shellcraft.amd64.mov: fix logic once again

Gallopsled · Jan 21, 2024 · b5253fa · b5253fa
1 parent ea22cc8
commit b5253fa
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 20 deletions.
diff --git a/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm b/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm
@@ -13,11 +13,11 @@ Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constan
 
 Example:
 
-    >>> print(shellcraft.aarch64.linux.syscall(11, 1, 'sp', 2, 0).rstrip())
-        /* call syscall(0xb, 1, 'sp', 2, 0) */
-        mov  x0, #1
+    >>> print(shellcraft.aarch64.linux.syscall(11, 9, 'sp', 8, 0).rstrip())
+        /* call syscall(0xb, 9, 'sp', 8, 0) */
+        mov  x0, #9
         mov  x1, sp
-        mov  x2, #2
+        mov  x2, #8
         mov  x3, xzr
         mov  x8, #11
         svc 0

diff --git a/pwnlib/shellcraft/templates/aarch64/mov.asm b/pwnlib/shellcraft/templates/aarch64/mov.asm
@@ -28,12 +28,12 @@ Examples:
         mov  x0, x1
     >>> print(shellcraft.mov('x0','0').rstrip())
         mov  x0, xzr
-    >>> print(shellcraft.mov('x0', 5).rstrip())
-        mov  x0, #5
-    >>> print(shellcraft.mov('x0', 0x34532).rstrip())
-        /* Set x0 = 214322 = 0x34532 */
+    >>> print(shellcraft.mov('x0', 9).rstrip())
+        mov  x0, #9
+    >>> print(shellcraft.mov('x0', 0x94532).rstrip())
+        /* Set x0 = 607538 = 0x94532 */
         mov  x0, #17714
-        movk x0, #3, lsl #16
+        movk x0, #9, lsl #16
 
 Args:
   dest (str): The destination register.
@@ -78,22 +78,30 @@ if isinstance(src, six.integer_types):
 	    dst = 'x15'
 	    lobits = 15
 
-    src = unpack(b''.join(words))
     xor = unpack(b''.join(xor))
+    if xor:
+        src = unpack(b''.join(words))
+
+tmp = 'x14'
+if dst == 'x14':
+    tmp = 'x15'
+if dst == 'x15':
+    tmp = 'x12'
 
 %>
 %if not isinstance(src, six.integer_types):
     mov  ${dst}, ${src}
 %else:
-  %if src & 0xffff == 0:
+  %if src == 0:
     mov  ${dst}, xzr
-  %endif
-  %if src & 0xffff == src != 0:
+  %elif src & 0xffff == src:
     mov  ${dst}, #${src}
   %else:
     /* Set ${dst} = ${src} = ${pretty(src, False)} */
     %if src & 0x000000000000ffff:
     mov  ${dst}, #${(src >> 0x00) & 0xffff}
+    %else:
+    mov  ${dst}, xzr
     %endif
     %if src & 0x00000000ffff0000:
     movk ${dst}, #${(src >> 0x10) & 0xffff}, lsl #16
@@ -106,8 +114,8 @@ if isinstance(src, six.integer_types):
     %endif
   %endif
   %if xor:
-  ${SC.mov('x14', xor)}
-  eor ${dst}, ${dst}, x14
+  ${SC.mov(tmp, xor)}
+  eor ${dst}, ${dst}, ${tmp}
   %endif
   %if mov_x15:
   ${SC.mov(mov_x15,'x15')}

diff --git a/pwnlib/shellcraft/templates/aarch64/push.asm b/pwnlib/shellcraft/templates/aarch64/push.asm
@@ -28,9 +28,9 @@ Example:
         /* push 0 */
         mov  x14, xzr
         str x14, [sp, #-16]!
-    >>> print(pwnlib.shellcraft.push(1).rstrip())
-        /* push 1 */
-        mov  x14, #1
+    >>> print(pwnlib.shellcraft.push(9).rstrip())
+        /* push 9 */
+        mov  x14, #9
         str x14, [sp, #-16]!
     >>> print(pwnlib.shellcraft.push(256).rstrip())
         /* push 0x100 */

diff --git a/pwnlib/shellcraft/templates/aarch64/setregs.asm b/pwnlib/shellcraft/templates/aarch64/setregs.asm
@@ -13,8 +13,8 @@ Args:
 
 Example:
 
-    >>> print(shellcraft.setregs({'x0':1, 'x2':'x3'}).rstrip())
-        mov  x0, #1
+    >>> print(shellcraft.setregs({'x0':9, 'x2':'x3'}).rstrip())
+        mov  x0, #9
         mov  x2, x3
     >>> print(shellcraft.setregs({'x0':'x1', 'x1':'x0', 'x2':'x3'}).rstrip())
         mov  x2, x3