`pwnlib.shellcraft.mips` — Shellcode for MIPS¶

`pwnlib.shellcraft.mips`¶

Shellcraft module containing generic MIPS shellcodes.

pwnlib.shellcraft.mips.mov(dst, src)[source]¶

Move src into dst without newlines and null bytes.

Register $t8 and $t9 are not guarenteed to be preserved.

If src is a string that is not a register, then it will locally set context.arch to ‘mips’ and use pwnlib.constants.eval() to evaluate the string. Note that this means that this shellcode can change behavior depending on the value of context.os.

Parameters:	dst (str) – The destination register. src (str) – Either the input register, or an immediate value.

Example

>>> print shellcraft.mips.mov('$t0', 0).rstrip()
    slti $t0, $zero, 0xFFFF /* $t0 = 0 */
>>> print shellcraft.mips.mov('$t2', 0).rstrip()
    xor $t2, $t2, $t2  /* $t2 = 0 */
>>> print shellcraft.mips.mov('$t0', 0xcafebabe).rstrip()
    li $t0, 0xcafebabe
>>> print shellcraft.mips.mov('$t2', 0xcafebabe).rstrip()
    li $t9, 0xcafebabe
    add $t2, $t9, $zero
>>> print shellcraft.mips.mov('$s0', 0xca0000be).rstrip()
    li $t9, ~0xca0000be
    not $s0, $t9
>>> print shellcraft.mips.mov('$s0', 0xca0000ff).rstrip()
    li $t9, 0x1010101 ^ 0xca0000ff
    li $s0, 0x1010101
    xor $s0, $t9, $s0
>>> print shellcraft.mips.mov('$t9', 0xca0000be).rstrip()
    li $t9, ~0xca0000be
    not $t9, $t9
>>> print shellcraft.mips.mov('$t2', 0xca0000be).rstrip()
    li $t9, ~0xca0000be
    not $t9, $t9
    add $t2, $t9, $0 /* mov $t2, $t9 */
>>> print shellcraft.mips.mov('$t2', 0xca0000ff).rstrip()
    li $t8, 0x1010101 ^ 0xca0000ff
    li $t9, 0x1010101
    xor $t9, $t8, $t9
    add $t2, $t9, $0 /* mov $t2, $t9 */
>>> print shellcraft.mips.mov('$a0', '$t2').rstrip()
    add $a0, $t2, $0 /* mov $a0, $t2 */
>>> print shellcraft.mips.mov('$a0', '$t8').rstrip()
    sw $t8, -4($sp) /* mov $a0, $t8 */
    lw $a0, -4($sp)

pwnlib.shellcraft.mips.nop()[source]¶: MIPS nop instruction.

pwnlib.shellcraft.mips.push(value)[source]¶: Pushes a value onto the stack.

pwnlib.shellcraft.mips.pushstr(string, append_null=True)[source]¶

Pushes a string onto the stack without using null bytes or newline characters.

Example

>>> print shellcraft.mips.pushstr('').rstrip()
    /* push '\x00' */
    sw $zero, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('a').rstrip()
    /* push 'a\x00' */
    li $t9, ~0x61
    not $t1, $t9
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('aa').rstrip()
    /* push 'aa\x00' */
    ori $t1, $zero, 24929
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('aaa').rstrip()
    /* push 'aaa\x00' */
    li $t9, ~0x616161
    not $t1, $t9
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('aaaa').rstrip()
    /* push 'aaaa\x00' */
    li $t1, 0x61616161
    sw $t1, -8($sp)
    sw $zero, -4($sp)
    addiu $sp, $sp, -8
>>> print shellcraft.mips.pushstr('aaaaa').rstrip()
    /* push 'aaaaa\x00' */
    li $t1, 0x61616161
    sw $t1, -8($sp)
    li $t9, ~0x61
    not $t1, $t9
    sw $t1, -4($sp)
    addiu $sp, $sp, -8
>>> print shellcraft.mips.pushstr('aaaa', append_null = False).rstrip()
    /* push 'aaaa' */
    li $t1, 0x61616161
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('\xc3').rstrip()
    /* push '\xc3\x00' */
    li $t9, ~0xc3
    not $t1, $t9
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print shellcraft.mips.pushstr('\xc3', append_null = False).rstrip()
    /* push '\xc3' */
    li $t9, ~0xc3
    not $t1, $t9
    sw $t1, -4($sp)
    addiu $sp, $sp, -4
>>> print enhex(asm(shellcraft.mips.pushstr("/bin/sh")))
696e093c2f622935f8ffa9af97ff193cd08c393727482003fcffa9aff8ffbd27
>>> print enhex(asm(shellcraft.mips.pushstr("")))
fcffa0affcffbd27
>>> print enhex(asm(shellcraft.mips.pushstr("\x00", False)))
fcffa0affcffbd27

Parameters:	string (str) – The string to push. append_null (bool) – Whether to append a single NULL-byte before pushing.

pwnlib.shellcraft.mips.pushstr_array(reg, array)[source]¶

Pushes an array/envp-style array of pointers onto the stack.

Parameters:	reg (str) – Destination register to hold the pointer. array (str,list) – Single argument or list of arguments to push. NULL termination is normalized so that each argument ends with exactly one NULL byte.

pwnlib.shellcraft.mips.setregs(reg_context, stack_allowed=True)[source]¶

Sets multiple registers, taking any register dependencies into account (i.e., given eax=1,ebx=eax, set ebx first).

Parameters:	reg_context (dict) – Desired register context stack_allowed (bool) – Can the stack be used?

Example

>>> print shellcraft.setregs({'$t0':1, '$a3':'0'}).rstrip()
    slti $a3, $zero, 0xFFFF /* $a3 = 0 */
    li $t9, ~1
    not $t0, $t9
>>> print shellcraft.setregs({'$a0':'$a1', '$a1':'$a0', '$a2':'$a1'}).rstrip()
    sw $a1, -4($sp) /* mov $a2, $a1 */
    lw $a2, -4($sp)
    xor $a1, $a1, $a0 /* xchg $a1, $a0 */
    xor $a0, $a1, $a0
    xor $a1, $a1, $a0

pwnlib.shellcraft.mips.trap()[source]¶: A trap instruction.

`pwnlib.shellcraft.mips.linux`¶

Shellcraft module containing MIPS shellcodes for Linux.

pwnlib.shellcraft.mips.linux.accept(fd, addr, addr_len)[source]¶

Invokes the syscall accept. See ‘man 2 accept’ for more information.

Parameters:	fd (int) – fd addr (SOCKADDR_ARG) – addr addr_len (socklen_t) – addr_len

pwnlib.shellcraft.mips.linux.access(name, type)[source]¶

Invokes the syscall access. See ‘man 2 access’ for more information.

Parameters:	name (char) – name type (int) – type

pwnlib.shellcraft.mips.linux.acct(name)[source]¶

Invokes the syscall acct. See ‘man 2 acct’ for more information.

Parameters:	name (char) – name

pwnlib.shellcraft.mips.linux.alarm(seconds)[source]¶

Invokes the syscall alarm. See ‘man 2 alarm’ for more information.

Parameters:	seconds (unsigned) – seconds

pwnlib.shellcraft.mips.linux.bind(fd, addr, length)[source]¶

Invokes the syscall bind. See ‘man 2 bind’ for more information.

Parameters:	fd (int) – fd addr (CONST_SOCKADDR_ARG) – addr len (socklen_t) – len

pwnlib.shellcraft.mips.linux.bindsh(port, network)[source]¶: Listens on a TCP port and spawns a shell for the first to connect. Port is the TCP port to listen on, network is either ‘ipv4’ or ‘ipv6’.

pwnlib.shellcraft.mips.linux.brk(addr)[source]¶

Invokes the syscall brk. See ‘man 2 brk’ for more information.

Parameters:	addr (void) – addr

pwnlib.shellcraft.mips.linux.cat(filename, fd=1)[source]¶

Opens a file and writes its contents to the specified file descriptor.

Example

>>> f = tempfile.mktemp()
>>> write(f, 'FLAG')
>>> asm  = shellcraft.mips.linux.cat(f)
>>> asm += shellcraft.mips.linux.exit(0)
>>> run_assembly(asm).recvall()
'FLAG'

pwnlib.shellcraft.mips.linux.chdir(path)[source]¶

Invokes the syscall chdir. See ‘man 2 chdir’ for more information.

Parameters:	path (char) – path

pwnlib.shellcraft.mips.linux.chmod(file, mode)[source]¶

Invokes the syscall chmod. See ‘man 2 chmod’ for more information.

Parameters:	file (char) – file mode (mode_t) – mode

pwnlib.shellcraft.mips.linux.chown(file, owner, group)[source]¶

Invokes the syscall chown. See ‘man 2 chown’ for more information.

Parameters:	file (char) – file owner (uid_t) – owner group (gid_t) – group

pwnlib.shellcraft.mips.linux.chroot(path)[source]¶

Invokes the syscall chroot. See ‘man 2 chroot’ for more information.

Parameters:	path (char) – path

pwnlib.shellcraft.mips.linux.clock_getres(clock_id, res)[source]¶

Invokes the syscall clock_getres. See ‘man 2 clock_getres’ for more information.

Parameters:	clock_id (clockid_t) – clock_id res (timespec) – res

pwnlib.shellcraft.mips.linux.clock_gettime(clock_id, tp)[source]¶

Invokes the syscall clock_gettime. See ‘man 2 clock_gettime’ for more information.

Parameters:	clock_id (clockid_t) – clock_id tp (timespec) – tp

pwnlib.shellcraft.mips.linux.clock_nanosleep(clock_id, flags, req, rem)[source]¶

Invokes the syscall clock_nanosleep. See ‘man 2 clock_nanosleep’ for more information.

Parameters:	clock_id (clockid_t) – clock_id flags (int) – flags req (timespec) – req rem (timespec) – rem

pwnlib.shellcraft.mips.linux.clock_settime(clock_id, tp)[source]¶

Invokes the syscall clock_settime. See ‘man 2 clock_settime’ for more information.

Parameters:	clock_id (clockid_t) – clock_id tp (timespec) – tp

pwnlib.shellcraft.mips.linux.clone(fn, child_stack, flags, arg, vararg)[source]¶

Invokes the syscall clone. See ‘man 2 clone’ for more information.

Parameters:	fn (int) – fn child_stack (void) – child_stack flags (int) – flags arg (void) – arg vararg (int) – vararg

pwnlib.shellcraft.mips.linux.close(fd)[source]¶

Invokes the syscall close. See ‘man 2 close’ for more information.

Parameters:	fd (int) – fd

pwnlib.shellcraft.mips.linux.connect(host, port, network='ipv4')[source]¶: Connects to the host on the specified port. Network is either ‘ipv4’ or ‘ipv6’. Leaves the connected socket in $s0.

pwnlib.shellcraft.mips.linux.creat(file, mode)[source]¶

Invokes the syscall creat. See ‘man 2 creat’ for more information.

Parameters:	file (char) – file mode (mode_t) – mode

pwnlib.shellcraft.mips.linux.dup(fd)[source]¶

Invokes the syscall dup. See ‘man 2 dup’ for more information.

Parameters:	fd (int) – fd

pwnlib.shellcraft.mips.linux.dup2(fd, fd2)[source]¶

Invokes the syscall dup2. See ‘man 2 dup2’ for more information.

Parameters:	fd (int) – fd fd2 (int) – fd2

pwnlib.shellcraft.mips.linux.dup3(fd, fd2, flags)[source]¶

Invokes the syscall dup3. See ‘man 2 dup3’ for more information.

Parameters:	fd (int) – fd fd2 (int) – fd2 flags (int) – flags

pwnlib.shellcraft.mips.linux.dupsh(sock='$s0')[source]¶: Args: [sock (imm/reg) = s0 ] Duplicates sock to stdin, stdout and stderr and spawns a shell.

pwnlib.shellcraft.mips.linux.echo(string, sock=1)[source]¶: Writes a string to a file descriptor

pwnlib.shellcraft.mips.linux.epoll_create(size)[source]¶

Invokes the syscall epoll_create. See ‘man 2 epoll_create’ for more information.

Parameters:	size (int) – size

pwnlib.shellcraft.mips.linux.epoll_create1(flags)[source]¶

Invokes the syscall epoll_create1. See ‘man 2 epoll_create1’ for more information.

Parameters:	flags (int) – flags

pwnlib.shellcraft.mips.linux.epoll_ctl(epfd, op, fd, event)[source]¶

Invokes the syscall epoll_ctl. See ‘man 2 epoll_ctl’ for more information.

Parameters:	epfd (int) – epfd op (int) – op fd (int) – fd event (epoll_event) – event

pwnlib.shellcraft.mips.linux.epoll_pwait(epfd, events, maxevents, timeout, ss)[source]¶

Invokes the syscall epoll_pwait. See ‘man 2 epoll_pwait’ for more information.

Parameters:	epfd (int) – epfd events (epoll_event) – events maxevents (int) – maxevents timeout (int) – timeout ss (sigset_t) – ss

pwnlib.shellcraft.mips.linux.epoll_wait(epfd, events, maxevents, timeout)[source]¶

Invokes the syscall epoll_wait. See ‘man 2 epoll_wait’ for more information.

Parameters:	epfd (int) – epfd events (epoll_event) – events maxevents (int) – maxevents timeout (int) – timeout

pwnlib.shellcraft.mips.linux.execve(path='/system/bin//sh', argv=0, envp=0)[source]¶

Execute a different process.

Attempts to perform some automatic detection of types. Otherwise, the arguments behave as normal.

If path is a string that is not a known register, it is pushed onto the stack.
If argv is an array of strings, it is pushed onto the stack, and NULL-terminated.
If envp is an dictionary of {string:string}, it is pushed onto the stack, and NULL-terminated.

Example

>>> path = '/bin/sh'
>>> argv = ['sh', '-c', 'echo Hello, $NAME; exit $STATUS']
>>> envp = {'NAME': 'zerocool', 'STATUS': 3}
>>> sc = shellcraft.mips.linux.execve(path, argv, envp)
>>> io = run_assembly(sc)
>>> io.recvall()
'Hello, zerocool\n'
>>> io.poll(True)
3

pwnlib.shellcraft.mips.linux.exit(status)[source]¶

Invokes the syscall exit. See ‘man 2 exit’ for more information.

Parameters:	status (int) – status

pwnlib.shellcraft.mips.linux.faccessat(fd, file, type, flag)[source]¶

Invokes the syscall faccessat. See ‘man 2 faccessat’ for more information.

Parameters:	fd (int) – fd file (char) – file type (int) – type flag (int) – flag

pwnlib.shellcraft.mips.linux.fallocate(fd, mode, offset, length)[source]¶

Invokes the syscall fallocate. See ‘man 2 fallocate’ for more information.

Parameters:	fd (int) – fd mode (int) – mode offset (off_t) – offset len (off_t) – len

pwnlib.shellcraft.mips.linux.fchdir(fd)[source]¶

Invokes the syscall fchdir. See ‘man 2 fchdir’ for more information.

Parameters:	fd (int) – fd

pwnlib.shellcraft.mips.linux.fchmod(fd, mode)[source]¶

Invokes the syscall fchmod. See ‘man 2 fchmod’ for more information.

Parameters:	fd (int) – fd mode (mode_t) – mode

pwnlib.shellcraft.mips.linux.fchmodat(fd, file, mode, flag)[source]¶

Invokes the syscall fchmodat. See ‘man 2 fchmodat’ for more information.

Parameters:	fd (int) – fd file (char) – file mode (mode_t) – mode flag (int) – flag

pwnlib.shellcraft.mips.linux.fchown(fd, owner, group)[source]¶

Invokes the syscall fchown. See ‘man 2 fchown’ for more information.

Parameters:	fd (int) – fd owner (uid_t) – owner group (gid_t) – group

pwnlib.shellcraft.mips.linux.fchownat(fd, file, owner, group, flag)[source]¶

Invokes the syscall fchownat. See ‘man 2 fchownat’ for more information.

Parameters:	fd (int) – fd file (char) – file owner (uid_t) – owner group (gid_t) – group flag (int) – flag

pwnlib.shellcraft.mips.linux.fcntl(fd, cmd, vararg)[source]¶

Invokes the syscall fcntl. See ‘man 2 fcntl’ for more information.

Parameters:	fd (int) – fd cmd (int) – cmd vararg (int) – vararg

pwnlib.shellcraft.mips.linux.fdatasync(fildes)[source]¶

Invokes the syscall fdatasync. See ‘man 2 fdatasync’ for more information.

Parameters:	fildes (int) – fildes

pwnlib.shellcraft.mips.linux.findpeer(port)[source]¶: Finds a connected socket. If port is specified it is checked against the peer port. Resulting socket is left in $s0.

pwnlib.shellcraft.mips.linux.findpeersh(port)[source]¶: Finds a connected socket. If port is specified it is checked against the peer port. A dup2 shell is spawned on it.

pwnlib.shellcraft.mips.linux.flock(fd, operation)[source]¶

Invokes the syscall flock. See ‘man 2 flock’ for more information.

Parameters:	fd (int) – fd operation (int) – operation

pwnlib.shellcraft.mips.linux.fork()[source]¶

Invokes the syscall fork. See ‘man 2 fork’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.forkbomb()[source]¶: Performs a forkbomb attack.

pwnlib.shellcraft.mips.linux.forkexit()[source]¶: Attempts to fork. If the fork is successful, the parent exits.

pwnlib.shellcraft.mips.linux.fstat(fd, buf)[source]¶

Invokes the syscall fstat. See ‘man 2 fstat’ for more information.

Parameters:	fd (int) – fd buf (stat) – buf

pwnlib.shellcraft.mips.linux.fstat64(fd, buf)[source]¶

Invokes the syscall fstat64. See ‘man 2 fstat64’ for more information.

Parameters:	fd (int) – fd buf (stat64) – buf

pwnlib.shellcraft.mips.linux.fstatat64(fd, file, buf, flag)[source]¶

Invokes the syscall fstatat64. See ‘man 2 fstatat64’ for more information.

Parameters:	fd (int) – fd file (char) – file buf (stat64) – buf flag (int) – flag

pwnlib.shellcraft.mips.linux.fsync(fd)[source]¶

Invokes the syscall fsync. See ‘man 2 fsync’ for more information.

Parameters:	fd (int) – fd

pwnlib.shellcraft.mips.linux.ftruncate(fd, length)[source]¶

Invokes the syscall ftruncate. See ‘man 2 ftruncate’ for more information.

Parameters:	fd (int) – fd length (off_t) – length

pwnlib.shellcraft.mips.linux.ftruncate64(fd, length)[source]¶

Invokes the syscall ftruncate64. See ‘man 2 ftruncate64’ for more information.

Parameters:	fd (int) – fd length (off64_t) – length

pwnlib.shellcraft.mips.linux.futimesat(fd, file, tvp)[source]¶

Invokes the syscall futimesat. See ‘man 2 futimesat’ for more information.

Parameters:	fd (int) – fd file (char) – file tvp (timeval) – tvp

pwnlib.shellcraft.mips.linux.getcwd(buf, size)[source]¶

Invokes the syscall getcwd. See ‘man 2 getcwd’ for more information.

Parameters:	buf (char) – buf size (size_t) – size

pwnlib.shellcraft.mips.linux.getegid()[source]¶

Invokes the syscall getegid. See ‘man 2 getegid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.geteuid()[source]¶

Invokes the syscall geteuid. See ‘man 2 geteuid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.getgid()[source]¶

Invokes the syscall getgid. See ‘man 2 getgid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.getgroups(size, list)[source]¶

Invokes the syscall getgroups. See ‘man 2 getgroups’ for more information.

Parameters:	size (int) – size list (gid_t) – list

pwnlib.shellcraft.mips.linux.getitimer(which, value)[source]¶

Invokes the syscall getitimer. See ‘man 2 getitimer’ for more information.

Parameters:	which (itimer_which_t) – which value (itimerval) – value

pwnlib.shellcraft.mips.linux.getpeername(fd, addr, length)[source]¶

Invokes the syscall getpeername. See ‘man 2 getpeername’ for more information.

Parameters:	fd (int) – fd addr (SOCKADDR_ARG) – addr len (socklen_t) – len

pwnlib.shellcraft.mips.linux.getpgid(pid)[source]¶

Invokes the syscall getpgid. See ‘man 2 getpgid’ for more information.

Parameters:	pid (pid_t) – pid

pwnlib.shellcraft.mips.linux.getpgrp()[source]¶

Invokes the syscall getpgrp. See ‘man 2 getpgrp’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.getpid()[source]¶

Invokes the syscall getpid. See ‘man 2 getpid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.getpmsg(fildes, ctlptr, dataptr, bandp, flagsp)[source]¶

Invokes the syscall getpmsg. See ‘man 2 getpmsg’ for more information.

Parameters:	fildes (int) – fildes ctlptr (strbuf) – ctlptr dataptr (strbuf) – dataptr bandp (int) – bandp flagsp (int) – flagsp

pwnlib.shellcraft.mips.linux.getppid()[source]¶

Invokes the syscall getppid. See ‘man 2 getppid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.getpriority(which, who)[source]¶

Invokes the syscall getpriority. See ‘man 2 getpriority’ for more information.

Parameters:	which (priority_which_t) – which who (id_t) – who

pwnlib.shellcraft.mips.linux.getresgid(rgid, egid, sgid)[source]¶

Invokes the syscall getresgid. See ‘man 2 getresgid’ for more information.

Parameters:	rgid (gid_t) – rgid egid (gid_t) – egid sgid (gid_t) – sgid

pwnlib.shellcraft.mips.linux.getresuid(ruid, euid, suid)[source]¶

Invokes the syscall getresuid. See ‘man 2 getresuid’ for more information.

Parameters:	ruid (uid_t) – ruid euid (uid_t) – euid suid (uid_t) – suid

pwnlib.shellcraft.mips.linux.getrlimit(resource, rlimits)[source]¶

Invokes the syscall getrlimit. See ‘man 2 getrlimit’ for more information.

Parameters:	resource (rlimit_resource_t) – resource rlimits (rlimit) – rlimits

pwnlib.shellcraft.mips.linux.getrusage(who, usage)[source]¶

Invokes the syscall getrusage. See ‘man 2 getrusage’ for more information.

Parameters:	who (rusage_who_t) – who usage (rusage) – usage

pwnlib.shellcraft.mips.linux.getsid(pid)[source]¶

Invokes the syscall getsid. See ‘man 2 getsid’ for more information.

Parameters:	pid (pid_t) – pid

pwnlib.shellcraft.mips.linux.getsockname(fd, addr, length)[source]¶

Invokes the syscall getsockname. See ‘man 2 getsockname’ for more information.

Parameters:	fd (int) – fd addr (SOCKADDR_ARG) – addr len (socklen_t) – len

pwnlib.shellcraft.mips.linux.getsockopt(fd, level, optname, optval, optlen)[source]¶

Invokes the syscall getsockopt. See ‘man 2 getsockopt’ for more information.

Parameters:	fd (int) – fd level (int) – level optname (int) – optname optval (void) – optval optlen (socklen_t) – optlen

pwnlib.shellcraft.mips.linux.gettimeofday(tv, tz)[source]¶

Invokes the syscall gettimeofday. See ‘man 2 gettimeofday’ for more information.

Parameters:	tv (timeval) – tv tz (timezone_ptr_t) – tz

pwnlib.shellcraft.mips.linux.getuid()[source]¶

Invokes the syscall getuid. See ‘man 2 getuid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.gtty(fd, params)[source]¶

Invokes the syscall gtty. See ‘man 2 gtty’ for more information.

Parameters:	fd (int) – fd params (sgttyb) – params

pwnlib.shellcraft.mips.linux.ioctl(fd, request, vararg)[source]¶

Invokes the syscall ioctl. See ‘man 2 ioctl’ for more information.

Parameters:	fd (int) – fd request (unsigned) – request vararg (int) – vararg

pwnlib.shellcraft.mips.linux.ioperm(from_, num, turn_on)[source]¶

Invokes the syscall ioperm. See ‘man 2 ioperm’ for more information.

Parameters:	from (unsigned) – from num (unsigned) – num turn_on (int) – turn_on

pwnlib.shellcraft.mips.linux.iopl(level)[source]¶

Invokes the syscall iopl. See ‘man 2 iopl’ for more information.

Parameters:	level (int) – level

pwnlib.shellcraft.mips.linux.kill(pid, sig)[source]¶

Invokes the syscall kill. See ‘man 2 kill’ for more information.

Parameters:	pid (pid_t) – pid sig (int) – sig

pwnlib.shellcraft.mips.linux.killparent()[source]¶: Kills its parent process until whatever the parent is (probably init) cannot be killed any longer.

pwnlib.shellcraft.mips.linux.lchown(file, owner, group)[source]¶

Invokes the syscall lchown. See ‘man 2 lchown’ for more information.

Parameters:	file (char) – file owner (uid_t) – owner group (gid_t) – group

pwnlib.shellcraft.mips.linux.link(from_, to)[source]¶

Invokes the syscall link. See ‘man 2 link’ for more information.

Parameters:	from (char) – from to (char) – to

pwnlib.shellcraft.mips.linux.linkat(fromfd, from_, tofd, to, flags)[source]¶

Invokes the syscall linkat. See ‘man 2 linkat’ for more information.

Parameters:	fromfd (int) – fromfd from (char) – from tofd (int) – tofd to (char) – to flags (int) – flags

pwnlib.shellcraft.mips.linux.listen(port, network)[source]¶: Listens on a TCP port, accept a client and leave his socket in $s0. Port is the TCP port to listen on, network is either ‘ipv4’ or ‘ipv6’.

pwnlib.shellcraft.mips.linux.lseek(fd, offset, whence)[source]¶

Invokes the syscall lseek. See ‘man 2 lseek’ for more information.

Parameters:	fd (int) – fd offset (off_t) – offset whence (int) – whence

pwnlib.shellcraft.mips.linux.lstat(file, buf)[source]¶

Invokes the syscall lstat. See ‘man 2 lstat’ for more information.

Parameters:	file (char) – file buf (stat) – buf

pwnlib.shellcraft.mips.linux.lstat64(file, buf)[source]¶

Invokes the syscall lstat64. See ‘man 2 lstat64’ for more information.

Parameters:	file (char) – file buf (stat64) – buf

pwnlib.shellcraft.mips.linux.madvise(addr, length, advice)[source]¶

Invokes the syscall madvise. See ‘man 2 madvise’ for more information.

Parameters:	addr (void) – addr len (size_t) – len advice (int) – advice

pwnlib.shellcraft.mips.linux.mincore(start, length, vec)[source]¶

Invokes the syscall mincore. See ‘man 2 mincore’ for more information.

Parameters:	start (void) – start len (size_t) – len vec (unsigned) – vec

pwnlib.shellcraft.mips.linux.mkdir(path, mode)[source]¶

Invokes the syscall mkdir. See ‘man 2 mkdir’ for more information.

Parameters:	path (char) – path mode (mode_t) – mode

pwnlib.shellcraft.mips.linux.mkdirat(fd, path, mode)[source]¶

Invokes the syscall mkdirat. See ‘man 2 mkdirat’ for more information.

Parameters:	fd (int) – fd path (char) – path mode (mode_t) – mode

pwnlib.shellcraft.mips.linux.mknod(path, mode, dev)[source]¶

Invokes the syscall mknod. See ‘man 2 mknod’ for more information.

Parameters:	path (char) – path mode (mode_t) – mode dev (dev_t) – dev

pwnlib.shellcraft.mips.linux.mknodat(fd, path, mode, dev)[source]¶

Invokes the syscall mknodat. See ‘man 2 mknodat’ for more information.

Parameters:	fd (int) – fd path (char) – path mode (mode_t) – mode dev (dev_t) – dev

pwnlib.shellcraft.mips.linux.mlock(addr, length)[source]¶

Invokes the syscall mlock. See ‘man 2 mlock’ for more information.

Parameters:	addr (void) – addr len (size_t) – len

pwnlib.shellcraft.mips.linux.mlockall(flags)[source]¶

Invokes the syscall mlockall. See ‘man 2 mlockall’ for more information.

Parameters:	flags (int) – flags

pwnlib.shellcraft.mips.linux.mmap(addr=0, length=4096, prot=7, flags=34, fd=-1, offset=0)[source]¶

Invokes the syscall mmap. See ‘man 2 mmap’ for more information.

Parameters:	addr (void) – addr length (size_t) – length prot (int) – prot flags (int) – flags fd (int) – fd offset (off_t) – offset

pwnlib.shellcraft.mips.linux.mov(dest, src)[source]¶

Thin wrapper around pwnlib.shellcraft.mips.mov(), which sets context.os to ‘linux’ before calling.

Example

>>> print pwnlib.shellcraft.mips.linux.mov('$a1', 'SYS_execve').rstrip()
    ori $a1, $zero, (SYS_execve)

pwnlib.shellcraft.mips.linux.mprotect(addr, length, prot)[source]¶

Invokes the syscall mprotect. See ‘man 2 mprotect’ for more information.

Parameters:	addr (void) – addr len (size_t) – len prot (int) – prot

pwnlib.shellcraft.mips.linux.mq_notify(mqdes, notification)[source]¶

Invokes the syscall mq_notify. See ‘man 2 mq_notify’ for more information.

Parameters:	mqdes (mqd_t) – mqdes notification (sigevent) – notification

pwnlib.shellcraft.mips.linux.mq_open(name, oflag, vararg)[source]¶

Invokes the syscall mq_open. See ‘man 2 mq_open’ for more information.

Parameters:	name (char) – name oflag (int) – oflag vararg (int) – vararg

pwnlib.shellcraft.mips.linux.mq_timedreceive(mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)[source]¶

Invokes the syscall mq_timedreceive. See ‘man 2 mq_timedreceive’ for more information.

Parameters:	mqdes (mqd_t) – mqdes msg_ptr (char) – msg_ptr msg_len (size_t) – msg_len msg_prio (unsigned) – msg_prio abs_timeout (timespec) – abs_timeout

pwnlib.shellcraft.mips.linux.mq_timedsend(mqdes, msg_ptr, msg_len, msg_prio, abs_timeout)[source]¶

Invokes the syscall mq_timedsend. See ‘man 2 mq_timedsend’ for more information.

Parameters:	mqdes (mqd_t) – mqdes msg_ptr (char) – msg_ptr msg_len (size_t) – msg_len msg_prio (unsigned) – msg_prio abs_timeout (timespec) – abs_timeout

pwnlib.shellcraft.mips.linux.mq_unlink(name)[source]¶

Invokes the syscall mq_unlink. See ‘man 2 mq_unlink’ for more information.

Parameters:	name (char) – name

pwnlib.shellcraft.mips.linux.mremap(addr, old_len, new_len, flags, vararg)[source]¶

Invokes the syscall mremap. See ‘man 2 mremap’ for more information.

Parameters:	addr (void) – addr old_len (size_t) – old_len new_len (size_t) – new_len flags (int) – flags vararg (int) – vararg

pwnlib.shellcraft.mips.linux.msync(addr, length, flags)[source]¶

Invokes the syscall msync. See ‘man 2 msync’ for more information.

Parameters:	addr (void) – addr len (size_t) – len flags (int) – flags

pwnlib.shellcraft.mips.linux.munlock(addr, length)[source]¶

Invokes the syscall munlock. See ‘man 2 munlock’ for more information.

Parameters:	addr (void) – addr len (size_t) – len

pwnlib.shellcraft.mips.linux.munlockall()[source]¶

Invokes the syscall munlockall. See ‘man 2 munlockall’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.munmap(addr, length)[source]¶

Invokes the syscall munmap. See ‘man 2 munmap’ for more information.

Parameters:	addr (void) – addr len (size_t) – len

pwnlib.shellcraft.mips.linux.nanosleep(requested_time, remaining)[source]¶

Invokes the syscall nanosleep. See ‘man 2 nanosleep’ for more information.

Parameters:	requested_time (timespec) – requested_time remaining (timespec) – remaining

pwnlib.shellcraft.mips.linux.nice(inc)[source]¶

Invokes the syscall nice. See ‘man 2 nice’ for more information.

Parameters:	inc (int) – inc

pwnlib.shellcraft.mips.linux.open(file, oflag, vararg)[source]¶

Invokes the syscall open. See ‘man 2 open’ for more information.

Parameters:	file (char) – file oflag (int) – oflag vararg (int) – vararg

pwnlib.shellcraft.mips.linux.openat(fd, file, oflag, vararg)[source]¶

Invokes the syscall openat. See ‘man 2 openat’ for more information.

Parameters:	fd (int) – fd file (char) – file oflag (int) – oflag vararg (int) – vararg

pwnlib.shellcraft.mips.linux.pause()[source]¶

Invokes the syscall pause. See ‘man 2 pause’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.pipe(pipedes)[source]¶

Invokes the syscall pipe. See ‘man 2 pipe’ for more information.

Parameters:	pipedes (int) – pipedes

pwnlib.shellcraft.mips.linux.pipe2(pipedes, flags)[source]¶

Invokes the syscall pipe2. See ‘man 2 pipe2’ for more information.

Parameters:	pipedes (int) – pipedes flags (int) – flags

pwnlib.shellcraft.mips.linux.poll(fds, nfds, timeout)[source]¶

Invokes the syscall poll. See ‘man 2 poll’ for more information.

Parameters:	fds (pollfd) – fds nfds (nfds_t) – nfds timeout (int) – timeout

pwnlib.shellcraft.mips.linux.ppoll(fds, nfds, timeout, ss)[source]¶

Invokes the syscall ppoll. See ‘man 2 ppoll’ for more information.

Parameters:	fds (pollfd) – fds nfds (nfds_t) – nfds timeout (timespec) – timeout ss (sigset_t) – ss

pwnlib.shellcraft.mips.linux.prctl(option, vararg)[source]¶

Invokes the syscall prctl. See ‘man 2 prctl’ for more information.

Parameters:	option (int) – option vararg (int) – vararg

pwnlib.shellcraft.mips.linux.pread(fd, buf, nbytes, offset)[source]¶

Invokes the syscall pread. See ‘man 2 pread’ for more information.

Parameters:	fd (int) – fd buf (void) – buf nbytes (size_t) – nbytes offset (off_t) – offset

pwnlib.shellcraft.mips.linux.preadv(fd, iovec, count, offset)[source]¶

Invokes the syscall preadv. See ‘man 2 preadv’ for more information.

Parameters:	fd (int) – fd iovec (iovec) – iovec count (int) – count offset (off_t) – offset

pwnlib.shellcraft.mips.linux.prlimit64(pid, resource, new_limit, old_limit)[source]¶

Invokes the syscall prlimit64. See ‘man 2 prlimit64’ for more information.

Parameters:	pid (pid_t) – pid resource (rlimit_resource) – resource new_limit (rlimit64) – new_limit old_limit (rlimit64) – old_limit

pwnlib.shellcraft.mips.linux.profil(sample_buffer, size, offset, scale)[source]¶

Invokes the syscall profil. See ‘man 2 profil’ for more information.

Parameters:	sample_buffer (unsigned) – sample_buffer size (size_t) – size offset (size_t) – offset scale (unsigned) – scale

pwnlib.shellcraft.mips.linux.ptrace(request, vararg)[source]¶

Invokes the syscall ptrace. See ‘man 2 ptrace’ for more information.

Parameters:	request (ptrace_request) – request vararg (int) – vararg

pwnlib.shellcraft.mips.linux.pushstr(string, append_null=True)[source]¶

Thin wrapper around pwnlib.shellcraft.mips.pushstr(), which sets context.os to ‘linux’ before calling.

Example

>>> print pwnlib.shellcraft.mips.linux.pushstr('Hello, World').rstrip()
    /* push 'Hello, World\x00' */
    li $t1, 0x6c6c6548
    sw $t1, -16($sp)
    li $t1, 0x57202c6f
    sw $t1, -12($sp)
    li $t1, 0x646c726f
    sw $t1, -8($sp)
    sw $zero, -4($sp)
    addiu $sp, $sp, -16

Parameters:	string (str) – The string to push. append_null (bool) – Whether to append a single NULL-byte before pushing.

pwnlib.shellcraft.mips.linux.putpmsg(fildes, ctlptr, dataptr, band, flags)[source]¶

Invokes the syscall putpmsg. See ‘man 2 putpmsg’ for more information.

Parameters:	fildes (int) – fildes ctlptr (strbuf) – ctlptr dataptr (strbuf) – dataptr band (int) – band flags (int) – flags

pwnlib.shellcraft.mips.linux.pwrite(fd, buf, n, offset)[source]¶

Invokes the syscall pwrite. See ‘man 2 pwrite’ for more information.

Parameters:	fd (int) – fd buf (void) – buf n (size_t) – n offset (off_t) – offset

pwnlib.shellcraft.mips.linux.pwritev(fd, iovec, count, offset)[source]¶

Invokes the syscall pwritev. See ‘man 2 pwritev’ for more information.

Parameters:	fd (int) – fd iovec (iovec) – iovec count (int) – count offset (off_t) – offset

pwnlib.shellcraft.mips.linux.read(fd, buf, nbytes)[source]¶

Invokes the syscall read. See ‘man 2 read’ for more information.

Parameters:	fd (int) – fd buf (void) – buf nbytes (size_t) – nbytes

pwnlib.shellcraft.mips.linux.readahead(fd, offset, count)[source]¶

Invokes the syscall readahead. See ‘man 2 readahead’ for more information.

Parameters:	fd (int) – fd offset (off64_t) – offset count (size_t) – count

pwnlib.shellcraft.mips.linux.readdir(dirp)[source]¶

Invokes the syscall readdir. See ‘man 2 readdir’ for more information.

Parameters:	dirp (DIR) – dirp

pwnlib.shellcraft.mips.linux.readfile(path, dst='$s0')[source]¶: Args: [path, dst (imm/reg) = $s0 ] Opens the specified file path and sends its content to the specified file descriptor.

pwnlib.shellcraft.mips.linux.readlink(path, buf, length)[source]¶

Invokes the syscall readlink. See ‘man 2 readlink’ for more information.

Parameters:	path (char) – path buf (char) – buf len (size_t) – len

pwnlib.shellcraft.mips.linux.readlinkat(fd, path, buf, length)[source]¶

Invokes the syscall readlinkat. See ‘man 2 readlinkat’ for more information.

Parameters:	fd (int) – fd path (char) – path buf (char) – buf len (size_t) – len

pwnlib.shellcraft.mips.linux.readv(fd, iovec, count)[source]¶

Invokes the syscall readv. See ‘man 2 readv’ for more information.

Parameters:	fd (int) – fd iovec (iovec) – iovec count (int) – count

pwnlib.shellcraft.mips.linux.recv(fd, buf, n, flags)[source]¶

Invokes the syscall recv. See ‘man 2 recv’ for more information.

Parameters:	fd (int) – fd buf (void) – buf n (size_t) – n flags (int) – flags

pwnlib.shellcraft.mips.linux.recvfrom(fd, buf, n, flags, addr, addr_len)[source]¶

Invokes the syscall recvfrom. See ‘man 2 recvfrom’ for more information.

Parameters:	fd (int) – fd buf (void) – buf n (size_t) – n flags (int) – flags addr (SOCKADDR_ARG) – addr addr_len (socklen_t) – addr_len

pwnlib.shellcraft.mips.linux.recvmmsg(fd, vmessages, vlen, flags, tmo)[source]¶

Invokes the syscall recvmmsg. See ‘man 2 recvmmsg’ for more information.

Parameters:	fd (int) – fd vmessages (mmsghdr) – vmessages vlen (unsigned) – vlen flags (int) – flags tmo (timespec) – tmo

pwnlib.shellcraft.mips.linux.recvmsg(fd, message, flags)[source]¶

Invokes the syscall recvmsg. See ‘man 2 recvmsg’ for more information.

Parameters:	fd (int) – fd message (msghdr) – message flags (int) – flags

pwnlib.shellcraft.mips.linux.remap_file_pages(start, size, prot, pgoff, flags)[source]¶

Invokes the syscall remap_file_pages. See ‘man 2 remap_file_pages’ for more information.

Parameters:	start (void) – start size (size_t) – size prot (int) – prot pgoff (size_t) – pgoff flags (int) – flags

pwnlib.shellcraft.mips.linux.rename(old, new)[source]¶

Invokes the syscall rename. See ‘man 2 rename’ for more information.

Parameters:	old (char) – old new (char) – new

pwnlib.shellcraft.mips.linux.renameat(oldfd, old, newfd, new)[source]¶

Invokes the syscall renameat. See ‘man 2 renameat’ for more information.

Parameters:	oldfd (int) – oldfd old (char) – old newfd (int) – newfd new (char) – new

pwnlib.shellcraft.mips.linux.rmdir(path)[source]¶

Invokes the syscall rmdir. See ‘man 2 rmdir’ for more information.

Parameters:	path (char) – path

pwnlib.shellcraft.mips.linux.sched_get_priority_max(algorithm)[source]¶

Invokes the syscall sched_get_priority_max. See ‘man 2 sched_get_priority_max’ for more information.

Parameters:	algorithm (int) – algorithm

pwnlib.shellcraft.mips.linux.sched_get_priority_min(algorithm)[source]¶

Invokes the syscall sched_get_priority_min. See ‘man 2 sched_get_priority_min’ for more information.

Parameters:	algorithm (int) – algorithm

pwnlib.shellcraft.mips.linux.sched_getaffinity(pid, cpusetsize, cpuset)[source]¶

Invokes the syscall sched_getaffinity. See ‘man 2 sched_getaffinity’ for more information.

Parameters:	pid (pid_t) – pid cpusetsize (size_t) – cpusetsize cpuset (cpu_set_t) – cpuset

pwnlib.shellcraft.mips.linux.sched_getparam(pid, param)[source]¶

Invokes the syscall sched_getparam. See ‘man 2 sched_getparam’ for more information.

Parameters:	pid (pid_t) – pid param (sched_param) – param

pwnlib.shellcraft.mips.linux.sched_getscheduler(pid)[source]¶

Invokes the syscall sched_getscheduler. See ‘man 2 sched_getscheduler’ for more information.

Parameters:	pid (pid_t) – pid

pwnlib.shellcraft.mips.linux.sched_rr_get_interval(pid, t)[source]¶

Invokes the syscall sched_rr_get_interval. See ‘man 2 sched_rr_get_interval’ for more information.

Parameters:	pid (pid_t) – pid t (timespec) – t

pwnlib.shellcraft.mips.linux.sched_setaffinity(pid, cpusetsize, cpuset)[source]¶

Invokes the syscall sched_setaffinity. See ‘man 2 sched_setaffinity’ for more information.

Parameters:	pid (pid_t) – pid cpusetsize (size_t) – cpusetsize cpuset (cpu_set_t) – cpuset

pwnlib.shellcraft.mips.linux.sched_setparam(pid, param)[source]¶

Invokes the syscall sched_setparam. See ‘man 2 sched_setparam’ for more information.

Parameters:	pid (pid_t) – pid param (sched_param) – param

pwnlib.shellcraft.mips.linux.sched_setscheduler(pid, policy, param)[source]¶

Invokes the syscall sched_setscheduler. See ‘man 2 sched_setscheduler’ for more information.

Parameters:	pid (pid_t) – pid policy (int) – policy param (sched_param) – param

pwnlib.shellcraft.mips.linux.sched_yield()[source]¶

Invokes the syscall sched_yield. See ‘man 2 sched_yield’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.select(nfds, readfds, writefds, exceptfds, timeout)[source]¶

Invokes the syscall select. See ‘man 2 select’ for more information.

Parameters:	nfds (int) – nfds readfds (fd_set) – readfds writefds (fd_set) – writefds exceptfds (fd_set) – exceptfds timeout (timeval) – timeout

pwnlib.shellcraft.mips.linux.sendfile(out_fd, in_fd, offset, count)[source]¶

Invokes the syscall sendfile. See ‘man 2 sendfile’ for more information.

Parameters:	out_fd (int) – out_fd in_fd (int) – in_fd offset (off_t) – offset count (size_t) – count

pwnlib.shellcraft.mips.linux.sendfile64(out_fd, in_fd, offset, count)[source]¶

Invokes the syscall sendfile64. See ‘man 2 sendfile64’ for more information.

Parameters:	out_fd (int) – out_fd in_fd (int) – in_fd offset (off64_t) – offset count (size_t) – count

pwnlib.shellcraft.mips.linux.setdomainname(name, length)[source]¶

Invokes the syscall setdomainname. See ‘man 2 setdomainname’ for more information.

Parameters:	name (char) – name len (size_t) – len

pwnlib.shellcraft.mips.linux.setgid(gid)[source]¶

Invokes the syscall setgid. See ‘man 2 setgid’ for more information.

Parameters:	gid (gid_t) – gid

pwnlib.shellcraft.mips.linux.setgroups(n, groups)[source]¶

Invokes the syscall setgroups. See ‘man 2 setgroups’ for more information.

Parameters:	n (size_t) – n groups (gid_t) – groups

pwnlib.shellcraft.mips.linux.sethostname(name, length)[source]¶

Invokes the syscall sethostname. See ‘man 2 sethostname’ for more information.

Parameters:	name (char) – name len (size_t) – len

pwnlib.shellcraft.mips.linux.setitimer(which, new, old)[source]¶

Invokes the syscall setitimer. See ‘man 2 setitimer’ for more information.

Parameters:	which (itimer_which_t) – which new (itimerval) – new old (itimerval) – old

pwnlib.shellcraft.mips.linux.setpgid(pid, pgid)[source]¶

Invokes the syscall setpgid. See ‘man 2 setpgid’ for more information.

Parameters:	pid (pid_t) – pid pgid (pid_t) – pgid

pwnlib.shellcraft.mips.linux.setpriority(which, who, prio)[source]¶

Invokes the syscall setpriority. See ‘man 2 setpriority’ for more information.

Parameters:	which (priority_which_t) – which who (id_t) – who prio (int) – prio

pwnlib.shellcraft.mips.linux.setregid(rgid, egid)[source]¶

Invokes the syscall setregid. See ‘man 2 setregid’ for more information.

Parameters:	rgid (gid_t) – rgid egid (gid_t) – egid

pwnlib.shellcraft.mips.linux.setresgid(rgid, egid, sgid)[source]¶

Invokes the syscall setresgid. See ‘man 2 setresgid’ for more information.

Parameters:	rgid (gid_t) – rgid egid (gid_t) – egid sgid (gid_t) – sgid

pwnlib.shellcraft.mips.linux.setresuid(ruid, euid, suid)[source]¶

Invokes the syscall setresuid. See ‘man 2 setresuid’ for more information.

Parameters:	ruid (uid_t) – ruid euid (uid_t) – euid suid (uid_t) – suid

pwnlib.shellcraft.mips.linux.setreuid(ruid, euid)[source]¶

Invokes the syscall setreuid. See ‘man 2 setreuid’ for more information.

Parameters:	ruid (uid_t) – ruid euid (uid_t) – euid

pwnlib.shellcraft.mips.linux.setrlimit(resource, rlimits)[source]¶

Invokes the syscall setrlimit. See ‘man 2 setrlimit’ for more information.

Parameters:	resource (rlimit_resource_t) – resource rlimits (rlimit) – rlimits

pwnlib.shellcraft.mips.linux.setsid()[source]¶

Invokes the syscall setsid. See ‘man 2 setsid’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.settimeofday(tv, tz)[source]¶

Invokes the syscall settimeofday. See ‘man 2 settimeofday’ for more information.

Parameters:	tv (timeval) – tv tz (timezone) – tz

pwnlib.shellcraft.mips.linux.setuid(uid)[source]¶

Invokes the syscall setuid. See ‘man 2 setuid’ for more information.

Parameters:	uid (uid_t) – uid

pwnlib.shellcraft.mips.linux.sh()[source]¶: Execute /bin/sh

pwnlib.shellcraft.mips.linux.sigaction(sig, act, oact)[source]¶

Invokes the syscall sigaction. See ‘man 2 sigaction’ for more information.

Parameters:	sig (int) – sig act (sigaction) – act oact (sigaction) – oact

pwnlib.shellcraft.mips.linux.sigaltstack(ss, oss)[source]¶

Invokes the syscall sigaltstack. See ‘man 2 sigaltstack’ for more information.

Parameters:	ss (sigaltstack) – ss oss (sigaltstack) – oss

pwnlib.shellcraft.mips.linux.signal(sig, handler)[source]¶

Invokes the syscall signal. See ‘man 2 signal’ for more information.

Parameters:	sig (int) – sig handler (sighandler_t) – handler

pwnlib.shellcraft.mips.linux.sigpending(set)[source]¶

Invokes the syscall sigpending. See ‘man 2 sigpending’ for more information.

Parameters:	set (sigset_t) – set

pwnlib.shellcraft.mips.linux.sigprocmask(how, set, oset)[source]¶

Invokes the syscall sigprocmask. See ‘man 2 sigprocmask’ for more information.

Parameters:	how (int) – how set (sigset_t) – set oset (sigset_t) – oset

pwnlib.shellcraft.mips.linux.sigreturn()[source]¶: Invokes the syscall sigreturn. See ‘man 2 sigreturn’ for more information.

pwnlib.shellcraft.mips.linux.sigsuspend(set)[source]¶

Invokes the syscall sigsuspend. See ‘man 2 sigsuspend’ for more information.

Parameters:	set (sigset_t) – set

pwnlib.shellcraft.mips.linux.splice(fdin, offin, fdout, offout, length, flags)[source]¶

Invokes the syscall splice. See ‘man 2 splice’ for more information.

Parameters:	fdin (int) – fdin offin (off64_t) – offin fdout (int) – fdout offout (off64_t) – offout len (size_t) – len flags (unsigned) – flags

pwnlib.shellcraft.mips.linux.stager(sock, size)[source]¶: Read ‘size’ bytes from ‘sock’ and place them in an executable buffer and jump to it. The socket will be left in $s0.

pwnlib.shellcraft.mips.linux.stat(file, buf)[source]¶

Invokes the syscall stat. See ‘man 2 stat’ for more information.

Parameters:	file (char) – file buf (stat) – buf

pwnlib.shellcraft.mips.linux.stat64(file, buf)[source]¶

Invokes the syscall stat64. See ‘man 2 stat64’ for more information.

Parameters:	file (char) – file buf (stat64) – buf

pwnlib.shellcraft.mips.linux.stime(when)[source]¶

Invokes the syscall stime. See ‘man 2 stime’ for more information.

Parameters:	when (time_t) – when

pwnlib.shellcraft.mips.linux.stty(fd, params)[source]¶

Invokes the syscall stty. See ‘man 2 stty’ for more information.

Parameters:	fd (int) – fd params (sgttyb) – params

pwnlib.shellcraft.mips.linux.symlink(from_, to)[source]¶

Invokes the syscall symlink. See ‘man 2 symlink’ for more information.

Parameters:	from (char) – from to (char) – to

pwnlib.shellcraft.mips.linux.symlinkat(from_, tofd, to)[source]¶

Invokes the syscall symlinkat. See ‘man 2 symlinkat’ for more information.

Parameters:	from (char) – from tofd (int) – tofd to (char) – to

pwnlib.shellcraft.mips.linux.sync()[source]¶

Invokes the syscall sync. See ‘man 2 sync’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.sync_file_range(fd, offset, count, flags)[source]¶

Invokes the syscall sync_file_range. See ‘man 2 sync_file_range’ for more information.

Parameters:	fd (int) – fd offset (off64_t) – offset count (off64_t) – count flags (unsigned) – flags

pwnlib.shellcraft.mips.linux.syscall(syscall=None, arg0=None, arg1=None, arg2=None, arg3=None, arg4=None, arg5=None)[source]¶

Args: [syscall_number, *args]: Does a syscall

Any of the arguments can be expressions to be evaluated by pwnlib.constants.eval().

Example

>>> print pwnlib.shellcraft.mips.linux.syscall('SYS_execve', 1, '$sp', 2, 0).rstrip()
    /* call execve(1, '$sp', 2, 0) */
    li $t9, ~1
    not $a0, $t9
    add $a1, $sp, $0 /* mov $a1, $sp */
    li $t9, ~2
    not $a2, $t9
    slti $a3, $zero, 0xFFFF /* $a3 = 0 */
    ori $v0, $zero, (SYS_execve)
    syscall 0x40404
>>> print pwnlib.shellcraft.mips.linux.syscall('SYS_execve', 2, 1, 0, 20).rstrip()
    /* call execve(2, 1, 0, 0x14) */
    li $t9, ~2
    not $a0, $t9
    li $t9, ~1
    not $a1, $t9
    slti $a2, $zero, 0xFFFF /* $a2 = 0 */
    li $t9, ~0x14
    not $a3, $t9
    ori $v0, $zero, (SYS_execve)
    syscall 0x40404
>>> print pwnlib.shellcraft.mips.linux.syscall().rstrip()
    /* call syscall() */
    syscall 0x40404
>>> print pwnlib.shellcraft.mips.linux.syscall('$v0', '$a0', '$a1').rstrip()
    /* call syscall('$v0', '$a0', '$a1') */
    /* setregs noop */
    syscall 0x40404
>>> print pwnlib.shellcraft.mips.linux.syscall('$a3', None, None, 1).rstrip()
    /* call syscall('$a3', ?, ?, 1) */
    li $t9, ~1
    not $a2, $t9
    sw $a3, -4($sp) /* mov $v0, $a3 */
    lw $v0, -4($sp)
    syscall 0x40404
>>> print pwnlib.shellcraft.mips.linux.syscall(
...               'SYS_mmap2', 0, 0x1000,
...               'PROT_READ | PROT_WRITE | PROT_EXEC',
...               'MAP_PRIVATE | MAP_ANONYMOUS',
...               -1, 0).rstrip()
    /* call mmap2(0, 0x1000, 'PROT_READ | PROT_WRITE | PROT_EXEC', 'MAP_PRIVATE | MAP_ANONYMOUS', -1, 0) */
    slti $a0, $zero, 0xFFFF /* $a0 = 0 */
    li $t9, ~0x1000
    not $a1, $t9
    li $t9, ~(PROT_READ | PROT_WRITE | PROT_EXEC) /* 7 */
    not $a2, $t9
    ori $a3, $zero, (MAP_PRIVATE | MAP_ANONYMOUS)
    ori $v0, $zero, (SYS_mmap2)
    syscall 0x40404

pwnlib.shellcraft.mips.linux.syslog(pri, fmt, vararg)[source]¶

Invokes the syscall syslog. See ‘man 2 syslog’ for more information.

Parameters:	pri (int) – pri fmt (char) – fmt vararg (int) – vararg

pwnlib.shellcraft.mips.linux.tee(fdin, fdout, length, flags)[source]¶

Invokes the syscall tee. See ‘man 2 tee’ for more information.

Parameters:	fdin (int) – fdin fdout (int) – fdout len (size_t) – len flags (unsigned) – flags

pwnlib.shellcraft.mips.linux.time(timer)[source]¶

Invokes the syscall time. See ‘man 2 time’ for more information.

Parameters:	timer (time_t) – timer

pwnlib.shellcraft.mips.linux.timer_create(clock_id, evp, timerid)[source]¶

Invokes the syscall timer_create. See ‘man 2 timer_create’ for more information.

Parameters:	clock_id (clockid_t) – clock_id evp (sigevent) – evp timerid (timer_t) – timerid

pwnlib.shellcraft.mips.linux.timer_delete(timerid)[source]¶

Invokes the syscall timer_delete. See ‘man 2 timer_delete’ for more information.

Parameters:	timerid (timer_t) – timerid

pwnlib.shellcraft.mips.linux.timer_getoverrun(timerid)[source]¶

Invokes the syscall timer_getoverrun. See ‘man 2 timer_getoverrun’ for more information.

Parameters:	timerid (timer_t) – timerid

pwnlib.shellcraft.mips.linux.timer_gettime(timerid, value)[source]¶

Invokes the syscall timer_gettime. See ‘man 2 timer_gettime’ for more information.

Parameters:	timerid (timer_t) – timerid value (itimerspec) – value

pwnlib.shellcraft.mips.linux.timer_settime(timerid, flags, value, ovalue)[source]¶

Invokes the syscall timer_settime. See ‘man 2 timer_settime’ for more information.

Parameters:	timerid (timer_t) – timerid flags (int) – flags value (itimerspec) – value ovalue (itimerspec) – ovalue

pwnlib.shellcraft.mips.linux.truncate(file, length)[source]¶

Invokes the syscall truncate. See ‘man 2 truncate’ for more information.

Parameters:	file (char) – file length (off_t) – length

pwnlib.shellcraft.mips.linux.truncate64(file, length)[source]¶

Invokes the syscall truncate64. See ‘man 2 truncate64’ for more information.

Parameters:	file (char) – file length (off64_t) – length

pwnlib.shellcraft.mips.linux.ulimit(cmd, vararg)[source]¶

Invokes the syscall ulimit. See ‘man 2 ulimit’ for more information.

Parameters:	cmd (int) – cmd vararg (int) – vararg

pwnlib.shellcraft.mips.linux.umask(mask)[source]¶

Invokes the syscall umask. See ‘man 2 umask’ for more information.

Parameters:	mask (mode_t) – mask

pwnlib.shellcraft.mips.linux.uname(name)[source]¶

Invokes the syscall uname. See ‘man 2 uname’ for more information.

Parameters:	name (utsname) – name

pwnlib.shellcraft.mips.linux.unlink(name)[source]¶

Invokes the syscall unlink. See ‘man 2 unlink’ for more information.

Parameters:	name (char) – name

pwnlib.shellcraft.mips.linux.unlinkat(fd, name, flag)[source]¶

Invokes the syscall unlinkat. See ‘man 2 unlinkat’ for more information.

Parameters:	fd (int) – fd name (char) – name flag (int) – flag

pwnlib.shellcraft.mips.linux.unshare(flags)[source]¶

Invokes the syscall unshare. See ‘man 2 unshare’ for more information.

Parameters:	flags (int) – flags

pwnlib.shellcraft.mips.linux.ustat(dev, ubuf)[source]¶

Invokes the syscall ustat. See ‘man 2 ustat’ for more information.

Parameters:	dev (dev_t) – dev ubuf (ustat) – ubuf

pwnlib.shellcraft.mips.linux.utime(file, file_times)[source]¶

Invokes the syscall utime. See ‘man 2 utime’ for more information.

Parameters:	file (char) – file file_times (utimbuf) – file_times

pwnlib.shellcraft.mips.linux.utimensat(fd, path, times, flags)[source]¶

Invokes the syscall utimensat. See ‘man 2 utimensat’ for more information.

Parameters:	fd (int) – fd path (char) – path times (timespec) – times flags (int) – flags

pwnlib.shellcraft.mips.linux.utimes(file, tvp)[source]¶

Invokes the syscall utimes. See ‘man 2 utimes’ for more information.

Parameters:	file (char) – file tvp (timeval) – tvp

pwnlib.shellcraft.mips.linux.vfork()[source]¶

Invokes the syscall vfork. See ‘man 2 vfork’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.vhangup()[source]¶

Invokes the syscall vhangup. See ‘man 2 vhangup’ for more information.

Arguments:

pwnlib.shellcraft.mips.linux.vmsplice(fdout, iov, count, flags)[source]¶

Invokes the syscall vmsplice. See ‘man 2 vmsplice’ for more information.

Parameters:	fdout (int) – fdout iov (iovec) – iov count (size_t) – count flags (unsigned) – flags

pwnlib.shellcraft.mips.linux.wait4(pid, stat_loc, options, usage)[source]¶

Invokes the syscall wait4. See ‘man 2 wait4’ for more information.

Parameters:	pid (pid_t) – pid stat_loc (WAIT_STATUS) – stat_loc options (int) – options usage (rusage) – usage

pwnlib.shellcraft.mips.linux.waitid(idtype, id, infop, options)[source]¶

Invokes the syscall waitid. See ‘man 2 waitid’ for more information.

Parameters:	idtype (idtype_t) – idtype id (id_t) – id infop (siginfo_t) – infop options (int) – options

pwnlib.shellcraft.mips.linux.waitpid(pid, stat_loc, options)[source]¶

Invokes the syscall waitpid. See ‘man 2 waitpid’ for more information.

Parameters:	pid (pid_t) – pid stat_loc (int) – stat_loc options (int) – options

pwnlib.shellcraft.mips.linux.write(fd, buf, n)[source]¶

Invokes the syscall write. See ‘man 2 write’ for more information.

Parameters:	fd (int) – fd buf (void) – buf n (size_t) – n

pwnlib.shellcraft.mips.linux.writev(fd, iovec, count)[source]¶

Invokes the syscall writev. See ‘man 2 writev’ for more information.

Parameters:	fd (int) – fd iovec (iovec) – iovec count (int) – count

pwnlib.shellcraft.mips — Shellcode for MIPS¶