@@ -31,7 +31,7 @@ def __init__(self, binary, options, offset):
3131 self .__filterRE = re .compile ("({})$" .format (re_str )) if re_str else None
3232
3333 def __passCleanX86 (self , decodes ):
34- br = ["ret" , "repz ret" , "retf" , "int" , "sysenter" , "jmp" , "notrack jmp" , "call" , "notrack call" , "syscall" ]
34+ br = ["ret" , "repz ret" , "retf" , "int" , "sysenter" , "jmp" , "notrack jmp" , "call" , "notrack call" , "syscall" , "iret" , "iretd" , "iretq" , "sysret" , "sysretq" ]
3535
3636 if decodes [- 1 ][2 ] not in br :
3737 return True
@@ -314,7 +314,7 @@ def addJOPGadgets(self, section):
314314 elif arch == CS_ARCH_RISCV :
315315 if arch_endian == CS_MODE_BIG_ENDIAN :
316316 gadgets = [
317- #32 bits encoded register
317+ #32 bits encoded register
318318 [b"[\x00 -\xff ]{2}[\x00 -\xff ][\x67 \x6f \xe7 \xef ]" ,4 , 1 ],
319319 [b"[\x00 -\xff ]{2}[\x00 -\xff ][\x63 \xe3 ]" , 4 , 1 ],
320320
@@ -365,6 +365,9 @@ def addSYSGadgets(self, section):
365365 [b"\x0f \x34 \xc3 " , 3 , 1 ], # sysenter ; ret
366366 [b"\x0f \x05 \xc3 " , 3 , 1 ], # syscall ; ret
367367 [b"\x65 \xff \x15 \x10 \x00 \x00 \x00 \xc3 " , 8 , 1 ], # call DWORD PTR gs:0x10 ; ret
368+ [b"\x0f \x07 " , 2 , 1 ], # sysret
369+ [b"\x48 \x0f \x07 " , 3 , 1 ], # sysret
370+ [b"\xcf " , 1 , 1 ], # iret
368371 ]
369372
370373 elif arch == CS_ARCH_MIPS :
@@ -413,7 +416,7 @@ def addSYSGadgets(self, section):
413416 gadgets = [
414417 [b"\x73 \x00 \x00 \x00 " , 4 , 2 ] # syscall
415418 ]
416-
419+
417420 arch_mode = CS_MODE_RISCV64 | CS_MODE_RISCVC
418421 else :
419422 print ("Gadgets().addSYSGadgets() - Architecture not supported" )
0 commit comments