Skip to content

Commit

Permalink
Undo improper change to x86 execve syscall code
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakelamberson
jakelamberson authored Aug 15, 2023
1 parent 54dc98a commit 73119fc
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions ropper/ropchain/arch/ropchainx86.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -659,7 +659,7 @@ def create(self, options={}):
raise RopChainError('No argument support for execve commands')

self._printMessage('ROPchain Generator for syscall execve:\n')
self._printMessage('\nwrite command into data section\neax 0x3b\nebx address to cmd\necx address to null\nedx address to null\n')
self._printMessage('\nwrite command into data section\neax 0xb\nebx address to cmd\necx address to null\nedx address to null\n')
chain = self._printHeader()
gadgets = []
can_create_command = False
Expand Down Expand Up @@ -695,7 +695,7 @@ def create(self, options={}):
gadgets.append((self._createAddress, [cmdaddress],{'reg':'ebx'},['ebx', 'bx', 'bl', 'bh']))
gadgets.append((self._createAddress, [nulladdress],{'reg':'ecx'},['ecx', 'cx', 'cl', 'ch']))
gadgets.append((self._createAddress, [nulladdress],{'reg':'edx'},['edx', 'dx', 'dl', 'dh']))
gadgets.append((self._createNumber, [0x3b],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
gadgets.append((self._createNumber, [0xb],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
if address is not None and not can_create_command:
if type(address) is str:
cmdaddress = int(address, 16)
Expand All @@ -709,7 +709,7 @@ def create(self, options={}):
gadgets.append((self._createNumber, [cmdaddress],{'reg':'ebx'},['ebx', 'bx', 'bl', 'bh']))
gadgets.append((self._createNumber, [nulladdress],{'reg':'ecx'},['ecx', 'cx', 'cl', 'ch']))
gadgets.append((self._createNumber, [nulladdress],{'reg':'edx'},['edx', 'dx', 'dl', 'dh']))
gadgets.append((self._createNumber, [0x3b],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
gadgets.append((self._createNumber, [0xb],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))

self._printMessage('Try to create chain which fills registers without delete content of previous filled registers')
chain_tmp += self._createDependenceChain(gadgets)
Expand Down

0 comments on commit 73119fc

Please sign in to comment.