Skip to content

Instantly share code, notes, and snippets.

@interfector

interfector/jmpcallgen.c

Created April 30, 2014 22:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save interfector/3721d189dcdbbf47df30 to your computer and use it in GitHub Desktop.
Save interfector/3721d189dcdbbf47df30 to your computer and use it in GitHub Desktop.
Download ZIP
jmp and call generator
Raw
jmpcallgen.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct OpCode {
char* mne;
char* opcode;
};
struct OpCode opcodes[] = {
{ "jmp", "\\xeb" },
{ "long_jmp", "\\xe9" },
{ "je" , "\\x74" },
{ "long_je" , "\\x0f\\x84" },
{ "jne", "\\x75" },
{ "long_jne" , "\\x0f\\x85" },
{ "jle", "\\x7e" },
{ "long_jle", "\\x0f\\x8e" },
{ "jl" , "\\x7c" },
{ "jb" , "\\x72" },
{ "long_jb", "\\x0f\\x82" },
{ "jbe", "\\x76" },
{ "jg" , "\\x7f" },
{ "js" , "\\x78" },
{ "long_js", "\\x0f\\x88" },
{ "jns", "\\x79" },
{ "ja" , "\\x77" },
{ "jae", "\\x73" },
{ "jge", "\\x7d" },
{ "call", "\\xe8" }};
int op_size = sizeof(opcodes) / sizeof(struct OpCode);
void generate(struct OpCode,char*,char*);
char*
getLong(char* op)
{
int i;
char* tmp = malloc(5 + strlen(op));
sprintf(tmp,"long_%s",op);
for(i = 0;i < op_size;i++)
if(!strcmp(opcodes[i].mne,tmp))
return opcodes[i].opcode;
return NULL;
}
int
main(int argc,char* argv[])
{
int i;
if(argc == 4)
for(i = 0;i < op_size;i++)
if(!strcmp(argv[1],opcodes[i].mne))
generate(opcodes[i],argv[2],argv[3]);
printf("* Instruction not found. Available instructions:\n");
for(i = 0;i < op_size;i++)
if(strncmp(opcodes[i].mne,"long_",5) && opcodes[i].mne[0] != '*')
printf(" - %s\n",opcodes[i].mne);
return 0;
}
void
generate(struct OpCode code,char* address0,char* address1)
{
int addr0,addr1;
unsigned char addr[5];
signed int addr2;
if(!address0 || !address1)
exit(1);
sscanf(address0,"%x",&addr0);
sscanf(address1,"%x",&addr1);
addr2 = (signed int)(addr1 - addr0);
memcpy(addr, &addr2, 4);
if(address0[0] == '*')
{
if(strcmp(code.mne,"jmp") && strcmp(code.mne,"call"))
{
printf("* Error, indirect jump and call only available with jmp and call.\n");
exit(1);
}
sscanf(address0 + 1,"%x",&addr0);
memcpy(addr, &addr0, 4);
printf("%s\\x%02x\\x%02x\\x%02x\\x%02x\n",
(!strcmp(code.mne,"jmp")) ? "\\xff\\x25" : "\\xff\\x15" , addr[0],addr[1],addr[2],addr[3]);
exit(0);
}
if(address0[0] == '%')
{
printf("\\xff");
if(!strcmp(address0, "%eax"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe0 : 0xd0 ));
else if(!strcmp(address0, "%ecx"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe1 : 0xd1 ));
else if(!strcmp(address0, "%edx"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe2 : 0xd2 ));
else if(!strcmp(address0, "%ebx"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe3 : 0xd3 ));
else if(!strcmp(address0, "%esp"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe4 : 0xd4 ));
else if(!strcmp(address0, "%ebp"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe5 : 0xd5 ));
else if(!strcmp(address0, "%esi"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe6 : 0xd6 ));
else if(!strcmp(address0, "%edi"))
printf("\\x%02x\n", ( code.mne[0] == 'j' ? 0xe7 : 0xd7 ));
exit(0);
}
if(!strcmp(code.mne,"call"))
{
printf("%s\\x%02x\\x%02x\\x%02x\\x%02x\n", code.opcode, addr[0],addr[1],addr[2],addr[3]);
exit(0);
}
if(addr2 >= -99 && (addr2 <= 0xff))
printf("%s\\x%02x\n",code.opcode, (unsigned char) addr[0]);
else
printf("%s\\x%02x\\x%02x\\x%02x\\x%02x\n",(getLong(code.mne) ? getLong(code.mne) : code.opcode ), addr[0],addr[1],addr[2],addr[3]);
exit(0);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment