keep x86 and x86_64 FLAGS Register when calls to mprotect. Added push…

…fd, popfd, pushfq, popfq instructions (#844)
hugsy · Jun 19, 2022 · 0fcd20a · 0fcd20a
1 parent bf959a3
commit 0fcd20a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/gef.py b/gef.py
@@ -2736,11 +2736,13 @@ def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
         _NR_mprotect = 125
         insns = [
             "pushad",
+            "pushfd",
             f"mov eax, {_NR_mprotect:d}",
             f"mov ebx, {addr:d}",
             f"mov ecx, {size:d}",
             f"mov edx, {perm.value:d}",
             "int 0x80",
+            "popfd",
             "popad",
         ]
         return "; ".join(insns)
@@ -2777,6 +2779,7 @@ class X86_64(X86):
     def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
         _NR_mprotect = 10
         insns = [
+            "pushfq",
             "push rax",
             "push rdi",
             "push rsi",
@@ -2794,6 +2797,7 @@ def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
             "pop rsi",
             "pop rdi",
             "pop rax",
+            "popfq",
         ]
         return "; ".join(insns)