Class: OneGadget::Emulators::AArch64

Inherits:

Processor

• Object
• Processor
• OneGadget::Emulators::AArch64

Defined in:

lib/one_gadget/emulators/aarch64.rb

Overview

Emulator of aarch64.

Instance Attribute Summary

Attributes inherited from Processor

#pc, #registers, #sp, #sp_based_stack

Class Method Summary

• .bits ⇒ Object

  AArch64 is 64-bit.

Instance Method Summary

• #argument(idx) ⇒ Lambda, Integer

  Return the argument value of calling a function.

• #get_corresponding_stack(obj) ⇒ Hash{Integer => Lambda}^?

  The corresponding stack (based on sp) that obj used, or nil if obj doesn’t use the stack.

• #initialize ⇒ AArch64 constructor

  Instantiate a AArch64 object.

• #instructions ⇒ Array<Instruction>

  Supported instruction set.

• #process!(cmd) ⇒ Object

Methods inherited from Processor

#constraints, #parse, #process

Constructor Details

#initialize ⇒ AArch64

Instantiate a OneGadget::Emulators::AArch64 object.

# File 'lib/one_gadget/emulators/aarch64.rb', line 12

def initialize
  super(OneGadget::ABI.aarch64, 'sp')
  # Constant registers
  %w[xzr wzr].each { |r| @registers[r] = 0 }
  @pc = 'pc'
end

Class Method Details

.bits ⇒ Object

AArch64 is 64-bit.

# File 'lib/one_gadget/emulators/aarch64.rb', line 182

def bits
  64
end

Instance Method Details

#argument(idx) ⇒ Lambda, Integer

Return the argument value of calling a function.

Parameters:

• idx (Integer)

Returns:

• (Lambda, Integer)

# File 'lib/one_gadget/emulators/aarch64.rb', line 43

def argument(idx)
  registers["x#{idx}"]
end

#get_corresponding_stack(obj) ⇒ Hash{Integer => Lambda}^?

Returns The corresponding stack (based on sp) that obj used, or nil if obj doesn’t use the stack.

Examples:

get_corresponding_stack('sp+0x10')
#=> sp_based_stack
get_corresponding_stack('[sp+0x10]')
#=> sp_based_stack
get_corresponding_stack('x21')
#=> nil

Parameters:

• obj (String | Lambda) —

  A lambda object or its string.

Returns:

• (Hash{Integer => Lambda}, nil) —

  The corresponding stack (based on sp) that obj used, or nil if obj doesn’t use the stack.

# File 'lib/one_gadget/emulators/aarch64.rb', line 59

def get_corresponding_stack(obj)
  return nil unless obj.to_s.include?(sp)

  sp_based_stack
end

#instructions ⇒ Array<Instruction>

Supported instruction set.

Returns:

• (Array<Instruction>) —

  The supported instructions.

# File 'lib/one_gadget/emulators/aarch64.rb', line 28

def instructions
  [
    Instruction.new('add', 3..4),
    Instruction.new('adrp', 2),
    Instruction.new('bl', 1),
    Instruction.new('ldr', 2..3),
    Instruction.new('mov', 2),
    Instruction.new('stp', 3),
    Instruction.new('str', 2..3)
  ]
end

#process!(cmd) ⇒ Object

See Also:

• X86#process!

# File 'lib/one_gadget/emulators/aarch64.rb', line 20

def process!(cmd)
  inst, args = parse(cmd.gsub(/#-?(0x)?[0-9a-f]+/) { |v| v[1..] })
  sym = :"inst_#{inst.inst}"
  __send__(sym, *args) != :fail
end