Skip to content

Commit

Permalink
Add syscall support for LoongArch64
Browse files Browse the repository at this point in the history
  • Loading branch information
@xtexx
xtexx committed Jan 22, 2025
1 parent 0c360f8 commit 335ef08
Showing 1 changed file with 31 additions and 73 deletions.
104 changes: 31 additions & 73 deletions pwnlib/shellcraft/templates/loong64/linux/syscall.asm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,90 +14,48 @@ Any of the arguments can be expressions to be evaluated by :func:`pwnlib.constan
Example:

>>> print(pwnlib.shellcraft.loong64.linux.syscall('SYS_execve', 1, 'sp', 2, 0).rstrip())
/* call execve(1, 'sp', 2, 0) */
c.li a0, 1
c.mv a1, sp
c.li a2, 2
c.li a3, 0
/* mv a7, 0xdd */
xori a7, zero, 0x722
xori a7, a7, 0x7ff
ecall
addi.d $a0, $r0, 1
addi.d $a1, $sp, 0
addi.d $a2, $r0, 2
addi.d $a3, $r0, 0
addi.d $a7, $r0, 221
syscall
>>> print(pwnlib.shellcraft.loong64.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip())
/* call execve(2, 1, 0, 0x14) */
c.li a0, 2
c.li a1, 1
c.li a2, 0
c.li a3, 0x14
/* mv a7, 0xdd */
xori a7, zero, 0x722
xori a7, a7, 0x7ff
ecall
addi.d $a0, $r0, 2
addi.d $a1, $r0, 1
addi.d $a2, $r0, 0
addi.d $a3, $r0, 20
addi.d $a7, $r0, 221
syscall
>>> print(pwnlib.shellcraft.loong64.linux.syscall().rstrip())
/* call syscall() */
ecall
syscall
>>> print(pwnlib.shellcraft.loong64.linux.syscall('a7', 'a0', 'a1').rstrip())
/* call syscall('a7', 'a0', 'a1') */
/* setregs noop */
ecall
syscall
>>> print(pwnlib.shellcraft.loong64.linux.syscall('a3', None, None, 1).rstrip())
/* call syscall('a3', ?, ?, 1) */
c.li a2, 1
c.mv a7, a3
ecall
addi.d $a2, $r0, 1
addi.d $a7, $a3, 0
syscall
>>> print(pwnlib.shellcraft.loong64.linux.syscall(
... 'SYS_mmap', 0, 0x1000,
... 'PROT_READ | PROT_WRITE | PROT_EXEC',
... 'MAP_PRIVATE',
... -1, 0).rstrip())
/* call mmap(0, 0x1000, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE', -1, 0) */
c.li a0, 0
c.lui a1, 1 /* mv a1, 0x1000 */
c.li a2, 7
c.li a3, 2
c.li a4, 0xffffffffffffffff
c.li a5, 0
/* mv a7, 0xde */
xori a7, zero, 0x721
xori a7, a7, 0x7ff
ecall
>>> print(pwnlib.shellcraft.openat('AT_FDCWD', '/home/pwn/flag').rstrip())
/* openat(fd='AT_FDCWD', file='/home/pwn/flag', oflag=0) */
/* push b'/home/pwn/flag\x00' */
li t4, 0x77702f656d6f682f
sd t4, -16(sp)
li t4, 0x67616c662f6e
sd t4, -8(sp)
addi sp, sp, -16
c.mv a1, sp
xori a0, zero, 0xffffffffffffff9c
c.li a2, 0
/* call openat() */
/* mv a7, 0x38 */
xori a7, zero, 0x7c7
xori a7, a7, 0x7ff
ecall
addi.d $a0, $r0, 0
addi.d $a1, $r0, 1
lu52i.d $a1, $a1, 0
addi.d $a2, $r0, 7
addi.d $a3, $r0, 2
addi.d $a4, $r0, 15
lu52i.d $a4, $a4, -1
lu52i.d $a4, $a4, -1
lu52i.d $a4, $a4, -1
lu52i.d $a4, $a4, -1
lu52i.d $a4, $a4, -1
addi.d $a5, $r0, 0
addi.d $a7, $r0, 222
syscall
</%docstring>
<%
if isinstance(syscall, (str, text_type, Constant)) and str(syscall).startswith('SYS_'):
syscall_repr = str(syscall)[4:] + "(%s)"
args = []
else:
syscall_repr = 'syscall(%s)'
if syscall is None:
args = ['?']
else:
args = [pretty(syscall, False)]

for arg in [arg0, arg1, arg2, arg3, arg4, arg5]:
if arg is None:
args.append('?')
else:
args.append(pretty(arg, False))
while args and args[-1] == '?':
args.pop()
syscall_repr = syscall_repr % ', '.join(args)

registers = abi.register_arguments
arguments = [syscall, arg0, arg1, arg2, arg3, arg4, arg5]
regctx = dict(zip(registers, arguments))
Expand Down

0 comments on commit 335ef08

Please sign in to comment.