diff options
| author | Malfurious <m@lfurio.us> | 2025-01-01 07:22:26 -0500 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2025-01-01 07:22:26 -0500 |
| commit | 70c7c16a157f0e2056d0b96b96f6e13c83841bc3 (patch) | |
| tree | 5f6d84642fc8b0aa89a32ef17f4b374605c7e089 /sploit/payload/gadhint.py | |
| parent | f01ec45e773291c3659a1dcaf8cd9a51ece19823 (diff) | |
| parent | 438c66673f7daca0fdc2d23b1a4fd39517528576 (diff) | |
| download | nsploit-70c7c16a157f0e2056d0b96b96f6e13c83841bc3.tar.gz nsploit-70c7c16a157f0e2056d0b96b96f6e13c83841bc3.zip | |
Merge branch 'indextbl'
This branch is a major semantic redesign of Symtbl and Payload. These
two classes are now implemented as derivitives of the newly refactored
IndexTbl mechanism.
Necessary cascading changes have been made to keep these tools in
working order.
* indextbl:
payload: rop: Update for new Payload class
Update ROP gadget types to extend IndexEntry
payload: Refactor as a concrete IndexTbl
lict: Add new list-dictionary hybrid type
symtbl: Refactor abstract IndexTbl interface
Diffstat (limited to 'sploit/payload/gadhint.py')
| -rw-r--r-- | sploit/payload/gadhint.py | 43 |
1 files changed, 16 insertions, 27 deletions
diff --git a/sploit/payload/gadhint.py b/sploit/payload/gadhint.py index 9b077fe..1bef9f0 100644 --- a/sploit/payload/gadhint.py +++ b/sploit/payload/gadhint.py @@ -1,12 +1,15 @@ +import copy from dataclasses import dataclass, field + from sploit.rev.gadget import Gadget +from sploit.types.index_entry import IndexEntry @dataclass -class GadHint: +class GadHint(IndexEntry): """ User-annotated gadget description object - gadget (Gadget|int): The gadget being annotated. May be a Gadget object or + base (Gadget|int): The gadget being annotated. May be a Gadget object or an offset as an int. pops (list[str]): The registers popped by this gadget, in order of @@ -20,10 +23,10 @@ class GadHint: Keys are destination register names, values are immediate values. The order given is insignificant. - writes (dict{str:str}): The register-to-memory moves (stores) made by this - gadget. Keys are destination register names (expected to hold memory - locations), values are source register names (expected to hold direct - values). The order given is insignificant. + writes (dict{str:str}): The register-to-memory stores made by this gadget. + Keys are the destination register names (which hold memory addresses), + values are source register names (which hold values to-be-stored). The + order given is insignificant. requirements (dict{str:int}): The register state that is required before this gadget should be executed. Keys are register names, values are the @@ -43,7 +46,7 @@ class GadHint: should not be accounted for. A value of zero is taken as "unspecified". """ - gadget: int = 0 + base: int = 0 pops: list = field(default_factory=list) movs: dict = field(default_factory=dict) imms: dict = field(default_factory=dict) @@ -57,21 +60,7 @@ class GadHint: @property def offset(self): """Return gadget offset as an integer.""" - return int(self.gadget) - - def __index__(self): - """Convert object to integer using offset value.""" - return self.offset - - def __add__(self, x): - """Return new object with adjusted offset.""" - return GadHint(self.gadget + x, self.pops, self.movs, self.imms, - self.writes, self.requirements, self.stack, self.align, - self.syscall, self.spm) - - def __sub__(self, x): - """Return new object with adjusted offset.""" - return self + (-x) + return int(self.base) def with_requirements(self, reqs): """Return new object with additional requirements.""" @@ -81,9 +70,9 @@ class GadHint: f"GadHint: Conflicting gadget requirements: " f"{self.requirements}, {reqs}") - return GadHint(self.gadget, self.pops, self.movs, self.imms, - self.writes, self.requirements | reqs, self.stack, - self.align, self.syscall, self.spm) + new = copy.deepcopy(self) + new.requirements |= reqs + return new def __repr__(self): """Return human-readable GadHint.""" @@ -92,8 +81,8 @@ class GadHint: return f", {name}={prop}" return "" - s = hex(self.gadget) - s = f"Gadget({s})" if type(self.gadget) is Gadget else s + s = hex(self.base) + s = f"Gadget({s})" if isinstance(self.base, Gadget) else s s += fmt("pops", self.pops) s += fmt("movs", self.movs) s += fmt("imms", self.imms) |