From 77b88b42ab5bb581c980a10a8c1ac039c779d20e Mon Sep 17 00:00:00 2001
From: Jake Lamberson <jacob.lamberson@gmail.com>
Date: Fri, 28 Jul 2023 11:16:28 -0400
Subject: [PATCH] Fix message for execve syscall in x86_64.

Also use hex-formatted index in the ropchain generator to be more
consistent with the x86 generator (this is not a functional
change).
---
 ropper/ropchain/arch/ropchainx86_64.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ropper/ropchain/arch/ropchainx86_64.py b/ropper/ropchain/arch/ropchainx86_64.py
index b6bd172..d7163d9 100644
--- a/ropper/ropchain/arch/ropchainx86_64.py
+++ b/ropper/ropchain/arch/ropchainx86_64.py
@@ -652,7 +652,7 @@ def create(self, options):
             raise RopChainError('No argument support for execve commands')
 
         self._printMessage('ROPchain Generator for syscall execve:\n')
-        self._printMessage('\nwrite command into data section\nrax 0xb\nrdi address to cmd\nrsi address to null\nrdx address to null\n')
+        self._printMessage('\nwrite command into data section\nrax 0x3b\nrdi address to cmd\nrsi address to null\nrdx address to null\n')
         chain = self._printHeader()
         gadgets = []
         can_create_command = False
@@ -689,7 +689,7 @@ def create(self, options):
                 gadgets.append((self._createAddress, [cmdaddress],{'reg':'rdi'},['rdi','edi', 'di']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'rsi'},['rsi','esi', 'si']))
                 gadgets.append((self._createAddress, [nulladdress],{'reg':'rdx'},['rdx','edx', 'dx', 'dl', 'dh']))
-                gadgets.append((self._createNumber, [59],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
+                gadgets.append((self._createNumber, [0x3b],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
         if address is not None and not can_create_command:
             if type(address) is str:
                 cmdaddress = int(address, 16)
@@ -704,7 +704,7 @@ def create(self, options):
             gadgets.append((self._createNumber, [cmdaddress],{'reg':'rdi'},['rdi','edi', 'di']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'rsi'},['rsi','esi', 'si']))
             gadgets.append((self._createNumber, [nulladdress],{'reg':'rdx'},['rdx','edx', 'dx', 'dl', 'dh']))
-            gadgets.append((self._createNumber, [59],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
+            gadgets.append((self._createNumber, [0x3b],{'reg':'rax'},['rax','eax', 'ax', 'al', 'ah']))
 
         self._printMessage('Try to create chain which fills registers without delete content of previous filled registers')
         chain_tmp += self._createDependenceChain(gadgets)