Undo improper change to x86 execve syscall code

jakelamberson · web-flow · commit 73119fca9fa7 · 2023-08-15T10:45:22.000-04:00
diff --git a/ropper/ropchain/arch/ropchainx86.py b/ropper/ropchain/arch/ropchainx86.py
@@ -659,7 +659,7 @@ def create(self, options={}):
             raise RopChainError('No argument support for execve commands')
 
         self._printMessage('ROPchain Generator for syscall execve:\n')
-        self._printMessage('\nwrite command into data section\neax 0x3b\nebx address to cmd\necx address to null\nedx address to null\n')
+        self._printMessage('\nwrite command into data section\neax 0xb\nebx address to cmd\necx address to null\nedx address to null\n')
         chain = self._printHeader()
         gadgets = []
         can_create_command = False
@@ -695,7 +695,7 @@ def create(self, options={}):
                 gadgets.append((self._createAddress, [cmdaddress],{'reg':'ebx'},['ebx', 'bx', 'bl', 'bh']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'ecx'},['ecx', 'cx', 'cl', 'ch']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'edx'},['edx', 'dx', 'dl', 'dh']))
-                gadgets.append((self._createNumber, [0x3b],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
+                gadgets.append((self._createNumber, [0xb],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
         if address is not None and not can_create_command:
             if type(address) is str:
                 cmdaddress = int(address, 16)
@@ -709,7 +709,7 @@ def create(self, options={}):
             gadgets.append((self._createNumber, [cmdaddress],{'reg':'ebx'},['ebx', 'bx', 'bl', 'bh']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'ecx'},['ecx', 'cx', 'cl', 'ch']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'edx'},['edx', 'dx', 'dl', 'dh']))
-            gadgets.append((self._createNumber, [0x3b],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
+            gadgets.append((self._createNumber, [0xb],{'reg':'eax'},['eax', 'ax', 'al', 'ah']))
 
         self._printMessage('Try to create chain which fills registers without delete content of previous filled registers')
         chain_tmp += self._createDependenceChain(gadgets)
