+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Python bytecode: 64 bit parameter to LOAD_CONST (/thread-18296.html)
Python bytecode: 64 bit parameter to LOAD_CONST - physics - May-12-2019
I am trying to exploit an old python bug in a 64 bit environment.
In order to do that, I need to pass a 64 bit argument with LOAD_CONST. The problem is that LOAD_COST only accepts 2 byte argument,
I can extend that to 4 byte with the EXTENDED_ARG opcode, but I need 8 bytes, not 4.
Is there a way to do that?
This is my code so far:
#!/usr/bin/env python # -*- coding: utf-8 -*- import opcode import types def a(): pass const_tuple = () addr_const_tuple = id(const_tuple) print 'addr_const_tuple: ' + hex(addr_const_tuple) a.func_code = types.CodeType( 0, 0, 0, 0, #chr(opcode.opmap['EXTENDED_ARG']) + '\xaa\xbb' + chr(opcode.opmap['EXTENDED_ARG']) + '\xad\xde' + chr(opcode.opmap['LOAD_CONST']) + '\xef\xbe', const_tuple, (), (), '', '', 0, '' ) a()Adding multiple EXTENDED_ARG does not work.
Thank you!