Merge 79d7c99 into 01df19d

Gallopsled · Aug 8, 2022 · 159b2c0 · 159b2c0
2 parents 01df19d + 79d7c99
commit 159b2c0
Show file tree

Hide file tree

Showing 11 changed files with 71 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -67,8 +67,10 @@ The table below shows which release corresponds to each branch, and what date th
 ## 4.10.0 (`dev`)
 
 - [#2062][2062] make pwn cyclic -l work with entry larger than 4 bytes
+- [#2092][2092] shellcraft: dup() is now called dupio() consistently across all supported arches
 
 [2062]: https://github.com/Gallopsled/pwntools/pull/2062
+[2092]: https://github.com/Gallopsled/pwntools/pull/2092
 
 ## 4.9.0 (`beta`)
 

diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dupio.asm b/pwnlib/shellcraft/templates/aarch64/linux/dupio.asm
@@ -0,0 +1,18 @@
+<% from pwnlib.shellcraft import common %>
+<% from pwnlib.shellcraft.aarch64 import mov,setregs %>
+<%page args="sock = 'x12'"/>
+<%docstring>
+Args: [sock (imm/reg) = x12]
+    Duplicates sock to stdin, stdout and stderr
+</%docstring>
+<%
+  looplabel = common.label("loop")
+%>
+    /* dup() file descriptor ${sock} into stdin/stdout/stderr */
+        ${setregs({'x8': 'SYS_dup3', 'x1': 2, 'x2': 0})}
+
+${looplabel}:
+        ${mov('x0', sock)}
+        svc #0
+        subs x1, x1, #1
+        bpl ${looplabel}
diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dupsh.asm b/pwnlib/shellcraft/templates/aarch64/linux/dupsh.asm
@@ -0,0 +1,11 @@
+<% from pwnlib.shellcraft.aarch64 import linux %>
+<%page args="sock = 'x12'"/>
+<%docstring>
+Args: [sock (imm/reg) = x12]
+    Duplicates sock to stdin, stdout and stderr and spawns a shell.
+</%docstring>
+
+
+${linux.dupio(sock)}
+
+${linux.sh()}
diff --git a/.../shellcraft/templates/amd64/linux/dup.asm → ...hellcraft/templates/amd64/linux/dupio.asm b/.../shellcraft/templates/amd64/linux/dup.asm → ...hellcraft/templates/amd64/linux/dupio.asm
@@ -5,23 +5,12 @@ Args: [sock (imm/reg) = rbp]
     Duplicates sock to stdin, stdout and stderr
 </%docstring>
 <%
-  dup       = common.label("dup")
   looplabel = common.label("loop")
-  after     = common.label("after")
 %>
 
     /* dup() file descriptor ${sock} into stdin/stdout/stderr */
-${dup}:
-    ${amd64.mov('rbp', sock)}
-
-    push 3
+    ${amd64.setregs({'rdi': sock, 'rsi': 2})}
 ${looplabel}:
-    pop rsi
+    ${amd64.linux.dup2('rdi', 'rsi')}
     dec rsi
-    js ${after}
-    push rsi
-
-    ${amd64.linux.syscall('SYS_dup2', 'rbp', 'rsi')}
-
-    jmp ${looplabel}
-${after}:
+    jns ${looplabel}
diff --git a/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm b/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm
@@ -7,6 +7,6 @@ Args: [sock (imm/reg) = rbp]
 </%docstring>
 
 
-${linux.dup(sock)}
+${linux.dupio(sock)}
 
 ${linux.sh()}
diff --git a/pwnlib/shellcraft/templates/arm/linux/dupio.asm b/pwnlib/shellcraft/templates/arm/linux/dupio.asm
@@ -0,0 +1,19 @@
+<% from pwnlib.shellcraft import common %>
+<% from pwnlib.shellcraft.arm import mov %>
+<%page args="sock = 'r6'"/>
+<%docstring>
+Args: [sock (imm/reg) = r6]
+    Duplicates sock to stdin, stdout and stderr
+</%docstring>
+<%
+  looplabel = common.label("loop")
+%>
+    /* dup() file descriptor ${sock} into stdin/stdout/stderr */
+        ${mov('r1', 2)}
+        ${mov('r7', 'SYS_dup2')}
+
+${looplabel}:
+        ${mov('r0', sock)}
+        svc 0
+        subs r1, #1
+        bpl ${looplabel}
diff --git a/pwnlib/shellcraft/templates/arm/linux/dupsh.asm b/pwnlib/shellcraft/templates/arm/linux/dupsh.asm
@@ -0,0 +1,11 @@
+<% from pwnlib.shellcraft.arm import linux %>
+<%page args="sock = 'r6'"/>
+<%docstring>
+Args: [sock (imm/reg) = r6]
+    Duplicates sock to stdin, stdout and stderr and spawns a shell.
+</%docstring>
+
+
+${linux.dupio(sock)}
+
+${linux.sh()}
diff --git a/pwnlib/shellcraft/templates/i386/linux/dupio.asm b/pwnlib/shellcraft/templates/i386/linux/dupio.asm
@@ -1,22 +1,18 @@
 <% from pwnlib.shellcraft.i386.linux import dup2 %>
-<% from pwnlib.shellcraft.i386 import mov %>
+<% from pwnlib.shellcraft.i386 import setregs %>
 <% from pwnlib.shellcraft import common %>
 <%page args="sock = 'ebp'"/>
 <%docstring>
 Args: [sock (imm/reg) = ebp]
     Duplicates sock to stdin, stdout and stderr
 </%docstring>
 <%
-  dup       = common.label("dup")
   looplabel = common.label("loop")
 %>
 
     /* dup() file descriptor ${sock} into stdin/stdout/stderr */
-${dup}:
-    ${mov('ebx', sock)}
-    ${mov('ecx', 3)}
+    ${setregs({'ebx': sock, 'ecx': 2})}
 ${looplabel}:
-    dec ecx
-
     ${dup2('ebx', 'ecx')}
-    jnz ${looplabel}
+    dec ecx
+    jns ${looplabel}
diff --git a/pwnlib/shellcraft/templates/mips/linux/dupio.asm b/pwnlib/shellcraft/templates/mips/linux/dupio.asm
@@ -7,12 +7,10 @@ Args: [sock (imm/reg) = s0]
     Duplicates sock to stdin, stdout and stderr
 </%docstring>
 <%
-   dup       = common.label("dup")
    looplabel = common.label("loop")
 %>
 
     /* dup() file descriptor ${sock} into stdin/stdout/stderr */
-${dup}:
     ${mov('$v0',2)}
 ${looplabel}:
     ${dup2(sock,'$v0')}

diff --git a/.../shellcraft/templates/thumb/linux/dup.asm → ...hellcraft/templates/thumb/linux/dupio.asm b/.../shellcraft/templates/thumb/linux/dup.asm → ...hellcraft/templates/thumb/linux/dupio.asm
@@ -6,11 +6,9 @@ Args: [sock (imm/reg) = r6]
     Duplicates sock to stdin, stdout and stderr
 </%docstring>
 <%
-  dup       = common.label("dup")
   looplabel = common.label("loop")
 %>
     /* dup() file descriptor ${sock} into stdin/stdout/stderr */
-${dup}:
         ${mov('r1', 2)}
         ${mov('r7', 'SYS_dup2')}
 

diff --git a/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm b/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm
@@ -1,11 +1,11 @@
 <% from pwnlib.shellcraft.thumb import linux %>
 <%page args="sock = 'r6'"/>
 <%docstring>
-Args: [sock (imm/reg) = ebp]
+Args: [sock (imm/reg) = r6]
     Duplicates sock to stdin, stdout and stderr and spawns a shell.
 </%docstring>
 
 
-${linux.dup(sock)}
+${linux.dupio(sock)}
 
 ${linux.sh()}