Fix #1020: do not show syscall name/args for non-syscall interrupt instructions on x86/x64

3 years ago · 5943c5e16e
parent 695011385c
commit 5943c5e16e
2 changed files with 20 additions and 17 deletions
--- a/pwndbg/arguments.py
+++ b/pwndbg/arguments.py
@ -54,15 +54,17 @@ def get_syscall_name(instruction):
    if CS_GRP_INT not in instruction.groups:
        return None

-    try:
-        abi     = pwndbg.abi.ABI.syscall()
-        syscall = getattr(pwndbg.regs, abi.syscall_register)
-        name    = pwndbg.constants.syscall(syscall)
+    syscall_register = pwndbg.abi.ABI.syscall().syscall_register

-        return 'SYS_' + name
-    except:
+    # If we are on x86/x64, return no syscall name for other instructions than syscall and int 0x80
+    if syscall_register in ('eax', 'rax'):
+        mnemonic = instruction.mnemonic
+        if not (mnemonic == 'syscall' or (mnemonic == 'int' and instruction.op_str == '0x80')):
            return None

+    syscall_number = getattr(pwndbg.regs, syscall_register)
+    return pwndbg.constants.syscall(syscall_number) or '<unk_%d>' % syscall_number
+

 def get(instruction):
    """
@ -76,12 +78,12 @@ def get(instruction):
    if instruction.address != pwndbg.regs.pc:
        return []

+    if CS_GRP_CALL in instruction.groups:
        try:
            abi = pwndbg.abi.ABI.default()
        except KeyError:
            return []

-    if CS_GRP_CALL in instruction.groups:
        # Not sure of any OS which allows multiple operands on
        # a call instruction.
        assert len(instruction.operands) == 1
@ -96,11 +98,12 @@ def get(instruction):
            return []
    elif CS_GRP_INT in instruction.groups:
        # Get the syscall number and name
+        name = get_syscall_name(instruction)
        abi = pwndbg.abi.ABI.syscall()
-
        target = None
-        syscall = getattr(pwndbg.regs, abi.syscall_register)
-        name    = pwndbg.constants.syscall(syscall)
+
+        if name is None:
+            return []
    else:
        return []

@ -147,7 +150,7 @@ def get(instruction):
    if func:
        args = func.args
    else:
-        args = [pwndbg.functions.Argument('int', 0, argname(i, abi)) for i in range(n_args_default)]
+        args = (pwndbg.functions.Argument('int', 0, argname(i, abi)) for i in range(n_args_default))

    for i, arg in enumerate(args):
        result.append((arg, argument(i, abi)))
--- a/pwndbg/commands/nearpc.py
+++ b/pwndbg/commands/nearpc.py
@ -156,7 +156,7 @@ def nearpc(pc=None, lines=None, to_string=False, emulate=False):
        if instr.address == pc:
            syscall_name = pwndbg.arguments.get_syscall_name(instr)
            if syscall_name:
-                line += ' <%s>' % N.syscall_name(syscall_name)
+                line += ' <%s>' % N.syscall_name('SYS_' + syscall_name)

        # For Comment Function
        try: