support execve for all arch

angr · Feb 12, 2025 · 66e1e84 · 66e1e84
1 parent 7c0937c
commit 66e1e84
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/angrop/arch.py b/angrop/arch.py
@@ -17,6 +17,7 @@ def __init__(self, project, kernel_mode=False):
         self.base_pointer = a.register_names[a.bp_offset]
         self.syscall_insts = None
         self.ret_insts = None
+        self.execve_num = None
 
     def _get_reg_set(self):
         """
@@ -42,6 +43,7 @@ def __init__(self, project, kernel_mode=False):
         self.syscall_insts = {b"\xcd\x80"} # int 0x80
         self.ret_insts = {b"\xc2", b"\xc3", b"\xca", b"\xcb"}
         self.segment_regs = {"cs", "ds", "es", "fs", "gs", "ss"}
+        self.execve_num = 0xb
 
     def _x86_block_make_sense(self, block):
         capstr = str(block.capstone).lower()
@@ -68,6 +70,7 @@ def __init__(self, project, kernel_mode=False):
         super().__init__(project, kernel_mode=kernel_mode)
         self.syscall_insts = {b"\x0f\x05"} # syscall
         self.segment_regs = {"cs_seg", "ds_seg", "es_seg", "fs_seg", "gs_seg", "ss_seg"}
+        self.execve_num = 0x3b
 
     def block_make_sense(self, block):
         return self._x86_block_make_sense(block)
@@ -82,6 +85,7 @@ def __init__(self, project, kernel_mode=False):
         self.alignment = self.project.arch.bytes
         self.max_block_size = self.alignment * 8
         self.fast_mode_max_block_size = self.alignment * 6
+        self.execve_num = 0xb
 
     def set_thumb(self):
         self.is_thumb = True
@@ -109,13 +113,15 @@ def __init__(self, project, kernel_mode=False):
         self.ret_insts = {b'\xc0\x03_\xd6'}
         self.max_block_size = self.alignment * 10
         self.fast_mode_max_block_size = self.alignment * 6
+        self.execve_num = 0xdd
 
 class MIPS(ROPArch):
     def __init__(self, project, kernel_mode=False):
         super().__init__(project, kernel_mode=kernel_mode)
         self.alignment = self.project.arch.bytes
         self.max_block_size = self.alignment * 8
         self.fast_mode_max_block_size = self.alignment * 6
+        self.execve_num = 0xfab
 
 def get_arch(project, kernel_mode=False):
     name = project.arch.name

diff --git a/angrop/chain_builder/sys_caller.py b/angrop/chain_builder/sys_caller.py
@@ -53,7 +53,7 @@ def filter_gadgets(self, gadgets) -> list: # pylint: disable=no-self-use
         return sorted(gadgets, key=functools.cmp_to_key(cmp))
 
     def _try_invoke_execve(self, path_addr):
-        execve_syscall = 0x3b if self.project.arch.bits == 64 else 0xb
+        execve_syscall = self.chain_builder.arch.execve_num
         # next, try to invoke execve(path, ptr, ptr), where ptr points is either NULL or nullptr
         if 0 not in self.badbytes:
             ptr = 0