Merge pull request #24 from f0rki/reg-sorted

enable system call argument sorting
merrychap · Feb 26, 2021 · c0c5f83 · c0c5f83
2 parents 46f81de + fa515dc
commit c0c5f83
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 9 deletions.
diff --git a/shellen/syscalls/base_handler.py b/shellen/syscalls/base_handler.py
@@ -23,7 +23,7 @@ class SysHandler:
     def __init__(self):
         self.tables         = {}
         self.req_similarity = 0.75
-
+        self._args_order = {}
         self.tcache = {}
 
     def get_printable_table(self, arch, pattern, colored=False, verbose=False):
@@ -44,8 +44,11 @@ def get_table(self, arch, pattern, colored=False, verbose=False):
         if len(rawtable) == 0:
             return None
 
-        used_hd = self.__fetch_used_headers(rawtable, verbose)
-        table   = [self.__make_colored_row(used_hd, 'yellow,bold', upper=True) if colored else used_hd]
+        used_hd = self.__fetch_used_headers(rawtable, arch, verbose)
+        table = [
+            self.__make_colored_row(used_hd, 'yellow,bold', upper=True)
+            if colored else used_hd
+        ]
 
         for command in rawtable:
             cur_tb_field = []
@@ -76,20 +79,27 @@ def __is_number(self, s, base=16):
 
     def __make_colored_row(self, row, pcolor, upper=False):
         return [make_colors('<{}>{}</>'.format(pcolor, val.upper() if upper else val)) for val in row]
+    def __fetch_used_headers(self, table, arch, verbose=False):
+        args_order = self._args_order.get(arch, [])
 
-    def __fetch_used_headers(self, table, verbose=False):
         def hdkey(hd):
-            return -len(hd), hd.upper()
+            hd_up = hd.upper()
+
+            return (args_order.index(hd_up) if hd_up in args_order else -1,
+                    -len(hd), hd_up)
 
         used_hd = set()
+
         for command in table:
             for header, value in command.items():
                 if value != EMPTY_VALUE:
                     used_hd.add(header)
         used_hd.remove(NAME_FIELD)
         used_hd.remove(DEF_FIELD)
         used_hd.remove(ID_FIELD)
-        return [NAME_FIELD] + sorted(list(used_hd), key=hdkey) + ([DEF_FIELD] if verbose else [])
+
+        return ([NAME_FIELD] + sorted(used_hd, key=hdkey) +
+                ([DEF_FIELD] if verbose else []))
 
     def search(self, arch, pattern):
         try:

diff --git a/shellen/syscalls/linux_handler.py b/shellen/syscalls/linux_handler.py
@@ -7,6 +7,48 @@
 class LinuxSysHandler(SysHandler):
     def __init__(self):
         super().__init__()
-        self.dir = join(os.path.dirname(os.path.realpath(__file__)), 'linux_tables')
-
-        self.load_tables()
+        self.dir = join(os.path.dirname(os.path.realpath(__file__)),
+                        'linux_tables')
+        self.load_tables()
+        self._args_order = {
+            # shellen supported archs
+            # arm/EABI'
+            'arm32': ['R7', 'R0', 'R1', 'R2', 'R3', 'R4', 'R5', 'R6'],
+            'arm_tb': ['R7', 'R0', 'R1', 'R2', 'R3', 'R4', 'R5', 'R6'],
+            # oabi uses the swi NR instruction, so the first "arg" is encoded
+            # in the instruction itself... a bit hard to encode this in shellen
+            # so I think it is safe to ignore.
+            # 'arm/OABI': ['-', 'r0', 'r1', 'r2', 'r3', 'r4', 'r5', 'r6'],
+            'arm64': ['W8', 'X0', 'X1', 'X2', 'X3', 'X4', 'X5', '-'],
+            # mips/n32,64
+            'mips32': ['A0', 'A1', 'A2', 'A3', 'A4', 'A5', '-'],
+            'mips64': ['A0', 'A1', 'A2', 'A3', 'A4', 'A5', '-'],
+            # mips/o32 - The mips/o32 system call convention passes arguments 
+            # 5 through 8 on the user stack.
+            'mips32_o': ['A0', 'A1', 'A2', 'A3', '-', '-', '-'],
+            'sparc32': ['G1', 'O0', 'O1', 'O2', 'O3', 'O4', 'O5', '-'],
+            'sparc64': ['G1', 'O0', 'O1', 'O2', 'O3', 'O4', 'O5', '-'],
+            # ppc == powerpc?
+            'ppc32': ['R0', 'R3', 'R4', 'R5', 'R6', 'R7', 'R8', 'R9'],
+            'ppc64': ['R0', 'R3', 'R4', 'R5', 'R6', 'R7', 'R8', '-'],
+            'x86_32': ['EAX', 'EBX', 'ECX', 'EDX', 'ESI', 'EDI', 'EBP', '-'],
+            'x86_64': ['RAX', 'RDI', 'RSI', 'RDX', 'R10', 'R8', 'R9', '-'],
+            # x32 == 32-bit code on 64-bit processor? anyway doesn't seem relevant
+            # 'x32': ['rax', 'rdi', 'rsi', 'rdx', 'r10', 'r8', 'r9', '-'],
+            # systemz aka s390, s390x
+            'systemz': ['R1', 'R2', 'R3', 'R4', 'R5', 'R6', 'R7', '-'],
+            # other architectures
+            'alpha': ['V0', 'A0', 'A1', 'A2', 'A3', 'A4', 'A5', '-'],
+            'arc': ['R8', 'R0', 'R1', 'R2', 'R3', 'R4', 'R5', '-'],
+            'blackfin': ['P0', 'R0', 'R1', 'R2', 'R3', 'R4', 'R5', '-'],
+            'ia64':
+            ['R15', 'OUT0', 'OUT1', 'OUT2', 'OUT3', 'OUT4', 'OUT5', '-'],
+            'm68k': ['D0', 'D1', 'D2', 'D3', 'D4', 'D5', 'A0', '-'],
+            'microblaze': ['R12', 'R5', 'R6', 'R7', 'R8', 'R9', 'R10', '-'],
+            'nios2': ['R2', 'R4', 'R5', 'R6', 'R7', 'R8', 'R9', '-'],
+            'parisc': ['R20', 'R26', 'R25', 'R24', 'R23', 'R22', 'R21', '-'],
+            'riscv': ['A7', 'A0', 'A1', 'A2', 'A3', 'A4', 'A5', '-'],
+            'superh': ['R3', 'R4', 'R5', 'R6', 'R7', 'R0', 'R1', 'R2'],
+            'tile': ['R10', 'R00', 'R01', 'R02', 'R03', 'R04', 'R05', '-'],
+            'xtensa': ['A2', 'A6', 'A3', 'A4', 'A5', 'A8', 'A9', '-']
+        }