search

0vercl0k / rp

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
MIT License
1.79k stars 250 forks source link

ROP gadget not ending in RET instruction #20

Closed dipanjan closed 7 years ago

dipanjan commented 7 years ago

It seems rp++ is pulling out a few ROP gadgets which do not end in RET instruction. Precisely, is such a gadget as below a valid one and by design?

0x08048740: adc edi, dword [ebx+0x080498D8] ; nop ; sub ebx, 0x04 ; call eax ; (1 found)

0vercl0k commented 7 years ago

The definition of a ROP-gadget in the tool is "a sequence of instructions ending with a branching instruction" - so yes this is expected! Here is the "valid" branching instructions if you are curious: https://github.com/0vercl0k/rp/blob/master/src/bearopgadgetfinder.cpp#L146.

Cheers

2016-12-24 21:50 GMT-08:00 Dipanjan Das notifications@github.com:

It seems rp++ is pulling out a few ROP gadgets which do not end in RET instruction. Precisely, is such a gadget as below a valid one and by design?

0x08048740: adc edi, dword [ebx+0x080498D8] ; nop ; sub ebx, 0x04 ; call eax ; (1 found)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/rp/issues/20, or mute the thread https://github.com/notifications/unsubscribe-auth/ABaHRRqM_xUF3NuJPIjCda9ghSywXpWJks5rLgQJgaJpZM4LVWOQ .