ragg2 fails to save returns of syscall

[3B85A591]

Environment

Mon Apr 22 12:51:44 PM PDT 2024
radare2 5.8.8 0 @ linux-x86-64
birth: git.5.8.8 2024-02-05__23:36:49
commit: unknown
options: gpl release -O1 cs:5 cl:2 meson
Linux x86_64

Description

When compiling r_egg, ragg2's generated shellcode fails to save the result of the open syscall. Ragg2 works when saving the result of the read syscall. Ragg2 overwrites %rax, the return value, with 2000 too soon, before it can save it.

Test

Fails:

read@syscall(0); 
write@syscall(1); 
open@syscall(2); 
close@syscall(3); 

exit@syscall(60);

main@global(2000, 6) {
    .var17 = open("./file", 2);
    .var25 = read(.var17, &.var33, 2000);
    write(1, &.var33, .var25);

    exit(0);
}

 mov rax, 2
 syscall
  add rsp, 16
  mov rax, 2000
  push rax
  push rbp
  mov rax, [rbp+24]
  push rax

push rax & mov rax, 2000 should be probably be swapped

Successful:

read@syscall(0); 
write@syscall(1); 
open@syscall(2); 
close@syscall(3); 

exit@syscall(60);

main@global(2000, 6) {
    open("./file", 2);
    .var25 = read(3, &.var33, 2000);
    write(1, &.var33, .var25);

    exit(0);
}

[trufae]

as long as you have analized the issue, can you do a pr with the fix and add a test with your usecase?