Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Cannot put 0xaabbccdd00112233 into 'rax' without using stack #1221
>>> from pwn import * >>> shellcraft.amd64.mov('rax', 0xaabbccdd00112233, stack_allowed=False) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<string>", line 8, in mov File "/usr/lib/python2.7/site-packages/mako/template.py", line 445, in render return runtime._render(self, self.callable_, args, data) File "/usr/lib/python2.7/site-packages/mako/runtime.py", line 829, in _render **_kwargs_for_callable(callable_, data)) File "/usr/lib/python2.7/site-packages/mako/runtime.py", line 864, in _render_context _exec_template(inherit, lclcontext, args=args, kwargs=kwargs) File "/usr/lib/python2.7/site-packages/mako/runtime.py", line 890, in _exec_template callable_(context, *args, **kwargs) File "/home/are/.pwntools-cache-2.7/mako/amd64/mov.asm.py", line 239, in render_body log.error("Cannot put %s into '%s' without using stack." % (pretty(src), dest_orig)) File "/usr/lib/python2.7/site-packages/mako/runtime.py", line 226, in __str__ raise NameError("Undefined") NameError: Undefined
And the error is wrong possibly because there is no
I agree that such case is extremely rare (normally stack is usable).
val = 0xaabbccdd00112233 shellcraft.mov('rax', val>>32) + '''\ shl rax, 0x20 ''' + shellcraft.mov('rax', val&0xffffffff).replace('eax','rax').replace('mov', 'xor')
In this example:
mov eax, 0xaabbccdd shl rax, 0x20 xor rax, 0x1010101 /* 1122867 == 0x112233 */ xor rax, 0x1102332
I think such a solution would not make the code much more complex, but would instead enable to do what was previously impossible.
Yes, this is correct, as Pwntools makes a best-effort to exclude NULL bytes in any generated shellcode.
0xaabbccdd00112233 contains an embedded null, so it cannot be used as a literal.
If you'd like to extend
In any case, if you'd like to add the optimization to