diff options
| author | Malfurious <m@lfurio.us> | 2022-05-28 01:10:05 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2022-09-12 20:15:23 -0400 |
| commit | d673d458922b640ca3f384288356a33a308cdc9b (patch) | |
| tree | ae1d191e542822a99caa9e3bd782c60474a4e499 | |
| parent | 94efc98b3d75d5520189c2d105541cd09aa3cff7 (diff) | |
| download | lib-des-gnux-d673d458922b640ca3f384288356a33a308cdc9b.tar.gz lib-des-gnux-d673d458922b640ca3f384288356a33a308cdc9b.zip | |
sploit: payload: Allow variadic insertions
Often times, users of the Payload module wish to push a list of integers
to a payload buffer. Currently, the best (and intended) way to do this
is to make several calls to .int(). However, as part of the ROP effort,
I am planning to add function 'gadget(addr, *params)' to the Payload
class. Per the design of this function, calling it with an expanded
list of values would be equivalent to passing each to .int()
individually. In order to discourage the use of .gadget(), as a
shortcut to a series of .int()s, .int(), and most other insertion
functions, now accept arbitrarily many value arguments.
Functions that support additional options (such as .int()'s 'signed'
parameter) will apply such options to all values. If a symbol name is
defined, it will reference the beginning of the block of values.
Keep in mind, this will also allow inserting zero values. For example,
obj.bin(sym='end') will tag the end of the payload without extending its
content. This use-case is not intended to be particularly useful, but
exists as a consequence of the change.
Payload.rep() and the pad functions are not affected by this commit, as
I don't think changing their semantics in this way makes sense.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
| -rw-r--r-- | tools/sploit/sploit/payload.py | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/tools/sploit/sploit/payload.py b/tools/sploit/sploit/payload.py index 9fab65e..43f58c6 100644 --- a/tools/sploit/sploit/payload.py +++ b/tools/sploit/sploit/payload.py @@ -38,28 +38,30 @@ class Payload(Symtbl): self._namesp.payload = value + self._namesp.payload return self - def bin(self, value, sym=None): - return self.__append(value, sym or self.__name('bin')) + def bin(self, *values, sym=None): + return self.__append(b''.join(values), sym or self.__name('bin')) - def str(self, value, sym=None): - return self.bin(value.encode()+b'\x00', sym or self.__name('str')) + def str(self, *values, sym=None): + values = [ v.encode() + b'\x00' for v in values ] + return self.bin(*values, sym=(sym or self.__name('str'))) - def int(self, value, sym=None, signed=False): - return self.bin(itob(value, signed=signed), sym or self.__name('int')) + def int(self, *values, sym=None, signed=False): + values = [ itob(v, signed=signed) for v in values ] + return self.bin(*values, sym=(sym or self.__name('int'))) - def ret(self, value, sym=None): - return self.int(value, sym or self.__name('ret')) + def ret(self, *values, sym=None): + return self.int(*values, sym=(sym or self.__name('ret'))) - def sbp(self, value=None, sym=None): - if value is None: + def sbp(self, *values, sym=None): + if len(values) == 0: return self.rep(self.MAGIC, arch.wordsize, sym or self.__name('sbp')) - return self.int(value, sym or self.__name('sbp')) + return self.int(*values, sym=(sym or self.__name('sbp'))) def rep(self, value, size, sym=None): - return self.bin(self.__rep_helper(value, size), sym or self.__name('rep')) + return self.bin(self.__rep_helper(value, size), sym=(sym or self.__name('rep'))) def pad(self, size, value=None, sym=None): - return self.bin(self.__pad_helper(size, value), sym or self.__name('pad')) + return self.bin(self.__pad_helper(size, value), sym=(sym or self.__name('pad'))) def pad_front(self, size, value=None, sym=None): return self.__prepend(self.__pad_helper(size, value), sym or self.__name('pad')) |