AT.from_lva(value, self._p.loader.main_object).to_mva() else: value_in_gadget = value if value_in_gadget in gadget_dict: asmstring = rop_utils.gadget_to_asmstring(self._p,gadget_dict[value_in_gadget]) if asmstring != "": instruction_code = "\t# " + asmstring if needs_rebase: payload += "chain += " + pack_rebase % value + instruction_code else: payload += "chain += " + pack % value + instruction_code payload += "\n" print(payload)
def test_lva_mva_translation(): nose.tools.assert_equal(AT.from_lva(0x8048000, owner).to_mva(), 0xa000000) nose.tools.assert_equal(AT.from_mva(0xa1b9a1b, owner).to_lva(), 0x8201a1b)
def rebase(self): super(AngrExternObject, self).rebase() self._next_addr = AT.from_lva(self._next_addr, self).to_mva()