def mov(dest, src, stack_allowed = True, arch = None):
"""Does a mov into the dest while newlines and null characters.
The src can be be an immediate or another register.
If the stack is not allowed to be used, set stack_allowed to False.
"""
comment = '// Set %s = %s\n' % (dest, src)
src = arg_fixup(src)
allowed = pwn.get_only()
if src == dest:
return "// setting %s to %s, but this is a no-op" % (dest, src)
if arch == 'i386':
return comment + _mov_i386(dest, src, stack_allowed)
elif arch == 'amd64':
return comment + _mov_amd64(dest, src, stack_allowed)
elif arch == 'arm':
return comment + _mov_arm(dest, src)
elif arch == 'thumb':
return comment + _mov_thumb(dest, src)
no_support('mov', 'any', arch)
def mov(dest, src, stack_allowed=True, arch=None):
"""Does a mov into the dest while newlines and null characters.
The src can be be an immediate or another register.
If the stack is not allowed to be used, set stack_allowed to False.
"""
comment = '// Set %s = %s\n' % (dest, src)
src = arg_fixup(src)
allowed = pwn.get_only()
if src == dest:
return "// setting %s to %s, but this is a no-op" % (dest, src)
if arch == 'i386':
return comment + _mov_i386(dest, src, stack_allowed)
elif arch == 'amd64':
return comment + _mov_amd64(dest, src, stack_allowed)
elif arch == 'arm':
return comment + _mov_arm(dest, src)
elif arch == 'thumb':
return comment + _mov_thumb(dest, src)
no_support('mov', 'any', arch)
def mov(dest, src, stack_allowed=True, recursion_depth=1, arch=None):
"""Does a mov into the dest while newlines and null characters.
The src can be be an immediate or another register.
If the stack is not allowed to be used, set stack_allowed to False.
"""
src = arg_fixup(src)
allowed = pwn.get_only()
if arch == 'i386':
return _mov_i386(dest, src, stack_allowed, recursion_depth)
elif arch == 'amd64':
return _mov_amd64(dest, src, stack_allowed, recursion_depth)
no_support('mov', 'any', arch)
def mov(dest, src, stack_allowed = True, recursion_depth = 1, arch = None):
"""Does a mov into the dest while newlines and null characters.
The src can be be an immediate or another register.
If the stack is not allowed to be used, set stack_allowed to False.
"""
src = arg_fixup(src)
allowed = pwn.get_only()
if arch == 'i386':
return _mov_i386(dest, src, stack_allowed, recursion_depth)
elif arch == 'amd64':
return _mov_amd64(dest, src, stack_allowed, recursion_depth)
no_support('mov', 'any', arch)
def xor_pair(data):
"""Args: data
Finds two pieces of data that will xor together into the argument, while avoiding
the bytes specified using the avoid module."""
only = pwn.get_only()
data = flat(data)
res1 = ''
res2 = ''
for c1 in data:
for c2 in only:
if xor(c1, c2) in only:
res1 += c2
res2 += xor(c1, c2)
break
else:
return None
return (res1, res2)
def xor_pair(data):
"""Args: data
Finds two pieces of data that will xor together into the argument, while avoiding
the bytes specified using the avoid module."""
only = pwn.get_only()
data = flat(data)
res1 = ''
res2 = ''
for c1 in data:
for c2 in only:
if xor(c1, c2) in only:
res1 += c2
res2 += xor(c1, c2)
break
else:
return None
return (res1, res2)
def randoms(count):
"""Args: count
Returns a number of random bytes, while avoiding the bytes specified using the avoid module."""
return ''.join(random.choice(pwn.get_only()) for n in range(count))
def randoms(count):
"""Args: count
Returns a number of random bytes, while avoiding the bytes specified using the avoid module."""
import random
return ''.join(random.choice(pwn.get_only()) for n in range(count))