Fix message for execve syscall in x86_64.

jakelamberson · jakelamberson · commit 77b88b42ab5b · 2024-06-26T08:23:39.000-04:00
Also use hex-formatted index in the ropchain generator to be more
consistent with the x86 generator (this is not a functional
change).
diff --git a/ropper/ropchain/arch/ropchainx86_64.py b/ropper/ropchain/arch/ropchainx86_64.py
@@ -652,7 +652,7 @@ def create(self, options):
             raise RopChainError('No argument support for execve commands')
 
         self._printMessage('ROPchain Generator for syscall execve:\n')
-        self._printMessage('\nwrite command into data section\nrax 0xb\nrdi address to cmd\nrsi address to null\nrdx address to null\n')
+        self._printMessage('\nwrite command into data section\nrax 0x3b\nrdi address to cmd\nrsi address to null\nrdx address to null\n')
         chain = self._printHeader()
         gadgets = []
         can_create_command = False
@@ -689,7 +689,7 @@ def create(self, options):
                 gadgets.append((self._createAddress, [cmdaddress],{'reg':'rdi'},['rdi','edi', 'di']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'rsi'},['rsi','esi', 'si']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'rdx'},['rdx','edx', 'dx', 'dl', 'dh']))
-                gadgets.append((self._createNumber, [59],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
+                gadgets.append((self._createNumber, [0x3b],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
         if address is not None and not can_create_command:
             if type(address) is str:
                 cmdaddress = int(address, 16)
@@ -704,7 +704,7 @@ def create(self, options):
             gadgets.append((self._createNumber, [cmdaddress],{'reg':'rdi'},['rdi','edi', 'di']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'rsi'},['rsi','esi', 'si']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'rdx'},['rdx','edx', 'dx', 'dl', 'dh']))
-            gadgets.append((self._createNumber, [59],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
+            gadgets.append((self._createNumber, [0x3b],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
 
         self._printMessage('Try to create chain which fills registers without delete content of previous filled registers')
         chain_tmp += self._createDependenceChain(gadgets)
