/
push.asm
62 lines (55 loc) · 1.7 KB
/
push.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<%
from pwnlib.util import packing
from pwnlib.shellcraft import i386
from pwnlib import constants
from pwnlib.shellcraft.registers import get_register, is_register, bits_required
import re
%>
<%page args="value"/>
<%docstring>
Pushes a value onto the stack without using
null bytes or newline characters.
If src is a string, then we try to evaluate with `context.arch = 'i386'` using
:func:`pwnlib.constants.eval` before determining how to push it. Note that this
means that this shellcode can change behavior depending on the value of
`context.os`.
Args:
value (int,str): The value or register to push
Example:
>>> print pwnlib.shellcraft.i386.push(0).rstrip()
/* push 0 */
push 1
dec byte ptr [esp]
>>> print pwnlib.shellcraft.i386.push(1).rstrip()
/* push 1 */
push 1
>>> print pwnlib.shellcraft.i386.push(256).rstrip()
/* push 0x100 */
push 0x1010201
xor dword ptr [esp], 0x1010301
>>> print pwnlib.shellcraft.i386.push('SYS_execve').rstrip()
/* push SYS_execve (0xb) */
push 0xb
>>> print pwnlib.shellcraft.i386.push('SYS_sendfile').rstrip()
/* push SYS_sendfile (0xbb) */
push 0x1010101
xor dword ptr [esp], 0x10101ba
>>> with context.local(os = 'freebsd'):
... print pwnlib.shellcraft.i386.push('SYS_execve').rstrip()
/* push SYS_execve (0x3b) */
push 0x3b
</%docstring>
<%
value_orig = value
is_reg = get_register(value)
if not is_reg and isinstance(value, (str, unicode)):
try:
value = constants.eval(value)
except (ValueError, AttributeError):
pass
%>
% if is_reg:
push ${value}
% else:
${i386.pushstr(value, False)}
% endif