Skip to content

Commit c2aed59

Browse files
xtexxxtexx
committed
Add syscall support for LoongArch64
1 parent 76c52ae commit c2aed59

File tree

1 file changed

+31
-73
lines changed

1 file changed

+31
-73
lines changed

pwnlib/shellcraft/templates/loong64/linux/syscall.asm

+31-73
Original file line numberDiff line numberDiff line change
@@ -14,90 +14,48 @@ Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constan
1414
Example:
1515

1616
>>> print(pwnlib.shellcraft.loong64.linux.syscall('SYS_execve', 1, 'sp', 2, 0).rstrip())
17-
/* call execve(1, 'sp', 2, 0) */
18-
c.li a0, 1
19-
c.mv a1, sp
20-
c.li a2, 2
21-
c.li a3, 0
22-
/* mv a7, 0xdd */
23-
xori a7, zero, 0x722
24-
xori a7, a7, 0x7ff
25-
ecall
17+
addi.d $a0, $r0, 1
18+
addi.d $a1, $sp, 0
19+
addi.d $a2, $r0, 2
20+
addi.d $a3, $r0, 0
21+
addi.d $a7, $r0, 221
22+
syscall
2623
>>> print(pwnlib.shellcraft.loong64.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip())
27-
/* call execve(2, 1, 0, 0x14) */
28-
c.li a0, 2
29-
c.li a1, 1
30-
c.li a2, 0
31-
c.li a3, 0x14
32-
/* mv a7, 0xdd */
33-
xori a7, zero, 0x722
34-
xori a7, a7, 0x7ff
35-
ecall
24+
addi.d $a0, $r0, 2
25+
addi.d $a1, $r0, 1
26+
addi.d $a2, $r0, 0
27+
addi.d $a3, $r0, 20
28+
addi.d $a7, $r0, 221
29+
syscall
3630
>>> print(pwnlib.shellcraft.loong64.linux.syscall().rstrip())
37-
/* call syscall() */
38-
ecall
31+
syscall
3932
>>> print(pwnlib.shellcraft.loong64.linux.syscall('a7', 'a0', 'a1').rstrip())
40-
/* call syscall('a7', 'a0', 'a1') */
41-
/* setregs noop */
42-
ecall
33+
syscall
4334
>>> print(pwnlib.shellcraft.loong64.linux.syscall('a3', None, None, 1).rstrip())
44-
/* call syscall('a3', ?, ?, 1) */
45-
c.li a2, 1
46-
c.mv a7, a3
47-
ecall
35+
addi.d $a2, $r0, 1
36+
addi.d $a7, $a3, 0
37+
syscall
4838
>>> print(pwnlib.shellcraft.loong64.linux.syscall(
4939
... 'SYS_mmap', 0, 0x1000,
5040
... 'PROT_READ | PROT_WRITE | PROT_EXEC',
5141
... 'MAP_PRIVATE',
5242
... -1, 0).rstrip())
53-
/* call mmap(0, 0x1000, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE', -1, 0) */
54-
c.li a0, 0
55-
c.lui a1, 1 /* mv a1, 0x1000 */
56-
c.li a2, 7
57-
c.li a3, 2
58-
c.li a4, 0xffffffffffffffff
59-
c.li a5, 0
60-
/* mv a7, 0xde */
61-
xori a7, zero, 0x721
62-
xori a7, a7, 0x7ff
63-
ecall
64-
>>> print(pwnlib.shellcraft.openat('AT_FDCWD', '/home/pwn/flag').rstrip())
65-
/* openat(fd='AT_FDCWD', file='/home/pwn/flag', oflag=0) */
66-
/* push b'/home/pwn/flag\x00' */
67-
li t4, 0x77702f656d6f682f
68-
sd t4, -16(sp)
69-
li t4, 0x67616c662f6e
70-
sd t4, -8(sp)
71-
addi sp, sp, -16
72-
c.mv a1, sp
73-
xori a0, zero, 0xffffffffffffff9c
74-
c.li a2, 0
75-
/* call openat() */
76-
/* mv a7, 0x38 */
77-
xori a7, zero, 0x7c7
78-
xori a7, a7, 0x7ff
79-
ecall
43+
addi.d $a0, $r0, 0
44+
addi.d $a1, $r0, 1
45+
lu52i.d $a1, $a1, 0
46+
addi.d $a2, $r0, 7
47+
addi.d $a3, $r0, 2
48+
addi.d $a4, $r0, 15
49+
lu52i.d $a4, $a4, -1
50+
lu52i.d $a4, $a4, -1
51+
lu52i.d $a4, $a4, -1
52+
lu52i.d $a4, $a4, -1
53+
lu52i.d $a4, $a4, -1
54+
addi.d $a5, $r0, 0
55+
addi.d $a7, $r0, 222
56+
syscall
8057
</%docstring>
8158
<%
82-
if isinstance(syscall, (str, text_type, Constant)) and str(syscall).startswith('SYS_'):
83-
syscall_repr = str(syscall)[4:] + "(%s)"
84-
args = []
85-
else:
86-
syscall_repr = 'syscall(%s)'
87-
if syscall is None:
88-
args = ['?']
89-
else:
90-
args = [pretty(syscall, False)]
91-
92-
for arg in [arg0, arg1, arg2, arg3, arg4, arg5]:
93-
if arg is None:
94-
args.append('?')
95-
else:
96-
args.append(pretty(arg, False))
97-
while args and args[-1] == '?':
98-
args.pop()
99-
syscall_repr = syscall_repr % ', '.join(args)
100-
10159
registers = abi.register_arguments
10260
arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5]
10361
regctx = dict(zip(registers, arguments))

0 commit comments

Comments
 (0)