/
loader_append.asm
49 lines (41 loc) · 1.29 KB
/
loader_append.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<%
from pwnlib.shellcraft.thumb.linux import loader
from pwnlib.shellcraft import common
%>
<%docstring>
Loads a statically-linked ELF into memory and transfers control.
Similar to loader.asm but loads an appended ELF.
Arguments:
data(str): If a valid filename, the data is loaded from the named file.
Otherwise, this is treated as raw ELF data to append.
If ``None``, it is ignored.
Example:
The following doctest is commented out because it doesn't work on Travis
for reasons I cannot diagnose. However, it should work just fine :-)
>>> payload = shellcraft.echo(b'Hello, world!\n') + shellcraft.exit(0)
>>> payloadELF = ELF.from_assembly(payload)
>>> payloadELF.arch
'arm'
>>> loader = shellcraft.loader_append(payloadELF.data)
>>> loaderELF = ELF.from_assembly(loader, vma=0, shared=True)
>>> loaderELF.process().recvall()
b'Hello, world!\n'
</%docstring>
<%page args="data = None"/>
<%
there = common.label('there')
here = common.label('here')
%>
add r0, pc, #0+(${there} - ${here})
${here}:
${loader('r0')}
${there}:
%if data:
<%
import os
if b'\x00' not in data and os.path.isfile(data):
with open(data, 'rb') as f:
data = f.read()
%>
${'.string "%s"' % ''.join('\\x%02x' % c for c in bytearray(data))}
%endif