def render_body(context,
syscall=None,
arg0=None,
arg1=None,
arg2=None,
arg3=None,
arg4=None,
arg5=None,
**pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(syscall=syscall,
arg1=arg1,
arg2=arg2,
arg3=arg3,
arg4=arg4,
arg5=arg5,
arg0=arg0,
pageargs=pageargs)
str = context.get('str', UNDEFINED)
zip = context.get('zip', UNDEFINED)
repr = context.get('repr', UNDEFINED)
dict = context.get('dict', UNDEFINED)
unicode = context.get('unicode', UNDEFINED)
isinstance = context.get('isinstance', UNDEFINED)
any = context.get('any', UNDEFINED)
__M_writer = context.writer()
from pwnlib.shellcraft import i386, pretty
from pwnlib.constants import Constant
from pwnlib.abi import linux_i386_syscall as abi
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['abi', 'i386', 'Constant', 'pretty']
if __M_key in __M_locals_builtin_stored
]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n')
if isinstance(
syscall,
(str, unicode, Constant)) and str(syscall).startswith('SYS_'):
syscall_repr = str(syscall)[4:] + "(%s)"
args = []
else:
syscall_repr = 'syscall(%s)'
if syscall == None:
args = ['?']
else:
args = [repr(syscall)]
for arg in [arg0, arg1, arg2, arg3, arg4, arg5]:
if arg == None:
args.append('?')
else:
args.append(pretty(arg, False))
while args and args[-1] == '?':
args.pop()
syscall_repr = syscall_repr % ', '.join(args)
registers = abi.register_arguments
arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5]
regctx = dict(zip(registers, arguments))
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in [
'regctx', 'args', 'registers', 'arguments',
'arg', 'syscall_repr'
] if __M_key in __M_locals_builtin_stored]))
__M_writer(u' /* call ')
__M_writer(unicode(syscall_repr))
__M_writer(u' */\n')
if any(a is not None for a in arguments):
__M_writer(u' ')
__M_writer(unicode(i386.setregs(regctx)))
__M_writer(u'\n')
__M_writer(u' int 0x80\n')
return ''
finally:
context.caller_stack._pop_frame()
def render_body(context, string, append_null=True, **pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(pageargs=pageargs,
string=string,
append_null=append_null)
ord = context.get('ord', UNDEFINED)
isinstance = context.get('isinstance', UNDEFINED)
str = context.get('str', UNDEFINED)
__M_writer = context.writer()
from pwnlib.util import lists, packing, fiddling
from pwnlib.shellcraft import pretty, okay
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in
['packing', 'fiddling', 'okay', 'pretty', 'lists']
if __M_key in __M_locals_builtin_stored
]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n')
original = string
string = packing.flat(string)
if append_null:
string += '\x00'
if isinstance(original, str):
original += '\x00'
if not string:
return
if ord(string[-1]) >= 128:
extend = '\xff'
else:
extend = '\x00'
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['original', 'extend', 'string']
if __M_key in __M_locals_builtin_stored]))
__M_writer(u' /* push ')
__M_writer(unicode(pretty(original, False)))
__M_writer(u' */\n')
for word in lists.group(4, string, 'fill', extend)[::-1]:
sign = packing.u32(word, endian='little', sign='signed')
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['sign']
if __M_key in __M_locals_builtin_stored]))
if sign in [0, 0xa]:
__M_writer(u' push ')
__M_writer(unicode(pretty(sign + 1)))
__M_writer(u'\n dec byte ptr [esp]\n')
elif -0x80 <= sign <= 0x7f and okay(word[0]):
__M_writer(u' push ')
__M_writer(unicode(pretty(sign)))
__M_writer(u'\n')
elif okay(word):
__M_writer(u' push ')
__M_writer(unicode(pretty(sign)))
__M_writer(u'\n')
else:
a, b = fiddling.xor_pair(word, avoid='\x00\n')
a = packing.u32(a, endian='little', sign='unsigned')
b = packing.u32(b, endian='little', sign='unsigned')
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['a', 'b']
if __M_key in __M_locals_builtin_stored
]))
__M_writer(u' push ')
__M_writer(unicode(pretty(a)))
__M_writer(u'\n xor dword ptr [esp], ')
__M_writer(unicode(pretty(b)))
__M_writer(u'\n')
return ''
finally:
context.caller_stack._pop_frame()
def render_body(context, dest, src, stack_allowed=True, **pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(dest=dest,
src=src,
pageargs=pageargs,
stack_allowed=stack_allowed)
tuple = context.get('tuple', UNDEFINED)
int = context.get('int', UNDEFINED)
hex = context.get('hex', UNDEFINED)
long = context.get('long', UNDEFINED)
str = context.get('str', UNDEFINED)
isinstance = context.get('isinstance', UNDEFINED)
__M_writer = context.writer()
from pwnlib.shellcraft import eval, pretty, okay
from pwnlib.util import lists, packing, fiddling, misc
from pwnlib.log import getLogger
from pwnlib.shellcraft.registers import get_register, is_register, bits_required
log = getLogger('pwnlib.shellcraft.i386.mov')
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in [
'okay', 'eval', 'misc', 'bits_required', 'lists',
'get_register', 'getLogger', 'packing', 'fiddling',
'pretty', 'is_register', 'log'
] if __M_key in __M_locals_builtin_stored
]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n')
src_name = src
if not isinstance(src, (str, tuple)):
src_name = pretty(src)
if not get_register(dest):
log.error('%r is not a register' % dest)
dest = get_register(dest)
if dest.size > 32 or dest.is64bit:
log.error("cannot use %s on i386" % dest)
if get_register(src):
src = get_register(src)
if src.is64bit:
log.error("cannot use %s on i386" % src)
if dest.size < src.size and src.name not in dest.bigger:
log.error("cannot mov %s, %s: dddest is smaller than src" %
(dest, src))
else:
src = eval(src)
if not dest.fits(src):
log.error("cannot mov %s, %r: dest is smaller than src" %
(dest, src))
src_size = bits_required(src)
# Calculate the packed version
mask = ((1 << 32) - 1)
masked = src & mask
srcp = packing.pack(masked, dest.size)
# Calculate the unsigned and signed versions
srcu = packing.unpack(srcp, dest.size, sign=False)
srcs = packing.unpack(srcp, dest.size, sign=True)
srcp_not = packing.pack(fiddling.bnot(masked))
srcp_neg = packing.pack(fiddling.negate(masked))
srcu_not = packing.unpack(srcp_not)
srcu_neg = packing.unpack(srcp_neg)
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in [
'src', 'srcp_neg', 'src_size', 'dest', 'mask', 'srcu_not',
'srcp_not', 'srcs', 'srcp', 'masked', 'srcu', 'src_name',
'srcu_neg'
] if __M_key in __M_locals_builtin_stored
]))
if is_register(src):
if src == dest:
__M_writer(u' /* moving ')
__M_writer(unicode(src))
__M_writer(u' into ')
__M_writer(unicode(dest))
__M_writer(u', but this is a no-op */\n')
elif src.name in dest.bigger:
__M_writer(u' /* moving ')
__M_writer(unicode(src))
__M_writer(u' into ')
__M_writer(unicode(dest))
__M_writer(u', but this is a no-op */\n')
elif dest.size > src.size:
__M_writer(u' movzx ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(src))
__M_writer(u'\n')
else:
__M_writer(u' mov ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(src))
__M_writer(u'\n')
elif isinstance(src, (int, long)):
if src == 0:
__M_writer(u' xor ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(dest))
__M_writer(u'\n')
elif stack_allowed and dest.size == 32 and src == 10:
__M_writer(u' push 9 /* mov ')
__M_writer(unicode(dest))
__M_writer(u", '\\n' */\n pop ")
__M_writer(unicode(dest))
__M_writer(u'\n inc ')
__M_writer(unicode(dest))
__M_writer(u'\n')
elif stack_allowed and dest.size == 32 and okay(srcp):
__M_writer(u' push ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n pop ')
__M_writer(unicode(dest))
__M_writer(u'\n')
elif stack_allowed and dest.size == 32 and -127 <= srcs < 128 and okay(
srcp[0]):
__M_writer(u' push ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n pop ')
__M_writer(unicode(dest))
__M_writer(u'\n')
elif okay(srcp):
__M_writer(u' mov ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n')
elif 0 <= srcu < 2**8 and okay(srcp[0]) and dest.sizes.get(8, 0):
__M_writer(u' xor ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(dest))
__M_writer(u'\n mov ')
__M_writer(unicode(dest.sizes[8]))
__M_writer(u', ')
__M_writer(unicode(pretty(srcu)))
__M_writer(u'\n')
elif srcu == (srcu & 0xff00) and okay(srcp[1]) and dest.ff00:
__M_writer(u' xor ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(dest))
__M_writer(u'\n mov ')
__M_writer(unicode(dest.ff00))
__M_writer(u', ')
__M_writer(unicode(pretty(src)))
__M_writer(u' >> 8\n')
elif 0 <= srcu < 2**16 and okay(srcp[:2]) and dest.sizes[16]:
__M_writer(u' xor ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(dest))
__M_writer(u'\n mov ')
__M_writer(unicode(dest.sizes[16]))
__M_writer(u', ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n')
elif okay(srcp_neg):
__M_writer(u' mov ')
__M_writer(unicode(dest))
__M_writer(u', -')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n neg ')
__M_writer(unicode(dest))
__M_writer(u'\n')
elif okay(srcp_not):
__M_writer(u' mov ')
__M_writer(unicode(dest))
__M_writer(u', (-1) ^ ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n not ')
__M_writer(unicode(dest))
__M_writer(u'\n')
else:
__M_writer(u' ')
a, b = fiddling.xor_pair(srcp, avoid='\x00\n')
a = hex(packing.unpack(a, dest.size))
b = hex(packing.unpack(b, dest.size))
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([
(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['a', 'b']
if __M_key in __M_locals_builtin_stored
]))
__M_writer(u' mov ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(a))
__M_writer(u'\n xor ')
__M_writer(unicode(dest))
__M_writer(u', ')
__M_writer(unicode(a))
__M_writer(u' ^ ')
__M_writer(unicode(pretty(src)))
__M_writer(u'\n')
return ''
finally:
context.caller_stack._pop_frame()
