Skip to content

Commit

Permalink
Support iret and sysret instructions for x86
Browse files Browse the repository at this point in the history
  • Loading branch information
@SweetVishnya
SweetVishnya committed Sep 30, 2024
1 parent 5eaaefc commit 9f20a4b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions ropgadget/gadgets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def __init__(self, binary, options, offset):
self.__filterRE = re.compile("({})$".format(re_str)) if re_str else None

def __passCleanX86(self, decodes):
br = ["ret", "repz ret", "retf", "int", "sysenter", "jmp", "notrack jmp", "call", "notrack call", "syscall"]
br = ["ret", "repz ret", "retf", "int", "sysenter", "jmp", "notrack jmp", "call", "notrack call", "syscall", "iret", "iretd", "iretq", "sysret", "sysretq"]

if decodes[-1][2] not in br:
return True
Expand Down Expand Up @@ -314,7 +314,7 @@ def addJOPGadgets(self, section):
elif arch == CS_ARCH_RISCV:
if arch_endian == CS_MODE_BIG_ENDIAN:
gadgets = [
#32 bits encoded register
#32 bits encoded register
[b"[\x00-\xff]{2}[\x00-\xff][\x67\x6f\xe7\xef]",4 , 1],
[b"[\x00-\xff]{2}[\x00-\xff][\x63\xe3]", 4 , 1],

Expand Down Expand Up @@ -365,6 +365,9 @@ def addSYSGadgets(self, section):
[b"\x0f\x34\xc3", 3, 1], # sysenter ; ret
[b"\x0f\x05\xc3", 3, 1], # syscall ; ret
[b"\x65\xff\x15\x10\x00\x00\x00\xc3", 8, 1], # call DWORD PTR gs:0x10 ; ret
[b"\x0f\x07", 2, 1], # sysret
[b"\x48\x0f\x07", 3, 1], # sysret
[b"\xcf", 1, 1], # iret
]

elif arch == CS_ARCH_MIPS:
Expand Down Expand Up @@ -413,7 +416,7 @@ def addSYSGadgets(self, section):
gadgets = [
[b"\x73\x00\x00\x00", 4, 2] # syscall
]

arch_mode = CS_MODE_RISCV64 | CS_MODE_RISCVC
else:
print("Gadgets().addSYSGadgets() - Architecture not supported")
Expand Down
Binary file modified test-suite-binaries/ref_output.bz2
View file
Binary file not shown.

0 comments on commit 9f20a4b

Please sign in to comment.