why armhf

tesuji · tesuji · commit 82cbe056fb16 · 2025-04-25T08:55:47.000+07:00
diff --git a/pwnlib/asm.py b/pwnlib/asm.py
@@ -1029,12 +1029,12 @@ def get_cs_disassembler(eabi=None):
         'thumb'  : (cs.CS_ARCH_ARM, cs.CS_MODE_THUMB + E),
         'arm'    : (cs.CS_ARCH_ARM, cs.CS_MODE_ARM + E),
         'aarch64': (cs.CS_ARCH_AARCH64, cs.CS_MODE_ARM + E),
-        'armhf'  : (cs.CS_ARCH_ARM, cs.CS_MODE_ARM + cs.CS_MODE_THUMB + E),
+        'armhf'  : (cs.CS_ARCH_ARM, cs.CS_MODE_THUMB + E),
         'mips'   : (cs.CS_ARCH_MIPS, cs.CS_MODE_32 + E),
         'mips64' : (cs.CS_ARCH_MIPS, cs.CS_MODE_64 + E),
-        'sparc':   (cs.CS_ARCH_SPARC, cs.CS_MODE_32 + E),
+        'sparc'  : (cs.CS_ARCH_SPARC, cs.CS_MODE_32 + E),
         'sparc64': (cs.CS_ARCH_SPARC, cs.CS_MODE_64 + E),
-        'ppc': (cs.CS_ARCH_PPC, B + E),
+        'ppc'    : (cs.CS_ARCH_PPC, B + E),
         'powerpc':   (cs.CS_ARCH_PPC, E + cs.CS_MODE_32),
         'powerpc64': (cs.CS_ARCH_PPC, E + cs.CS_MODE_64),
         'em_s390': (cs.CS_ARCH_SYSTEMZ, cs.CS_MODE_BIG_ENDIAN + cs.CS_MODE_64),
diff --git a/pwnlib/context/__init__.py b/pwnlib/context/__init__.py
@@ -412,6 +412,7 @@ class ContextType(object):
         'avr':       little_8,
         'amd64':     little_64,
         'arm':       little_32,
+        'armhf':     little_32,
         'cris':      little_32,
         'i386':      little_32,
         'ia64':      big_64,
diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py
@@ -1172,19 +1172,20 @@ def libc_start_main_return(self):
 
         func = self.functions['__libc_start_main']
         exit_addr = self.symbols['exit']
-        eabi = None
         # `__libc_start_call_main` is usually smaller than `__libc_start_main`,
         # (except for powerpc which uses a bigger `generic_start_main`), so
         # we might disassemble a bit too much, but it's a good dynamic estimate.
         callee_size = func.size
         # most arch's call instruction has the first operands as an intermidiate, except s390
         imm_index = 0
+        eabi = None
 
         # If there's no delay slot, execution continues on the next instruction after a call.
         call_return_offset = 1
         call_instructions = set([cs.CS_GRP_CALL])
         if self.arch in ['arm', 'thumb']:
             if b'armhf' in self.linker:
+                # FIXME: I have no idea why setting self.arch = 'armhf' does not work
                 eabi = 'hf'
             if exit_addr & 1: exit_addr -= 1
         elif self.arch == 'aarch64':
