@@ -104,11 +104,17 @@ def addROPGadgets(self, section):
104104 elif arch == CS_ARCH_PPC :
105105 if arch_endian == CS_MODE_BIG_ENDIAN :
106106 gadgets = [
107- [b"\x4e \x80 \x00 \x20 " , 4 , 4 ] # blr
107+ [b"\x4e \x80 \x00 \x20 " , 4 , 4 ], # blr
108+ [b"\x4e \x80 \x00 \x21 " , 4 , 4 ], # blrl
109+ [b"\x4e \x80 \x04 \x20 " , 4 , 4 ], # bctr
110+ [b"\x4e \x80 \x04 \x21 " , 4 , 4 ], # bctrl
108111 ]
109112 else :
110113 gadgets = [
111- [b"\x20 \x00 \x80 \x4e " , 4 , 4 ] # blr
114+ [b"\x20 \x00 \x80 \x4e " , 4 , 4 ], # blr
115+ [b"\x21 \x00 \x80 \x4e " , 4 , 4 ], # blrl
116+ [b"\x20 \x04 \x80 \x4e " , 4 , 4 ], # bctr
117+ [b"\x21 \x04 \x80 \x4e " , 4 , 4 ], # bctrl
112118 ]
113119
114120 elif arch == CS_ARCH_SPARC :
@@ -245,7 +251,15 @@ def addJOPGadgets(self, section):
245251 [b"[\x00 -\xff ]{3}[\x08 -\x0b ][\x00 -\xff ]{4}" , 8 , 4 ] # j addr
246252 ]
247253 elif arch == CS_ARCH_PPC :
248- gadgets = [] # PPC doesn't have reg branch instructions
254+ if arch_endian == CS_MODE_BIG_ENDIAN :
255+ gadgets = [
256+ [b"\x48 [\x00 -\xff ]{3}" , 4 , 4 ] # bl
257+ ]
258+ else :
259+ gadgets = [
260+ [b"[\x00 -\xff ]{3}\x48 " , 4 , 4 ] # bl
261+ ]
262+
249263 elif arch == CS_ARCH_SPARC :
250264 if arch_endian == CS_MODE_BIG_ENDIAN :
251265 gadgets = [
@@ -363,7 +377,17 @@ def addSYSGadgets(self, section):
363377 [b"\x0c \x00 \x00 \x00 " , 4 , 4 ] # syscall
364378 ]
365379 elif arch == CS_ARCH_PPC :
366- gadgets = [] # TODO (sc inst)
380+ if arch_endian == CS_MODE_BIG_ENDIAN :
381+ gadgets = [
382+ [b"\x44 \x00 \x00 \x02 " , 4 , 4 ], # sc
383+ [b"\x44 \x00 \x00 \x03 " , 4 , 4 ] # scv
384+ ]
385+ else :
386+ gadgets = [
387+ [b"\x02 \x00 \x00 \x44 " , 4 , 4 ], # sc
388+ [b"\x03 \x00 \x00 \x44 " , 4 , 4 ] # scv
389+ ]
390+
367391 elif arch == CS_ARCH_SPARC :
368392 gadgets = [] # TODO (ta inst)
369393 elif arch == CS_ARCH_ARM64 :
0 commit comments