shellcraft/*/freebsd: match linux in switching cs (#2232)

Arusekk · web-flow · commit 0696c5cb4f6b · 2023-07-24T19:34:12.000+02:00
* shellcraft/*/freebsd: match linux in switching cs

* shellcraft: note trashed registers in switching cs
diff --git a/pwnlib/shellcraft/templates/amd64/freebsd/amd64_to_i386.asm b/pwnlib/shellcraft/templates/amd64/freebsd/amd64_to_i386.asm
@@ -0,0 +1,10 @@
+<%docstring>Returns code to switch from amd64 to i386 mode. Trashes eax, ecx, edx.
+
+Note that you most surely want to set up some stack (and place this code)
+in low address space before (or afterwards).</%docstring>
+.code64
+    call $+4
+    .byte 0xc0  /* inc eax */
+    mov byte ptr [rsp+4], 0x33  /* This is the segment we want to go to */
+    retfd
+.code32
diff --git a/pwnlib/shellcraft/templates/amd64/linux/amd64_to_i386.asm b/pwnlib/shellcraft/templates/amd64/linux/amd64_to_i386.asm
@@ -1,5 +1,4 @@
-<% from pwnlib.shellcraft import common %>
-<%docstring>Returns code to switch from amd64 to i386 mode.
+<%docstring>Returns code to switch from amd64 to i386 mode. Trashes eax, ecx, edx.
 
 Note that you most surely want to set up some stack (and place this code)
 in low address space before (or afterwards).</%docstring>
diff --git a/pwnlib/shellcraft/templates/i386/freebsd/i386_to_amd64.asm b/pwnlib/shellcraft/templates/i386/freebsd/i386_to_amd64.asm
@@ -1,12 +1,7 @@
-<% from pwnlib.shellcraft import common %>
-<%docstring>Returns code to switch from i386 to amd64 mode.</%docstring>
-<% helper, end = common.label("helper"), common.label("end") %>
+<%docstring>Returns code to switch from i386 to amd64 mode. Trashes eax.</%docstring>
 .code32
     push 0x43 /*  This is the segment we want to go to */
+    /* "db 0xff; sub al,0x24" is "jmp far [esp]" by chance */
     call $+4
-${helper}:
-    .byte 0xc0
-    add dword ptr [esp], ${end} - ${helper}
-    jmp far [esp]
-${end}:
+    sub al, 0x24
 .code64
diff --git a/pwnlib/shellcraft/templates/i386/linux/i386_to_amd64.asm b/pwnlib/shellcraft/templates/i386/linux/i386_to_amd64.asm
@@ -1,5 +1,4 @@
-<% from pwnlib.shellcraft import common %>
-<%docstring>Returns code to switch from i386 to amd64 mode.</%docstring>
+<%docstring>Returns code to switch from i386 to amd64 mode. Trashes eax.</%docstring>
 .code32
     push 0x33 /*  This is the segment we want to go to */
     /* "db 0xff; sub al,0x24" is "jmp far [esp]" by chance */
