def render_body(context,gid='egid',**pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(pageargs=pageargs,gid=gid)
__M_writer = context.writer()
from pwnlib.shellcraft import amd64
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['amd64'] if __M_key in __M_locals_builtin_stored]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n\n')
if gid == 'egid':
__M_writer(u' /* getegid */\n ')
__M_writer(unicode(amd64.linux.syscall('SYS_getegid')))
__M_writer(u'\n ')
__M_writer(unicode(amd64.mov('rdi', 'rax')))
__M_writer(u'\n')
else:
__M_writer(u' ')
__M_writer(unicode(amd64.mov('rdi', gid)))
__M_writer(u'\n')
__M_writer(u'\n ')
__M_writer(unicode(amd64.linux.syscall('SYS_setregid', 'rdi', 'rdi')))
__M_writer(u'\n')
return ''
finally:
context.caller_stack._pop_frame()
def render_body(context, sock='rbp', **pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(pageargs=pageargs, sock=sock)
__M_writer = context.writer()
from pwnlib.shellcraft import common, amd64
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['common', 'amd64']
if __M_key in __M_locals_builtin_stored]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n')
dup = common.label("dup")
looplabel = common.label("loop")
after = common.label("after")
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(
__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key])
for __M_key in ['dup', 'after', 'looplabel']
if __M_key in __M_locals_builtin_stored]))
__M_writer(u'\n\n\n')
__M_writer(unicode(dup))
__M_writer(u':\n ')
__M_writer(unicode(amd64.mov('rbp', sock)))
__M_writer(u'\n\n push 3\n')
__M_writer(unicode(looplabel))
__M_writer(u':\n pop rsi\n dec rsi\n js ')
__M_writer(unicode(after))
__M_writer(u'\n push rsi\n\n ')
__M_writer(unicode(amd64.linux.syscall('SYS_dup2', 'rbp', 'rsi')))
__M_writer(u'\n\n jmp ')
__M_writer(unicode(looplabel))
__M_writer(u'\n')
__M_writer(unicode(after))
__M_writer(u':\n')
return ''
finally:
context.caller_stack._pop_frame()
def render_body(context,return_value=None,**pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(pageargs=pageargs,return_value=return_value)
__M_writer = context.writer()
from pwnlib.shellcraft import amd64
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['amd64'] if __M_key in __M_locals_builtin_stored]))
__M_writer(u'\n')
__M_writer(u'\n')
__M_writer(u'\n\n')
if return_value != None:
__M_writer(u' ')
__M_writer(unicode(amd64.mov('rax', return_value)))
__M_writer(u'\n')
__M_writer(u'\n ret\n')
return ''
finally:
context.caller_stack._pop_frame()
def render_body(context,syscall=None,arg0=None,arg1=None,arg2=None,arg3=None,arg4=None,arg5=None,**pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(syscall=syscall,arg1=arg1,arg2=arg2,arg3=arg3,arg4=arg4,arg5=arg5,arg0=arg0,pageargs=pageargs)
str = context.get('str', UNDEFINED)
zip = context.get('zip', UNDEFINED)
repr = context.get('repr', UNDEFINED)
getattr = context.get('getattr', UNDEFINED)
unicode = context.get('unicode', UNDEFINED)
isinstance = context.get('isinstance', UNDEFINED)
__M_writer = context.writer()
from pwnlib.shellcraft import amd64
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['amd64'] if __M_key in __M_locals_builtin_stored]))
from pwnlib.constants.linux import amd64 as constants
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['constants'] if __M_key in __M_locals_builtin_stored]))
__M_writer(u'\n')
__M_writer(u'\n')
append_cdq = False
if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'):
syscall_repr = syscall[4:] + "(%s)"
args = []
else:
syscall_repr = 'syscall(%s)'
if syscall == None:
args = ['?']
else:
args = [repr(syscall)]
for arg in [arg0, arg1, arg2, arg3, arg4, arg5]:
if arg == None:
args.append('?')
else:
args.append(repr(arg))
while args and args[-1] == '?':
args.pop()
syscall_repr = syscall_repr % ', '.join(args)
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['append_cdq','args','arg','syscall_repr'] if __M_key in __M_locals_builtin_stored]))
__M_writer(u' /* call ')
__M_writer(unicode(syscall_repr))
__M_writer(u' */\n')
for dst, src in zip(['rdi', 'rsi', 'rdx', 'r10', 'r8', 'r9', 'rax'], [arg0, arg1, arg2, arg3, arg4, arg5, syscall]):
if dst == 'rdx' and src == 0:
__M_writer(u' ')
append_cdq = True
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['append_cdq'] if __M_key in __M_locals_builtin_stored]))
elif src != None:
__M_writer(u' ')
if isinstance(src, (str, unicode)):
src = getattr(constants, src, src)
__M_locals_builtin_stored = __M_locals_builtin()
__M_locals.update(__M_dict_builtin([(__M_key, __M_locals_builtin_stored[__M_key]) for __M_key in ['src'] if __M_key in __M_locals_builtin_stored]))
__M_writer(u' ')
__M_writer(unicode(amd64.mov(dst, src)))
__M_writer(u'\n')
if append_cdq:
__M_writer(u' cdq /* Set rdx to 0, rax is known to be positive */\n')
__M_writer(u' syscall\n')
return ''
finally:
context.caller_stack._pop_frame()