Class: OneGadget::Emulators::X86

Inherits:

Processor

• Object
• Processor
• OneGadget::Emulators::X86

Defined in:

lib/one_gadget/emulators/x86.rb

Overview

Super class for amd64 and i386 processor.

Direct Known Subclasses

Amd64, I386

Instance Attribute Summary

• #bp ⇒ String readonly

  Stack base register.

• #bp_based_stack ⇒ Hash{Integer => OneGadget::Emulators::Lambda} readonly

  Stack content based on bp.

Attributes inherited from Processor

#pc, #registers, #sp, #sp_based_stack

Instance Method Summary

• #get_corresponding_stack(obj) ⇒ Hash{Integer => Lambda}^?

  The corresponding stack (based on esp/rsp or ebp/rbp) that obj used, or nil if obj doesn’t use the stack.

• #initialize(registers, sp, bp, pc) ⇒ X86 constructor

  Constructor for a x86 processor.

• #instructions ⇒ Array<Instruction>

  Supported instruction set.

• #process!(cmd) ⇒ Boolean

  Process one command.

Methods inherited from Processor

#argument, bits, #constraints, #parse, #process

Constructor Details

#initialize(registers, sp, bp, pc) ⇒ X86

Constructor for a x86 processor.

# File 'lib/one_gadget/emulators/x86.rb', line 16

def initialize(registers, sp, bp, pc)
  super(registers, sp)
  @bp = bp
  @pc = pc
  @bp_based_stack = Hash.new do |h, k|
    h[k] = OneGadget::Emulators::Lambda.new(bp).tap do |lmda|
      lmda.immi = k
      lmda.deref!
    end
  end
end

Instance Attribute Details

#bp ⇒ String (readonly)

Returns Stack base register.

Returns:

• (String) —

  Stack base register.

# File 'lib/one_gadget/emulators/x86.rb', line 12

def bp
  @bp
end

#bp_based_stack ⇒ Hash{Integer => OneGadget::Emulators::Lambda} (readonly)

Returns Stack content based on bp.

Returns:

• (Hash{Integer => OneGadget::Emulators::Lambda}) —

  Stack content based on bp.

# File 'lib/one_gadget/emulators/x86.rb', line 13

def bp_based_stack
  @bp_based_stack
end

Instance Method Details

#get_corresponding_stack(obj) ⇒ Hash{Integer => Lambda}^?

Returns The corresponding stack (based on esp/rsp or ebp/rbp) that obj used, or nil if obj doesn’t use the stack.

Examples:

get_corresponding_stack('rsp+0x10')
#=> sp_based_stack
get_corresponding_stack('rbp-0x10')
#=> bp_based_stack
get_corresponding_stack('[rbp-0x10]')
#=> bp_based_stack
get_corresponding_stack('rax')
#=> nil

Parameters:

• obj (String | Lambda) —

  A lambda object or its string.

Returns:

• (Hash{Integer => Lambda}, nil) —

  The corresponding stack (based on esp/rsp or ebp/rbp) that obj used, or nil if obj doesn’t use the stack.

# File 'lib/one_gadget/emulators/x86.rb', line 77

def get_corresponding_stack(obj)
  if obj.to_s.include?(sp)
    sp_based_stack
  elsif obj.to_s.include?(bp)
    bp_based_stack
  end
end

#instructions ⇒ Array<Instruction>

Supported instruction set.

Returns:

• (Array<Instruction>) —

  The supported instructions.

# File 'lib/one_gadget/emulators/x86.rb', line 45

def instructions
  [
    Instruction.new('add', 2),
    Instruction.new('call', 1),
    Instruction.new('jmp', 1),
    Instruction.new('lea', 2),
    Instruction.new('mov', 2),
    Instruction.new('nop', -1),
    Instruction.new('push', 1),
    Instruction.new('sub', 2),
    Instruction.new('xor', 2),
    Instruction.new('movq', 2),
    Instruction.new('movaps', 2),
    Instruction.new('movhps', 2),
    Instruction.new('punpcklqdq', 2)
  ]
end

#process!(cmd) ⇒ Boolean

Process one command. Will raise exceptions when encounter unhandled instruction.

Parameters:

• cmd (String) —

  One line from result of objdump.

Returns:

• (Boolean) —

  If successfully processed.

# File 'lib/one_gadget/emulators/x86.rb', line 34

def process!(cmd)
  inst, args = parse(cmd)
  # return registers[pc] = args[0] if inst.inst == 'call'
  return true if inst.inst == 'jmp' # believe the fetcher has handled jmp.

  sym = "inst_#{inst.inst}".to_sym
  __send__(sym, *args) != :fail
end