pwnlib.shellcraft.thumb
— Shellcode for Thumb Mode¶
pwnlib.shellcraft.thumb
¶
Shellcraft module containing generic thumb little endian shellcodes.
-
pwnlib.shellcraft.thumb.
crash
()[source]¶ Crash.
Example
>>> run_assembly(shellcraft.crash()).poll(True) < 0 True
-
pwnlib.shellcraft.thumb.
itoa
(v, buffer='sp', allocate_stack=True)[source]¶ Converts an integer into its string representation, and pushes it onto the stack. Uses registers r0-r5.
Parameters: Example
>>> sc = shellcraft.thumb.mov('r0', 0xdeadbeef) >>> sc += shellcraft.thumb.itoa('r0') >>> sc += shellcraft.thumb.linux.write(1, 'sp', 32) >>> run_assembly(sc).recvuntil(b'\x00') b'3735928559\x00'
-
pwnlib.shellcraft.thumb.
memcpy
(dest, src, n)[source]¶ Copies memory.
Parameters: - dest – Destination address
- src – Source address
- n – Number of bytes
-
pwnlib.shellcraft.thumb.
mov
(dst, src)[source]¶ Returns THUMB code for moving the specified source value into the specified destination register.
If src is a string that is not a register, then it will locally set context.arch to ‘thumb’ and use
pwnlib.constants.eval()
to evaluate the string. Note that this means that this shellcode can change behavior depending on the value of context.os.Example
>>> print(shellcraft.thumb.mov('r1', 'r2').rstrip()) mov r1, r2 >>> print(shellcraft.thumb.mov('r1', 0).rstrip()) eor r1, r1 >>> print(shellcraft.thumb.mov('r1', 10).rstrip()) mov r1, #0xa + 1 sub r1, r1, 1 >>> print(shellcraft.thumb.mov('r1', 17).rstrip()) mov r1, #0x11 >>> print(shellcraft.thumb.mov('r1', 'r1').rstrip()) /* moving r1 into r1, but this is a no-op */ >>> print(shellcraft.thumb.mov('r1', 512).rstrip()) mov r1, #0x200 >>> print(shellcraft.thumb.mov('r1', 0x10000001).rstrip()) mov r1, #(0x10000001 >> 28) lsl r1, #28 add r1, #(0x10000001 & 0xff) >>> print(shellcraft.thumb.mov('r1', 0xdead0000).rstrip()) mov r1, #(0xdead0000 >> 25) lsl r1, #(25 - 16) add r1, #((0xdead0000 >> 16) & 0xff) lsl r1, #16 >>> print(shellcraft.thumb.mov('r1', 0xdead00ff).rstrip()) ldr r1, value_... b value_..._after value_...: .word 0xdead00ff value_..._after: >>> with context.local(os = 'linux'): ... print(shellcraft.thumb.mov('r1', 'SYS_execve').rstrip()) mov r1, #(SYS_execve) /* 0xb */ >>> with context.local(os = 'freebsd'): ... print(shellcraft.thumb.mov('r1', 'SYS_execve').rstrip()) mov r1, #(SYS_execve) /* 0x3b */ >>> with context.local(os = 'linux'): ... print(shellcraft.thumb.mov('r1', 'PROT_READ | PROT_WRITE | PROT_EXEC').rstrip()) mov r1, #(PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */
-
pwnlib.shellcraft.thumb.
popad
()[source]¶ Pop all of the registers onto the stack which i386 popad does, in the same order.
-
pwnlib.shellcraft.thumb.
push
(value)[source]¶ Pushes a value onto the stack without using null bytes or newline characters.
If src is a string, then we try to evaluate with context.arch = ‘thumb’ using
pwnlib.constants.eval()
before determining how to push it. Note that this means that this shellcode can change behavior depending on the value of context.os.Parameters: value (int, str) – The value or register to push Example
>>> print(pwnlib.shellcraft.thumb.push('r0').rstrip()) push {r0} >>> print(pwnlib.shellcraft.thumb.push(0).rstrip()) /* push 0 */ eor r7, r7 push {r7} >>> print(pwnlib.shellcraft.thumb.push(1).rstrip()) /* push 1 */ mov r7, #1 push {r7} >>> print(pwnlib.shellcraft.thumb.push(256).rstrip()) /* push 256 */ mov r7, #0x100 push {r7} >>> print(pwnlib.shellcraft.thumb.push('SYS_execve').rstrip()) /* push 'SYS_execve' */ mov r7, #0xb push {r7} >>> with context.local(os='freebsd'): ... print(pwnlib.shellcraft.thumb.push('SYS_execve').rstrip()) /* push 'SYS_execve' */ mov r7, #0x3b push {r7}
-
pwnlib.shellcraft.thumb.
pushad
()[source]¶ Push all of the registers onto the stack which i386 pushad does, in the same order.
-
pwnlib.shellcraft.thumb.
pushstr
(string, append_null=True, register='r7')[source]¶ Pushes a string onto the stack without using null bytes or newline characters.
Parameters: Examples:
Note that this doctest has two possibilities for the first result, depending on your version of binutils.
>>> enhex(asm(shellcraft.pushstr('Hello\nWorld!', True))) in [ ... '87ea070780b4dff8047001e0726c642180b4dff8047001e06f0a576f80b4dff8047001e048656c6c80b4', ... '87ea070780b4dff8067000f002b8726c642180b4dff8047000f002b86f0a576f80b4014f00f002b848656c6c80b4'] True >>> print(shellcraft.pushstr('abc').rstrip()) /* push b'abc\x00' */ ldr r7, value_... b value_..._after value_...: .word 0xff636261 value_..._after: lsl r7, #8 lsr r7, #8 push {r7} >>> print(enhex(asm(shellcraft.pushstr(b'\x00', False)))) 87ea070780b4
-
pwnlib.shellcraft.thumb.
pushstr_array
(reg, array)[source]¶ Pushes an array/envp-style array of pointers onto the stack.
Parameters:
-
pwnlib.shellcraft.thumb.
ret
(return_value=None)[source]¶ A single-byte RET instruction.
Parameters: return_value – Value to return
-
pwnlib.shellcraft.thumb.
setregs
(reg_context, stack_allowed=True)[source]¶ Sets multiple registers, taking any register dependencies into account (i.e., given eax=1,ebx=eax, set ebx first).
Parameters: Example
>>> print(shellcraft.setregs({'r0': 1, 'r2': 'r3'}).rstrip()) mov r0, #1 mov r2, r3 >>> print(shellcraft.setregs({'r0': 'r1', 'r1': 'r0', 'r2': 'r3'}).rstrip()) mov r2, r3 eor r0, r0, r1 /* xchg r0, r1 */ eor r1, r0, r1 eor r0, r0, r1
-
pwnlib.shellcraft.thumb.
udiv_10
(N)[source]¶ Divides r0 by 10. Result is stored in r0, N and Z flags are updated.
- Code is from generated from here:
- https://raw.githubusercontent.com/rofirrim/raspberry-pi-assembler/master/chapter15/magic.py
- With code:
- python magic.py 10 code_for_unsigned
pwnlib.shellcraft.thumb.linux
¶
Shellcraft module containing THUMB shellcodes for Linux.
-
pwnlib.shellcraft.thumb.linux.
accept
(fd, addr, addr_len)[source]¶ Invokes the syscall accept. See ‘man 2 accept’ for more information.
Parameters: - fd (int) – fd
- addr (SOCKADDR_ARG) – addr
- addr_len (socklen_t) – addr_len
-
pwnlib.shellcraft.thumb.linux.
access
(name, type)[source]¶ Invokes the syscall access. See ‘man 2 access’ for more information.
Parameters: - name (char) – name
- type (int) – type
-
pwnlib.shellcraft.thumb.linux.
acct
(name)[source]¶ Invokes the syscall acct. See ‘man 2 acct’ for more information.
Parameters: name (char) – name
-
pwnlib.shellcraft.thumb.linux.
alarm
(seconds)[source]¶ Invokes the syscall alarm. See ‘man 2 alarm’ for more information.
Parameters: seconds (unsigned) – seconds
-
pwnlib.shellcraft.thumb.linux.
bind
(fd, addr, length)[source]¶ Invokes the syscall bind. See ‘man 2 bind’ for more information.
Parameters: - fd (int) – fd
- addr (CONST_SOCKADDR_ARG) – addr
- len (socklen_t) – len
-
pwnlib.shellcraft.thumb.linux.
bindsh
(port, network)[source]¶ Listens on a TCP port and spawns a shell for the first to connect. Port is the TCP port to listen on, network is either ‘ipv4’ or ‘ipv6’.
-
pwnlib.shellcraft.thumb.linux.
brk
(addr)[source]¶ Invokes the syscall brk. See ‘man 2 brk’ for more information.
Parameters: addr (void) – addr
-
pwnlib.shellcraft.thumb.linux.
cat
(filename, fd=1)[source]¶ Opens a file and writes its contents to the specified file descriptor.
Example
>>> f = tempfile.mktemp() >>> write(f, 'FLAG\n') >>> run_assembly(shellcraft.arm.to_thumb() + shellcraft.thumb.linux.cat(f)).recvline() b'FLAG\n'
-
pwnlib.shellcraft.thumb.linux.
chdir
(path)[source]¶ Invokes the syscall chdir. See ‘man 2 chdir’ for more information.
Parameters: path (char) – path
-
pwnlib.shellcraft.thumb.linux.
chmod
(file, mode)[source]¶ Invokes the syscall chmod. See ‘man 2 chmod’ for more information.
Parameters: - file (char) – file
- mode (mode_t) – mode
-
pwnlib.shellcraft.thumb.linux.
chown
(file, owner, group)[source]¶ Invokes the syscall chown. See ‘man 2 chown’ for more information.
Parameters: - file (char) – file
- owner (uid_t) – owner
- group (gid_t) – group
-
pwnlib.shellcraft.thumb.linux.
chroot
(path)[source]¶ Invokes the syscall chroot. See ‘man 2 chroot’ for more information.
Parameters: path (char) – path
-
pwnlib.shellcraft.thumb.linux.
clock_getres
(clock_id, res)[source]¶ Invokes the syscall clock_getres. See ‘man 2 clock_getres’ for more information.
Parameters: - clock_id (clockid_t) – clock_id
- res (timespec) – res
-
pwnlib.shellcraft.thumb.linux.
clock_gettime
(clock_id, tp)[source]¶ Invokes the syscall clock_gettime. See ‘man 2 clock_gettime’ for more information.
Parameters: - clock_id (clockid_t) – clock_id
- tp (timespec) – tp
-
pwnlib.shellcraft.thumb.linux.
clock_nanosleep
(clock_id, flags, req, rem)[source]¶ Invokes the syscall clock_nanosleep. See ‘man 2 clock_nanosleep’ for more information.
Parameters: - clock_id (clockid_t) – clock_id
- flags (int) – flags
- req (timespec) – req
- rem (timespec) – rem
-
pwnlib.shellcraft.thumb.linux.
clock_settime
(clock_id, tp)[source]¶ Invokes the syscall clock_settime. See ‘man 2 clock_settime’ for more information.
Parameters: - clock_id (clockid_t) – clock_id
- tp (timespec) – tp
-
pwnlib.shellcraft.thumb.linux.
clone
(fn, child_stack, flags, arg, vararg)[source]¶ Invokes the syscall clone. See ‘man 2 clone’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
close
(fd)[source]¶ Invokes the syscall close. See ‘man 2 close’ for more information.
Parameters: fd (int) – fd
-
pwnlib.shellcraft.thumb.linux.
connect
(host, port, network='ipv4')[source]¶ Connects to the host on the specified port. Network is either ‘ipv4’ or ‘ipv6’. Leaves the connected socket in R6.
-
pwnlib.shellcraft.thumb.linux.
connectstager
(host, port, network='ipv4')[source]¶ connect recvsize stager :param host, where to connect to: :param port, which port to connect to: :param network, ipv4 or ipv6? (default: ipv4)
-
pwnlib.shellcraft.thumb.linux.
creat
(file, mode)[source]¶ Invokes the syscall creat. See ‘man 2 creat’ for more information.
Parameters: - file (char) – file
- mode (mode_t) – mode
-
pwnlib.shellcraft.thumb.linux.
dup
(sock='r6')[source]¶ Args: [sock (imm/reg) = r6] Duplicates sock to stdin, stdout and stderr
-
pwnlib.shellcraft.thumb.linux.
dup2
(fd, fd2)[source]¶ Invokes the syscall dup2. See ‘man 2 dup2’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
dup3
(fd, fd2, flags)[source]¶ Invokes the syscall dup3. See ‘man 2 dup3’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
dupsh
(sock='r6')[source]¶ Args: [sock (imm/reg) = ebp] Duplicates sock to stdin, stdout and stderr and spawns a shell.
-
pwnlib.shellcraft.thumb.linux.
echo
(string, sock='1')[source]¶ Writes a string to a file descriptor
Example
>>> run_assembly(shellcraft.echo('hello\n', 1)).recvline() b'hello\n'
-
pwnlib.shellcraft.thumb.linux.
epoll_create
(size)[source]¶ Invokes the syscall epoll_create. See ‘man 2 epoll_create’ for more information.
Parameters: size (int) – size
-
pwnlib.shellcraft.thumb.linux.
epoll_create1
(flags)[source]¶ Invokes the syscall epoll_create1. See ‘man 2 epoll_create1’ for more information.
Parameters: flags (int) – flags
-
pwnlib.shellcraft.thumb.linux.
epoll_ctl
(epfd, op, fd, event)[source]¶ Invokes the syscall epoll_ctl. See ‘man 2 epoll_ctl’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
epoll_pwait
(epfd, events, maxevents, timeout, ss)[source]¶ Invokes the syscall epoll_pwait. See ‘man 2 epoll_pwait’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
epoll_wait
(epfd, events, maxevents, timeout)[source]¶ Invokes the syscall epoll_wait. See ‘man 2 epoll_wait’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
execve
(path='/bin///sh', argv=[], envp={})[source]¶ Execute a different process.
>>> path = '/bin/sh' >>> argv = ['sh', '-c', 'echo Hello, $NAME; exit $STATUS'] >>> envp = {'NAME': 'zerocool', 'STATUS': '3'} >>> sc = shellcraft.arm.linux.execve(path, argv, envp) >>> io = run_assembly(sc) >>> io.recvall() b'Hello, zerocool\n' >>> io.poll(True) 3
-
pwnlib.shellcraft.thumb.linux.
exit
(status)[source]¶ Invokes the syscall exit. See ‘man 2 exit’ for more information.
Parameters: status (int) – status
-
pwnlib.shellcraft.thumb.linux.
faccessat
(fd, file, type, flag)[source]¶ Invokes the syscall faccessat. See ‘man 2 faccessat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fallocate
(fd, mode, offset, length)[source]¶ Invokes the syscall fallocate. See ‘man 2 fallocate’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fchdir
(fd)[source]¶ Invokes the syscall fchdir. See ‘man 2 fchdir’ for more information.
Parameters: fd (int) – fd
-
pwnlib.shellcraft.thumb.linux.
fchmod
(fd, mode)[source]¶ Invokes the syscall fchmod. See ‘man 2 fchmod’ for more information.
Parameters: - fd (int) – fd
- mode (mode_t) – mode
-
pwnlib.shellcraft.thumb.linux.
fchmodat
(fd, file, mode, flag)[source]¶ Invokes the syscall fchmodat. See ‘man 2 fchmodat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fchown
(fd, owner, group)[source]¶ Invokes the syscall fchown. See ‘man 2 fchown’ for more information.
Parameters: - fd (int) – fd
- owner (uid_t) – owner
- group (gid_t) – group
-
pwnlib.shellcraft.thumb.linux.
fchownat
(fd, file, owner, group, flag)[source]¶ Invokes the syscall fchownat. See ‘man 2 fchownat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fcntl
(fd, cmd, vararg)[source]¶ Invokes the syscall fcntl. See ‘man 2 fcntl’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fdatasync
(fildes)[source]¶ Invokes the syscall fdatasync. See ‘man 2 fdatasync’ for more information.
Parameters: fildes (int) – fildes
-
pwnlib.shellcraft.thumb.linux.
findpeer
(port)[source]¶ Finds a connected socket. If port is specified it is checked against the peer port. Resulting socket is left in r6.
-
pwnlib.shellcraft.thumb.linux.
findpeersh
(port)[source]¶ Finds a connected socket. If port is specified it is checked against the peer port. A dup2 shell is spawned on it.
-
pwnlib.shellcraft.thumb.linux.
findpeerstager
(port=None)[source]¶ Findpeer recvsize stager :param port, the port given to findpeer: :type port, the port given to findpeer: defaults to any
-
pwnlib.shellcraft.thumb.linux.
flock
(fd, operation)[source]¶ Invokes the syscall flock. See ‘man 2 flock’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fork
()[source]¶ Invokes the syscall fork. See ‘man 2 fork’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
forkexit
()[source]¶ Attempts to fork. If the fork is successful, the parent exits.
-
pwnlib.shellcraft.thumb.linux.
fstat
(fd, buf)[source]¶ Invokes the syscall fstat. See ‘man 2 fstat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fstat64
(fd, buf)[source]¶ Invokes the syscall fstat64. See ‘man 2 fstat64’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fstatat64
(fd, file, buf, flag)[source]¶ Invokes the syscall fstatat64. See ‘man 2 fstatat64’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
fsync
(fd)[source]¶ Invokes the syscall fsync. See ‘man 2 fsync’ for more information.
Parameters: fd (int) – fd
-
pwnlib.shellcraft.thumb.linux.
ftruncate
(fd, length)[source]¶ Invokes the syscall ftruncate. See ‘man 2 ftruncate’ for more information.
Parameters: - fd (int) – fd
- length (off_t) – length
-
pwnlib.shellcraft.thumb.linux.
ftruncate64
(fd, length)[source]¶ Invokes the syscall ftruncate64. See ‘man 2 ftruncate64’ for more information.
Parameters: - fd (int) – fd
- length (off64_t) – length
-
pwnlib.shellcraft.thumb.linux.
futimesat
(fd, file, tvp)[source]¶ Invokes the syscall futimesat. See ‘man 2 futimesat’ for more information.
Parameters: - fd (int) – fd
- file (char) – file
- tvp (timeval) – tvp
-
pwnlib.shellcraft.thumb.linux.
getcwd
(buf, size)[source]¶ Invokes the syscall getcwd. See ‘man 2 getcwd’ for more information.
Parameters: - buf (char) – buf
- size (size_t) – size
-
pwnlib.shellcraft.thumb.linux.
getegid
()[source]¶ Invokes the syscall getegid. See ‘man 2 getegid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
geteuid
()[source]¶ Invokes the syscall geteuid. See ‘man 2 geteuid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
getgid
()[source]¶ Invokes the syscall getgid. See ‘man 2 getgid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
getgroups
(size, list)[source]¶ Invokes the syscall getgroups. See ‘man 2 getgroups’ for more information.
Parameters: - size (int) – size
- list (gid_t) – list
-
pwnlib.shellcraft.thumb.linux.
getitimer
(which, value)[source]¶ Invokes the syscall getitimer. See ‘man 2 getitimer’ for more information.
Parameters: - which (itimer_which_t) – which
- value (itimerval) – value
-
pwnlib.shellcraft.thumb.linux.
getpeername
(fd, addr, length)[source]¶ Invokes the syscall getpeername. See ‘man 2 getpeername’ for more information.
Parameters: - fd (int) – fd
- addr (SOCKADDR_ARG) – addr
- len (socklen_t) – len
-
pwnlib.shellcraft.thumb.linux.
getpgid
(pid)[source]¶ Invokes the syscall getpgid. See ‘man 2 getpgid’ for more information.
Parameters: pid (pid_t) – pid
-
pwnlib.shellcraft.thumb.linux.
getpgrp
()[source]¶ Invokes the syscall getpgrp. See ‘man 2 getpgrp’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
getpid
()[source]¶ Invokes the syscall getpid. See ‘man 2 getpid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
getpmsg
(fildes, ctlptr, dataptr, bandp, flagsp)[source]¶ Invokes the syscall getpmsg. See ‘man 2 getpmsg’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
getppid
()[source]¶ Invokes the syscall getppid. See ‘man 2 getppid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
getpriority
(which, who)[source]¶ Invokes the syscall getpriority. See ‘man 2 getpriority’ for more information.
Parameters: - which (priority_which_t) – which
- who (id_t) – who
-
pwnlib.shellcraft.thumb.linux.
getresgid
(rgid, egid, sgid)[source]¶ Invokes the syscall getresgid. See ‘man 2 getresgid’ for more information.
Parameters: - rgid (gid_t) – rgid
- egid (gid_t) – egid
- sgid (gid_t) – sgid
-
pwnlib.shellcraft.thumb.linux.
getresuid
(ruid, euid, suid)[source]¶ Invokes the syscall getresuid. See ‘man 2 getresuid’ for more information.
Parameters: - ruid (uid_t) – ruid
- euid (uid_t) – euid
- suid (uid_t) – suid
-
pwnlib.shellcraft.thumb.linux.
getrlimit
(resource, rlimits)[source]¶ Invokes the syscall getrlimit. See ‘man 2 getrlimit’ for more information.
Parameters: - resource (rlimit_resource_t) – resource
- rlimits (rlimit) – rlimits
-
pwnlib.shellcraft.thumb.linux.
getrusage
(who, usage)[source]¶ Invokes the syscall getrusage. See ‘man 2 getrusage’ for more information.
Parameters: - who (rusage_who_t) – who
- usage (rusage) – usage
-
pwnlib.shellcraft.thumb.linux.
getsid
(pid)[source]¶ Invokes the syscall getsid. See ‘man 2 getsid’ for more information.
Parameters: pid (pid_t) – pid
-
pwnlib.shellcraft.thumb.linux.
getsockname
(fd, addr, length)[source]¶ Invokes the syscall getsockname. See ‘man 2 getsockname’ for more information.
Parameters: - fd (int) – fd
- addr (SOCKADDR_ARG) – addr
- len (socklen_t) – len
-
pwnlib.shellcraft.thumb.linux.
getsockopt
(fd, level, optname, optval, optlen)[source]¶ Invokes the syscall getsockopt. See ‘man 2 getsockopt’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
gettimeofday
(tv, tz)[source]¶ Invokes the syscall gettimeofday. See ‘man 2 gettimeofday’ for more information.
Parameters: - tv (timeval) – tv
- tz (timezone_ptr_t) – tz
-
pwnlib.shellcraft.thumb.linux.
getuid
()[source]¶ Invokes the syscall getuid. See ‘man 2 getuid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
gtty
(fd, params)[source]¶ Invokes the syscall gtty. See ‘man 2 gtty’ for more information.
Parameters: - fd (int) – fd
- params (sgttyb) – params
-
pwnlib.shellcraft.thumb.linux.
ioctl
(fd, request, vararg)[source]¶ Invokes the syscall ioctl. See ‘man 2 ioctl’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
ioperm
(from_, num, turn_on)[source]¶ Invokes the syscall ioperm. See ‘man 2 ioperm’ for more information.
Parameters: - from (unsigned) – from
- num (unsigned) – num
- turn_on (int) – turn_on
-
pwnlib.shellcraft.thumb.linux.
iopl
(level)[source]¶ Invokes the syscall iopl. See ‘man 2 iopl’ for more information.
Parameters: level (int) – level
-
pwnlib.shellcraft.thumb.linux.
kill
(pid, sig)[source]¶ Invokes the syscall kill. See ‘man 2 kill’ for more information.
Parameters: - pid (pid_t) – pid
- sig (int) – sig
-
pwnlib.shellcraft.thumb.linux.
killparent
()[source]¶ Kills its parent process until whatever the parent is (probably init) cannot be killed any longer.
-
pwnlib.shellcraft.thumb.linux.
lchown
(file, owner, group)[source]¶ Invokes the syscall lchown. See ‘man 2 lchown’ for more information.
Parameters: - file (char) – file
- owner (uid_t) – owner
- group (gid_t) – group
-
pwnlib.shellcraft.thumb.linux.
link
(from_, to)[source]¶ Invokes the syscall link. See ‘man 2 link’ for more information.
Parameters: - from (char) – from
- to (char) – to
-
pwnlib.shellcraft.thumb.linux.
linkat
(fromfd, from_, tofd, to, flags)[source]¶ Invokes the syscall linkat. See ‘man 2 linkat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
listen
(port, network)[source]¶ Listens on a TCP port, accept a client and leave his socket in r6. Port is the TCP port to listen on, network is either ‘ipv4’ or ‘ipv6’.
-
pwnlib.shellcraft.thumb.linux.
loader
(address)[source]¶ Loads a statically-linked ELF into memory and transfers control.
Parameters: address (int) – Address of the ELF as a register or integer.
-
pwnlib.shellcraft.thumb.linux.
loader_append
(data=None)[source]¶ Loads a statically-linked ELF into memory and transfers control.
Similar to loader.asm but loads an appended ELF.
Parameters: data (bytes, str) – If a valid filename, the data is loaded from the named file. Otherwise, this is treated as raw ELF data to append. If None
, it is ignored.Example:
The following doctest is commented out because it doesn’t work on Travis for reasons I cannot diagnose. However, it should work just fine :-)
# >>> gcc = process([‘arm-linux-gnueabihf-gcc’,’-xc’,’-static’,’-Wl,-Ttext-segment=0x20000000’,’-‘]) # >>> gcc.write(‘’’ # ... int main() { # ... printf(“Hello, %s!\n”, “world”); # ... } # ... ‘’‘) # >>> gcc.shutdown(‘send’) # >>> gcc.poll(True) # 0 # >>> sc = shellcraft.loader_append(‘a.out’) # >>> run_assembly(sc).recvline() # ‘Hello, world!n’
-
pwnlib.shellcraft.thumb.linux.
lseek
(fd, offset, whence)[source]¶ Invokes the syscall lseek. See ‘man 2 lseek’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
lstat
(file, buf)[source]¶ Invokes the syscall lstat. See ‘man 2 lstat’ for more information.
Parameters: - file (char) – file
- buf (stat) – buf
-
pwnlib.shellcraft.thumb.linux.
lstat64
(file, buf)[source]¶ Invokes the syscall lstat64. See ‘man 2 lstat64’ for more information.
Parameters: - file (char) – file
- buf (stat64) – buf
-
pwnlib.shellcraft.thumb.linux.
madvise
(addr, length, advice)[source]¶ Invokes the syscall madvise. See ‘man 2 madvise’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
- advice (int) – advice
-
pwnlib.shellcraft.thumb.linux.
mincore
(start, length, vec)[source]¶ Invokes the syscall mincore. See ‘man 2 mincore’ for more information.
Parameters: - start (void) – start
- len (size_t) – len
- vec (unsigned) – vec
-
pwnlib.shellcraft.thumb.linux.
mkdir
(path, mode)[source]¶ Invokes the syscall mkdir. See ‘man 2 mkdir’ for more information.
Parameters: - path (char) – path
- mode (mode_t) – mode
-
pwnlib.shellcraft.thumb.linux.
mkdirat
(fd, path, mode)[source]¶ Invokes the syscall mkdirat. See ‘man 2 mkdirat’ for more information.
Parameters: - fd (int) – fd
- path (char) – path
- mode (mode_t) – mode
-
pwnlib.shellcraft.thumb.linux.
mknod
(path, mode, dev)[source]¶ Invokes the syscall mknod. See ‘man 2 mknod’ for more information.
Parameters: - path (char) – path
- mode (mode_t) – mode
- dev (dev_t) – dev
-
pwnlib.shellcraft.thumb.linux.
mknodat
(fd, path, mode, dev)[source]¶ Invokes the syscall mknodat. See ‘man 2 mknodat’ for more information.
Parameters: - fd (int) – fd
- path (char) – path
- mode (mode_t) – mode
- dev (dev_t) – dev
-
pwnlib.shellcraft.thumb.linux.
mlock
(addr, length)[source]¶ Invokes the syscall mlock. See ‘man 2 mlock’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
mlockall
(flags)[source]¶ Invokes the syscall mlockall. See ‘man 2 mlockall’ for more information.
Parameters: flags (int) – flags
-
pwnlib.shellcraft.thumb.linux.
mmap
(addr=0, length=4096, prot=7, flags=34, fd=-1, offset=0)[source]¶ Invokes the syscall mmap. See ‘man 2 mmap’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
mov
(dest, src)[source]¶ Thin wrapper around
pwnlib.shellcraft.thumb.mov()
, which sets context.os to ‘linux’ before calling.Example
>>> print(pwnlib.shellcraft.thumb.linux.mov('r1', 'SYS_execve').rstrip()) mov r1, #(SYS_execve) /* 0xb */
-
pwnlib.shellcraft.thumb.linux.
mprotect
(addr, length, prot)[source]¶ Invokes the syscall mprotect. See ‘man 2 mprotect’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
- prot (int) – prot
-
pwnlib.shellcraft.thumb.linux.
mq_notify
(mqdes, notification)[source]¶ Invokes the syscall mq_notify. See ‘man 2 mq_notify’ for more information.
Parameters: - mqdes (mqd_t) – mqdes
- notification (sigevent) – notification
-
pwnlib.shellcraft.thumb.linux.
mq_open
(name, oflag, vararg)[source]¶ Invokes the syscall mq_open. See ‘man 2 mq_open’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
mq_timedreceive
(mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)[source]¶ Invokes the syscall mq_timedreceive. See ‘man 2 mq_timedreceive’ for more information.
Parameters: - mqdes (mqd_t) – mqdes
- msg_ptr (char) – msg_ptr
- msg_len (size_t) – msg_len
- msg_prio (unsigned) – msg_prio
- abs_timeout (timespec) – abs_timeout
-
pwnlib.shellcraft.thumb.linux.
mq_timedsend
(mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)[source]¶ Invokes the syscall mq_timedsend. See ‘man 2 mq_timedsend’ for more information.
Parameters: - mqdes (mqd_t) – mqdes
- msg_ptr (char) – msg_ptr
- msg_len (size_t) – msg_len
- msg_prio (unsigned) – msg_prio
- abs_timeout (timespec) – abs_timeout
-
pwnlib.shellcraft.thumb.linux.
mq_unlink
(name)[source]¶ Invokes the syscall mq_unlink. See ‘man 2 mq_unlink’ for more information.
Parameters: name (char) – name
-
pwnlib.shellcraft.thumb.linux.
mremap
(addr, old_len, new_len, flags, vararg)[source]¶ Invokes the syscall mremap. See ‘man 2 mremap’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
msync
(addr, length, flags)[source]¶ Invokes the syscall msync. See ‘man 2 msync’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
- flags (int) – flags
-
pwnlib.shellcraft.thumb.linux.
munlock
(addr, length)[source]¶ Invokes the syscall munlock. See ‘man 2 munlock’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
munlockall
()[source]¶ Invokes the syscall munlockall. See ‘man 2 munlockall’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
munmap
(addr, length)[source]¶ Invokes the syscall munmap. See ‘man 2 munmap’ for more information.
Parameters: - addr (void) – addr
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
nanosleep
(requested_time, remaining)[source]¶ Invokes the syscall nanosleep. See ‘man 2 nanosleep’ for more information.
Parameters: - requested_time (timespec) – requested_time
- remaining (timespec) – remaining
-
pwnlib.shellcraft.thumb.linux.
nice
(inc)[source]¶ Invokes the syscall nice. See ‘man 2 nice’ for more information.
Parameters: inc (int) – inc
-
pwnlib.shellcraft.thumb.linux.
open
(file, oflag, vararg)[source]¶ Invokes the syscall open. See ‘man 2 open’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
openat
(fd, file, oflag, vararg)[source]¶ Invokes the syscall openat. See ‘man 2 openat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
pause
()[source]¶ Invokes the syscall pause. See ‘man 2 pause’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
pipe
(pipedes)[source]¶ Invokes the syscall pipe. See ‘man 2 pipe’ for more information.
Parameters: pipedes (int) – pipedes
-
pwnlib.shellcraft.thumb.linux.
pipe2
(pipedes, flags)[source]¶ Invokes the syscall pipe2. See ‘man 2 pipe2’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
poll
(fds, nfds, timeout)[source]¶ Invokes the syscall poll. See ‘man 2 poll’ for more information.
Parameters: - fds (pollfd) – fds
- nfds (nfds_t) – nfds
- timeout (int) – timeout
-
pwnlib.shellcraft.thumb.linux.
ppoll
(fds, nfds, timeout, ss)[source]¶ Invokes the syscall ppoll. See ‘man 2 ppoll’ for more information.
Parameters: - fds (pollfd) – fds
- nfds (nfds_t) – nfds
- timeout (timespec) – timeout
- ss (sigset_t) – ss
-
pwnlib.shellcraft.thumb.linux.
prctl
(option, vararg)[source]¶ Invokes the syscall prctl. See ‘man 2 prctl’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
pread
(fd, buf, nbytes, offset)[source]¶ Invokes the syscall pread. See ‘man 2 pread’ for more information.
Parameters: - fd (int) – fd
- buf (void) – buf
- nbytes (size_t) – nbytes
- offset (off_t) – offset
-
pwnlib.shellcraft.thumb.linux.
preadv
(fd, iovec, count, offset)[source]¶ Invokes the syscall preadv. See ‘man 2 preadv’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
prlimit64
(pid, resource, new_limit, old_limit)[source]¶ Invokes the syscall prlimit64. See ‘man 2 prlimit64’ for more information.
Parameters: - pid (pid_t) – pid
- resource (rlimit_resource) – resource
- new_limit (rlimit64) – new_limit
- old_limit (rlimit64) – old_limit
-
pwnlib.shellcraft.thumb.linux.
profil
(sample_buffer, size, offset, scale)[source]¶ Invokes the syscall profil. See ‘man 2 profil’ for more information.
Parameters: - sample_buffer (unsigned) – sample_buffer
- size (size_t) – size
- offset (size_t) – offset
- scale (unsigned) – scale
-
pwnlib.shellcraft.thumb.linux.
ptrace
(request, vararg)[source]¶ Invokes the syscall ptrace. See ‘man 2 ptrace’ for more information.
Parameters: - request (ptrace_request) – request
- vararg (int) – vararg
-
pwnlib.shellcraft.thumb.linux.
push
(value)[source]¶ Thin wrapper around
pwnlib.shellcraft.thumb.push()
, which sets context.os to ‘linux’ before calling.Example
>>> print(pwnlib.shellcraft.thumb.linux.push('SYS_execve').rstrip()) /* push 'SYS_execve' */ mov r7, #0xb push {r7}
-
pwnlib.shellcraft.thumb.linux.
putpmsg
(fildes, ctlptr, dataptr, band, flags)[source]¶ Invokes the syscall putpmsg. See ‘man 2 putpmsg’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
pwrite
(fd, buf, n, offset)[source]¶ Invokes the syscall pwrite. See ‘man 2 pwrite’ for more information.
Parameters: - fd (int) – fd
- buf (void) – buf
- n (size_t) – n
- offset (off_t) – offset
-
pwnlib.shellcraft.thumb.linux.
pwritev
(fd, iovec, count, offset)[source]¶ Invokes the syscall pwritev. See ‘man 2 pwritev’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
read
(fd, buf, nbytes)[source]¶ Invokes the syscall read. See ‘man 2 read’ for more information.
Parameters: - fd (int) – fd
- buf (void) – buf
- nbytes (size_t) – nbytes
-
pwnlib.shellcraft.thumb.linux.
readahead
(fd, offset, count)[source]¶ Invokes the syscall readahead. See ‘man 2 readahead’ for more information.
Parameters: - fd (int) – fd
- offset (off64_t) – offset
- count (size_t) – count
-
pwnlib.shellcraft.thumb.linux.
readdir
(dirp)[source]¶ Invokes the syscall readdir. See ‘man 2 readdir’ for more information.
Parameters: dirp (DIR) – dirp
-
pwnlib.shellcraft.thumb.linux.
readfile
(path, dst='r6')[source]¶ Args: [path, dst (imm/reg) = r6] Opens the specified file path and sends its content to the specified file descriptor. Leaves the destination file descriptor in r6 and the input file descriptor in r5.
-
pwnlib.shellcraft.thumb.linux.
readlink
(path, buf, length)[source]¶ Invokes the syscall readlink. See ‘man 2 readlink’ for more information.
Parameters: - path (char) – path
- buf (char) – buf
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
readlinkat
(fd, path, buf, length)[source]¶ Invokes the syscall readlinkat. See ‘man 2 readlinkat’ for more information.
Parameters: - fd (int) – fd
- path (char) – path
- buf (char) – buf
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
readn
(fd, buf, nbytes)[source]¶ Reads exactly nbytes bytes from file descriptor fd into the buffer buf.
Parameters: - fd (int) – fd
- buf (void) – buf
- nbytes (size_t) – nbytes
-
pwnlib.shellcraft.thumb.linux.
readv
(fd, iovec, count)[source]¶ Invokes the syscall readv. See ‘man 2 readv’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
recv
(fd, buf, n, flags)[source]¶ Invokes the syscall recv. See ‘man 2 recv’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
recvfrom
(fd, buf, n, flags, addr, addr_len)[source]¶ Invokes the syscall recvfrom. See ‘man 2 recvfrom’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
recvmmsg
(fd, vmessages, vlen, flags, tmo)[source]¶ Invokes the syscall recvmmsg. See ‘man 2 recvmmsg’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
recvmsg
(fd, message, flags)[source]¶ Invokes the syscall recvmsg. See ‘man 2 recvmsg’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
recvsize
(sock, reg='r1')[source]¶ Recives 4 bytes size field Useful in conjuncion with findpeer and stager :param sock, the socket to read the payload from.: :param reg, the place to put the size: :type reg, the place to put the size: default ecx
Leaves socket in ebx
-
pwnlib.shellcraft.thumb.linux.
remap_file_pages
(start, size, prot, pgoff, flags)[source]¶ Invokes the syscall remap_file_pages. See ‘man 2 remap_file_pages’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
rename
(old, new)[source]¶ Invokes the syscall rename. See ‘man 2 rename’ for more information.
Parameters: - old (char) – old
- new (char) – new
-
pwnlib.shellcraft.thumb.linux.
renameat
(oldfd, old, newfd, new)[source]¶ Invokes the syscall renameat. See ‘man 2 renameat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
rmdir
(path)[source]¶ Invokes the syscall rmdir. See ‘man 2 rmdir’ for more information.
Parameters: path (char) – path
-
pwnlib.shellcraft.thumb.linux.
sched_get_priority_max
(algorithm)[source]¶ Invokes the syscall sched_get_priority_max. See ‘man 2 sched_get_priority_max’ for more information.
Parameters: algorithm (int) – algorithm
-
pwnlib.shellcraft.thumb.linux.
sched_get_priority_min
(algorithm)[source]¶ Invokes the syscall sched_get_priority_min. See ‘man 2 sched_get_priority_min’ for more information.
Parameters: algorithm (int) – algorithm
-
pwnlib.shellcraft.thumb.linux.
sched_getaffinity
(pid, cpusetsize, cpuset)[source]¶ Invokes the syscall sched_getaffinity. See ‘man 2 sched_getaffinity’ for more information.
Parameters: - pid (pid_t) – pid
- cpusetsize (size_t) – cpusetsize
- cpuset (cpu_set_t) – cpuset
-
pwnlib.shellcraft.thumb.linux.
sched_getparam
(pid, param)[source]¶ Invokes the syscall sched_getparam. See ‘man 2 sched_getparam’ for more information.
Parameters: - pid (pid_t) – pid
- param (sched_param) – param
-
pwnlib.shellcraft.thumb.linux.
sched_getscheduler
(pid)[source]¶ Invokes the syscall sched_getscheduler. See ‘man 2 sched_getscheduler’ for more information.
Parameters: pid (pid_t) – pid
-
pwnlib.shellcraft.thumb.linux.
sched_rr_get_interval
(pid, t)[source]¶ Invokes the syscall sched_rr_get_interval. See ‘man 2 sched_rr_get_interval’ for more information.
Parameters: - pid (pid_t) – pid
- t (timespec) – t
-
pwnlib.shellcraft.thumb.linux.
sched_setaffinity
(pid, cpusetsize, cpuset)[source]¶ Invokes the syscall sched_setaffinity. See ‘man 2 sched_setaffinity’ for more information.
Parameters: - pid (pid_t) – pid
- cpusetsize (size_t) – cpusetsize
- cpuset (cpu_set_t) – cpuset
-
pwnlib.shellcraft.thumb.linux.
sched_setparam
(pid, param)[source]¶ Invokes the syscall sched_setparam. See ‘man 2 sched_setparam’ for more information.
Parameters: - pid (pid_t) – pid
- param (sched_param) – param
-
pwnlib.shellcraft.thumb.linux.
sched_setscheduler
(pid, policy, param)[source]¶ Invokes the syscall sched_setscheduler. See ‘man 2 sched_setscheduler’ for more information.
Parameters: - pid (pid_t) – pid
- policy (int) – policy
- param (sched_param) – param
-
pwnlib.shellcraft.thumb.linux.
sched_yield
()[source]¶ Invokes the syscall sched_yield. See ‘man 2 sched_yield’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
select
(nfds, readfds, writefds, exceptfds, timeout)[source]¶ Invokes the syscall select. See ‘man 2 select’ for more information.
Parameters: - nfds (int) – nfds
- readfds (fd_set) – readfds
- writefds (fd_set) – writefds
- exceptfds (fd_set) – exceptfds
- timeout (timeval) – timeout
-
pwnlib.shellcraft.thumb.linux.
sendfile
(out_fd, in_fd, offset, count)[source]¶ Invokes the syscall sendfile. See ‘man 2 sendfile’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
sendfile64
(out_fd, in_fd, offset, count)[source]¶ Invokes the syscall sendfile64. See ‘man 2 sendfile64’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
setdomainname
(name, length)[source]¶ Invokes the syscall setdomainname. See ‘man 2 setdomainname’ for more information.
Parameters: - name (char) – name
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
setgid
(gid)[source]¶ Invokes the syscall setgid. See ‘man 2 setgid’ for more information.
Parameters: gid (gid_t) – gid
-
pwnlib.shellcraft.thumb.linux.
setgroups
(n, groups)[source]¶ Invokes the syscall setgroups. See ‘man 2 setgroups’ for more information.
Parameters: - n (size_t) – n
- groups (gid_t) – groups
-
pwnlib.shellcraft.thumb.linux.
sethostname
(name, length)[source]¶ Invokes the syscall sethostname. See ‘man 2 sethostname’ for more information.
Parameters: - name (char) – name
- len (size_t) – len
-
pwnlib.shellcraft.thumb.linux.
setitimer
(which, new, old)[source]¶ Invokes the syscall setitimer. See ‘man 2 setitimer’ for more information.
Parameters: - which (itimer_which_t) – which
- new (itimerval) – new
- old (itimerval) – old
-
pwnlib.shellcraft.thumb.linux.
setpgid
(pid, pgid)[source]¶ Invokes the syscall setpgid. See ‘man 2 setpgid’ for more information.
Parameters: - pid (pid_t) – pid
- pgid (pid_t) – pgid
-
pwnlib.shellcraft.thumb.linux.
setpriority
(which, who, prio)[source]¶ Invokes the syscall setpriority. See ‘man 2 setpriority’ for more information.
Parameters: - which (priority_which_t) – which
- who (id_t) – who
- prio (int) – prio
-
pwnlib.shellcraft.thumb.linux.
setregid
(rgid, egid)[source]¶ Invokes the syscall setregid. See ‘man 2 setregid’ for more information.
Parameters: - rgid (gid_t) – rgid
- egid (gid_t) – egid
-
pwnlib.shellcraft.thumb.linux.
setresgid
(rgid, egid, sgid)[source]¶ Invokes the syscall setresgid. See ‘man 2 setresgid’ for more information.
Parameters: - rgid (gid_t) – rgid
- egid (gid_t) – egid
- sgid (gid_t) – sgid
-
pwnlib.shellcraft.thumb.linux.
setresuid
(ruid, euid, suid)[source]¶ Invokes the syscall setresuid. See ‘man 2 setresuid’ for more information.
Parameters: - ruid (uid_t) – ruid
- euid (uid_t) – euid
- suid (uid_t) – suid
-
pwnlib.shellcraft.thumb.linux.
setreuid
(ruid, euid)[source]¶ Invokes the syscall setreuid. See ‘man 2 setreuid’ for more information.
Parameters: - ruid (uid_t) – ruid
- euid (uid_t) – euid
-
pwnlib.shellcraft.thumb.linux.
setrlimit
(resource, rlimits)[source]¶ Invokes the syscall setrlimit. See ‘man 2 setrlimit’ for more information.
Parameters: - resource (rlimit_resource_t) – resource
- rlimits (rlimit) – rlimits
-
pwnlib.shellcraft.thumb.linux.
setsid
()[source]¶ Invokes the syscall setsid. See ‘man 2 setsid’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
settimeofday
(tv, tz)[source]¶ Invokes the syscall settimeofday. See ‘man 2 settimeofday’ for more information.
Parameters: - tv (timeval) – tv
- tz (timezone) – tz
-
pwnlib.shellcraft.thumb.linux.
setuid
(uid)[source]¶ Invokes the syscall setuid. See ‘man 2 setuid’ for more information.
Parameters: uid (uid_t) – uid
-
pwnlib.shellcraft.thumb.linux.
sh
()[source]¶ Execute a different process.
>>> p = run_assembly(shellcraft.thumb.linux.sh()) >>> p.sendline('echo Hello') >>> p.recv() b'Hello\n'
-
pwnlib.shellcraft.thumb.linux.
sigaction
(sig, act, oact)[source]¶ Invokes the syscall sigaction. See ‘man 2 sigaction’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
sigaltstack
(ss, oss)[source]¶ Invokes the syscall sigaltstack. See ‘man 2 sigaltstack’ for more information.
Parameters: - ss (sigaltstack) – ss
- oss (sigaltstack) – oss
-
pwnlib.shellcraft.thumb.linux.
signal
(sig, handler)[source]¶ Invokes the syscall signal. See ‘man 2 signal’ for more information.
Parameters: - sig (int) – sig
- handler (sighandler_t) – handler
-
pwnlib.shellcraft.thumb.linux.
sigpending
(set)[source]¶ Invokes the syscall sigpending. See ‘man 2 sigpending’ for more information.
Parameters: set (sigset_t) – set
-
pwnlib.shellcraft.thumb.linux.
sigprocmask
(how, set, oset)[source]¶ Invokes the syscall sigprocmask. See ‘man 2 sigprocmask’ for more information.
Parameters: - how (int) – how
- set (sigset_t) – set
- oset (sigset_t) – oset
-
pwnlib.shellcraft.thumb.linux.
sigreturn
(scp)[source]¶ Invokes the syscall sigreturn. See ‘man 2 sigreturn’ for more information.
-
pwnlib.shellcraft.thumb.linux.
sigsuspend
(set)[source]¶ Invokes the syscall sigsuspend. See ‘man 2 sigsuspend’ for more information.
Parameters: set (sigset_t) – set
-
pwnlib.shellcraft.thumb.linux.
splice
(fdin, offin, fdout, offout, length, flags)[source]¶ Invokes the syscall splice. See ‘man 2 splice’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
stage
(fd=0, length=None)[source]¶ Migrates shellcode to a new buffer.
Parameters: Example
>>> p = run_assembly(shellcraft.stage()) >>> sc = asm(shellcraft.echo("Hello\n", constants.STDOUT_FILENO)) >>> p.pack(len(sc)) >>> p.send(sc) >>> p.recvline() b'Hello\n'
-
pwnlib.shellcraft.thumb.linux.
stager
(sock, size)[source]¶ Read ‘size’ bytes from ‘sock’ and place them in an executable buffer and jump to it. The socket will be left in r6.
-
pwnlib.shellcraft.thumb.linux.
stat
(file, buf)[source]¶ Invokes the syscall stat. See ‘man 2 stat’ for more information.
Parameters: - file (char) – file
- buf (stat) – buf
-
pwnlib.shellcraft.thumb.linux.
stat64
(file, buf)[source]¶ Invokes the syscall stat64. See ‘man 2 stat64’ for more information.
Parameters: - file (char) – file
- buf (stat64) – buf
-
pwnlib.shellcraft.thumb.linux.
stime
(when)[source]¶ Invokes the syscall stime. See ‘man 2 stime’ for more information.
Parameters: when (time_t) – when
-
pwnlib.shellcraft.thumb.linux.
stty
(fd, params)[source]¶ Invokes the syscall stty. See ‘man 2 stty’ for more information.
Parameters: - fd (int) – fd
- params (sgttyb) – params
-
pwnlib.shellcraft.thumb.linux.
symlink
(from_, to)[source]¶ Invokes the syscall symlink. See ‘man 2 symlink’ for more information.
Parameters: - from (char) – from
- to (char) – to
-
pwnlib.shellcraft.thumb.linux.
symlinkat
(from_, tofd, to)[source]¶ Invokes the syscall symlinkat. See ‘man 2 symlinkat’ for more information.
Parameters: - from (char) – from
- tofd (int) – tofd
- to (char) – to
-
pwnlib.shellcraft.thumb.linux.
sync
()[source]¶ Invokes the syscall sync. See ‘man 2 sync’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
sync_file_range
(fd, offset, count, flags)[source]¶ Invokes the syscall sync_file_range. See ‘man 2 sync_file_range’ for more information.
Parameters: - fd (int) – fd
- offset (off64_t) – offset
- count (off64_t) – count
- flags (unsigned) – flags
-
pwnlib.shellcraft.thumb.linux.
syscall
(syscall=None, arg0=None, arg1=None, arg2=None, arg3=None, arg4=None, arg5=None, arg6=None)[source]¶ - Args: [syscall_number, *args]
- Does a syscall
Any of the arguments can be expressions to be evaluated by
pwnlib.constants.eval()
.Example
>>> print(shellcraft.thumb.linux.syscall(11, 1, 'sp', 2, 0).rstrip()) /* call syscall(11, 1, 'sp', 2, 0) */ mov r0, #1 mov r1, sp mov r2, #2 eor r3, r3 mov r7, #0xb svc 0x41 >>> print(shellcraft.thumb.linux.syscall('SYS_exit', 0).rstrip()) /* call exit(0) */ eor r0, r0 mov r7, #(SYS_exit) /* 1 */ svc 0x41
-
pwnlib.shellcraft.thumb.linux.
syslog
(pri, fmt, vararg)[source]¶ Invokes the syscall syslog. See ‘man 2 syslog’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
tee
(fdin, fdout, length, flags)[source]¶ Invokes the syscall tee. See ‘man 2 tee’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
time
(timer)[source]¶ Invokes the syscall time. See ‘man 2 time’ for more information.
Parameters: timer (time_t) – timer
-
pwnlib.shellcraft.thumb.linux.
timer_create
(clock_id, evp, timerid)[source]¶ Invokes the syscall timer_create. See ‘man 2 timer_create’ for more information.
Parameters: - clock_id (clockid_t) – clock_id
- evp (sigevent) – evp
- timerid (timer_t) – timerid
-
pwnlib.shellcraft.thumb.linux.
timer_delete
(timerid)[source]¶ Invokes the syscall timer_delete. See ‘man 2 timer_delete’ for more information.
Parameters: timerid (timer_t) – timerid
-
pwnlib.shellcraft.thumb.linux.
timer_getoverrun
(timerid)[source]¶ Invokes the syscall timer_getoverrun. See ‘man 2 timer_getoverrun’ for more information.
Parameters: timerid (timer_t) – timerid
-
pwnlib.shellcraft.thumb.linux.
timer_gettime
(timerid, value)[source]¶ Invokes the syscall timer_gettime. See ‘man 2 timer_gettime’ for more information.
Parameters: - timerid (timer_t) – timerid
- value (itimerspec) – value
-
pwnlib.shellcraft.thumb.linux.
timer_settime
(timerid, flags, value, ovalue)[source]¶ Invokes the syscall timer_settime. See ‘man 2 timer_settime’ for more information.
Parameters: - timerid (timer_t) – timerid
- flags (int) – flags
- value (itimerspec) – value
- ovalue (itimerspec) – ovalue
-
pwnlib.shellcraft.thumb.linux.
truncate
(file, length)[source]¶ Invokes the syscall truncate. See ‘man 2 truncate’ for more information.
Parameters: - file (char) – file
- length (off_t) – length
-
pwnlib.shellcraft.thumb.linux.
truncate64
(file, length)[source]¶ Invokes the syscall truncate64. See ‘man 2 truncate64’ for more information.
Parameters: - file (char) – file
- length (off64_t) – length
-
pwnlib.shellcraft.thumb.linux.
ulimit
(cmd, vararg)[source]¶ Invokes the syscall ulimit. See ‘man 2 ulimit’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
umask
(mask)[source]¶ Invokes the syscall umask. See ‘man 2 umask’ for more information.
Parameters: mask (mode_t) – mask
-
pwnlib.shellcraft.thumb.linux.
uname
(name)[source]¶ Invokes the syscall uname. See ‘man 2 uname’ for more information.
Parameters: name (utsname) – name
-
pwnlib.shellcraft.thumb.linux.
unlink
(name)[source]¶ Invokes the syscall unlink. See ‘man 2 unlink’ for more information.
Parameters: name (char) – name
-
pwnlib.shellcraft.thumb.linux.
unlinkat
(fd, name, flag)[source]¶ Invokes the syscall unlinkat. See ‘man 2 unlinkat’ for more information.
Parameters:
Invokes the syscall unshare. See ‘man 2 unshare’ for more information.
Parameters: flags (int) – flags
-
pwnlib.shellcraft.thumb.linux.
ustat
(dev, ubuf)[source]¶ Invokes the syscall ustat. See ‘man 2 ustat’ for more information.
Parameters: - dev (dev_t) – dev
- ubuf (ustat) – ubuf
-
pwnlib.shellcraft.thumb.linux.
utime
(file, file_times)[source]¶ Invokes the syscall utime. See ‘man 2 utime’ for more information.
Parameters: - file (char) – file
- file_times (utimbuf) – file_times
-
pwnlib.shellcraft.thumb.linux.
utimensat
(fd, path, times, flags)[source]¶ Invokes the syscall utimensat. See ‘man 2 utimensat’ for more information.
Parameters:
-
pwnlib.shellcraft.thumb.linux.
utimes
(file, tvp)[source]¶ Invokes the syscall utimes. See ‘man 2 utimes’ for more information.
Parameters: - file (char) – file
- tvp (timeval) – tvp
-
pwnlib.shellcraft.thumb.linux.
vfork
()[source]¶ Invokes the syscall vfork. See ‘man 2 vfork’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
vhangup
()[source]¶ Invokes the syscall vhangup. See ‘man 2 vhangup’ for more information.
Arguments:
-
pwnlib.shellcraft.thumb.linux.
vmsplice
(fdout, iov, count, flags)[source]¶ Invokes the syscall vmsplice. See ‘man 2 vmsplice’ for more information.
Parameters: - fdout (int) – fdout
- iov (iovec) – iov
- count (size_t) – count
- flags (unsigned) – flags
-
pwnlib.shellcraft.thumb.linux.
wait4
(pid, stat_loc, options, usage)[source]¶ Invokes the syscall wait4. See ‘man 2 wait4’ for more information.
Parameters: - pid (pid_t) – pid
- stat_loc (WAIT_STATUS) – stat_loc
- options (int) – options
- usage (rusage) – usage
-
pwnlib.shellcraft.thumb.linux.
waitid
(idtype, id, infop, options)[source]¶ Invokes the syscall waitid. See ‘man 2 waitid’ for more information.
Parameters: - idtype (idtype_t) – idtype
- id (id_t) – id
- infop (siginfo_t) – infop
- options (int) – options
-
pwnlib.shellcraft.thumb.linux.
waitpid
(pid, stat_loc, options)[source]¶ Invokes the syscall waitpid. See ‘man 2 waitpid’ for more information.
Parameters: