Fix doctests to use openat

Gallopsled · Feb 13, 2017 · addeeb9 · addeeb9
1 parent 8c2cbc1
commit addeeb9
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 21 deletions.
diff --git a/pwnlib/shellcraft/templates/aarch64/linux/cat.asm b/pwnlib/shellcraft/templates/aarch64/linux/cat.asm
@@ -14,21 +14,25 @@ Example:
        4:   d28d8cc0        mov     x0, #0x6c66                     // #27750
        8:   f2acec20        movk    x0, #0x6761, lsl #16
        c:   f80003e0        stur    x0, [sp]
-      10:   910003e0        mov     x0, sp
-      14:   aa1f03e1        mov     x1, xzr
-      18:   aa1f03e2        mov     x2, xzr
-      1c:   d2808008        mov     x8, #0x400                      // #1024
-      20:   d4000001        svc     #0x0
-      24:   aa0003e1        mov     x1, x0
-      28:   d2800020        mov     x0, #0x1                        // #1
-      2c:   aa1f03e2        mov     x2, xzr
-      30:   d29fffe3        mov     x3, #0xffff                     // #65535
-      34:   f2afffe3        movk    x3, #0x7fff, lsl #16
-      38:   d28008e8        mov     x8, #0x47                       // #71
-      3c:   d4000001        svc     #0x0
-      40:   aa1f03e0        mov     x0, xzr
-      44:   d2800ba8        mov     x8, #0x5d                       // #93
-      48:   d4000001        svc     #0x0
+      10:   d29ff380        mov     x0, #0xff9c                     // #65436
+      14:   f2bfffe0        movk    x0, #0xffff, lsl #16
+      18:   f2dfffe0        movk    x0, #0xffff, lsl #32
+      1c:   f2ffffe0        movk    x0, #0xffff, lsl #48
+      20:   910003e1        mov     x1, sp
+      24:   aa1f03e2        mov     x2, xzr
+      28:   aa1f03e3        mov     x3, xzr
+      2c:   d2800708        mov     x8, #0x38                       // #56
+      30:   d4000001        svc     #0x0
+      34:   aa0003e1        mov     x1, x0
+      38:   d2800020        mov     x0, #0x1                        // #1
+      3c:   aa1f03e2        mov     x2, xzr
+      40:   d29fffe3        mov     x3, #0xffff                     // #65535
+      44:   f2afffe3        movk    x3, #0x7fff, lsl #16
+      48:   d28008e8        mov     x8, #0x47                       // #71
+      4c:   d4000001        svc     #0x0
+      50:   aa1f03e0        mov     x0, xzr
+      54:   d2800ba8        mov     x8, #0x5d                       // #93
+      58:   d4000001        svc     #0x0
     >>> run_assembly(shellcode).recvline()
     'This is the flag\n'
 </%docstring>

diff --git a/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm b/pwnlib/shellcraft/templates/aarch64/linux/syscall.asm
@@ -25,8 +25,8 @@ Example:
         mov  x0, xzr
         mov  x8, #SYS_exit
         svc 0
-    >>> print pwnlib.shellcraft.open('/home/pwn/flag').rstrip()
-        /* open(file='/home/pwn/flag', oflag=0, mode=0) */
+    >>> print pwnlib.shellcraft.openat(-2, '/home/pwn/flag').rstrip()
+        /* openat(fd=-2, file='/home/pwn/flag', oflag=0) */
         /* push '/home/pwn/flag\x00\x00' */
         sub sp, sp, #16
         /* Set x0 = 8606431000579237935 = 0x77702f656d6f682f */
@@ -39,11 +39,15 @@ Example:
         movk x1, #27750, lsl #16
         movk x1, #26465, lsl #0x20
         stp x0, x1, [sp, #16 * 0]
-        mov  x0, sp
-        mov  x1, xzr
+        mov  x1, sp
+        /* Set x0 = -2 = -2 */
+        mov  x0, #65534
+        movk x0, #65535, lsl #16
+        movk x0, #65535, lsl #0x20
+        movk x0, #65535, lsl #0x30
         mov  x2, xzr
-        /* call open() */
-        mov  x8, #SYS_open
+        /* call openat() */
+        mov  x8, #SYS_openat
         svc 0
 </%docstring>
 <%