Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shellcode syscall templates #871

Merged
merged 46 commits into from
Feb 12, 2017
Merged

Shellcode syscall templates #871

merged 46 commits into from
Feb 12, 2017

Conversation

zachriggle
Copy link
Member

@zachriggle zachriggle commented Jan 25, 2017
edited
Loading

Add syscall stub auto-generator, and auto-generated syscall stubs

Auto-generated syscall stubs are stored in pwnlib/shellcraft/common/linux/syscalls.

Each other architecture has a symlink to that directory at e.g. pwnlib/shellcraft/i386/linux.

This lets us be very explicit with shellcraft.i386.linux.syscalls.connect versus the more convenient shellcraft.connect (which would expand to e.g. shellcraft.i386.linux.connect).

Fixes #685

@zachriggle zachriggle self-assigned this Jan 25, 2017
@zachriggle zachriggle added this to the Someday milestone Jan 25, 2017
@TethysSvensson
Copy link
Contributor

I don't have any opinion on the actual code (I have not looked at it), but could you make sure that this is either superior to #712 or close #712 after you are done?

Pinging @kristoff3r for an opinion on this.

@kristoff3r kristoff3r mentioned this pull request Feb 4, 2017
Closed
@zachriggle
Copy link
Member Author

@kristoff3r Are there any additional points that I need to pull in from your pull request?

@zachriggle
Copy link
Member Author

CI is passing, but there are some remaining issues (also on the other PR)

  • Need to fix Codacy issues
  • Missing templates for socketcall
    • This is because none of the C headers have the function prototype. I have some local code that scrapes manpages for missing syscall, but need to upload it.
  • We should really add new tests for all of the socket shellcode
  • We should be able to enable the ELF stagers, but they are broken
    • We can greatly simplify the logic with memfd_create and execveat and atoi

@zachriggle zachriggle force-pushed the shellcode-syscall-templates branch 2 times, most recently from 3c18c10 to 0bfac85 Compare February 11, 2017 20:17
@zachriggle
Copy link
Member Author

zachriggle commented Feb 11, 2017
edited
Loading

I think that this is done now, @kristoff3r and @idolf.

Basically all of the logic is here:
https://github.com/zachriggle/pwntools/blob/shellcode-syscall-templates/pwnlib/data/syscalls/generate.py

The list of functions comes from here:
https://github.com/zachriggle/functions/blob/master/functions.py

Notable differences from #880 are being regenerate-able, supporting complex types, and having ALL THE SYSCALLS. I think that #880 is still missing some socket-related syscall stubs (e.g. no /syscalls/connect.asm for most architectures), and only has the "convenience" stubs (e.g. i386/linux/connect.asm).

Also, instead of a symlink-per-syscall, this one just symlinks the e.g. i386/linux/syscalls directory to common/linux/syscalls. Everything "magically" works out correctly because of context scoping.

@zachriggle zachriggle merged commit 7c139c7 into Gallopsled:dev Feb 12, 2017
@zachriggle zachriggle deleted the shellcode-syscall-templates branch February 12, 2017 23:37
@TethysSvensson TethysSvensson modified the milestones: 3.5.0, Someday Feb 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kristoff3r kristoff3r Awaiting requested review from kristoff3r

@TethysSvensson TethysSvensson Awaiting requested review from TethysSvensson

Assignees

@zachriggle zachriggle

Labels
enhancement help-wanted shellcode
Projects
None yet
Milestone
3.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@zachriggle @TethysSvensson @kristoff3r