-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
itoa.asm
61 lines (57 loc) · 1.45 KB
/
itoa.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<%
from pwnlib.shellcraft import pretty, common, registers
from pwnlib.shellcraft.i386 import mov, pushstr
from pwnlib import constants
%>
<%docstring>
Converts an integer into its string representation, and pushes it
onto the stack.
Arguments:
v(str, int):
Integer constant or register that contains the value to convert.
alloca
Example:
>>> sc = shellcraft.i386.mov('eax', 0xdeadbeef)
>>> sc += shellcraft.i386.itoa('eax')
>>> sc += shellcraft.i386.linux.write(1, 'esp', 32)
>>> run_assembly(sc).recvuntil(b'\x00')
b'3735928559\x00'
</%docstring>
<%page args="v, buffer='esp', allocate_stack=True"/>
<%
itoa_loop = common.label('itoa_loop')
size_loop = common.label('size_loop')
assert v in registers.i386
%>\
/* atoi(${pretty(v,0)}) */
%if allocate_stack and buffer=='esp':
sub esp, 0x10
%endif
## We need to know how long the string is, in order for
## the beginning of the string to be *exactly* at esp.
${mov('edi', buffer)}
${mov('eax', v)}
push eax /* save for later */
${size_loop}:
${mov('edx', 0)}
${mov('ecx', 10)}
div ecx
inc edi
test eax, eax
jnz ${size_loop}
dec edi
## Now we begin the actual division process
pop eax
${itoa_loop}:
${mov('edx', 0)}
## ecx is already 10
div ecx
add dl, ${ord('0')}
mov BYTE PTR [edi], dl
dec edi
test eax, eax
jnz ${itoa_loop}
## null terminate
${mov('edx', 0)}
mov BYTE PTR [edi], dl
inc edi