missing "syscall; ret;" gadgets

[Frefreak]

Hi, thanks for the tool, its so fast that I would prefer it over other alternatives. But today I find it can't find "syscall; ret;" for this particular libc: libc-2.23.so.gz

I tried:

ropr <libc> -R "syscall; ret"

and

rpr <libc> |  grep syscall | grep ret

both return empty result. However in 0x00000000000bc375 there is one.

[Ben-Lichtman]

Currently I am treating a syscall as the end of a gadget (for example calling execve), though now that I think about it, it would be useful to have gadgets for things like write...

I'll give it some thought and probably push a fix for this soon.

[Ben-Lichtman]

I have released a new version which treats syscalls, interrupts, etc as valid instructions within a gadget. Please let me know if you notice any issues with this.

[Ben-Lichtman]

I'm still not sure whether these gadgets should be counted as rop gadgets or sys gadgets (under the -s switch). I'm currently considering them as rop gadgets, but I'm not sure what would be better.

[Frefreak]

Thanks, it works now. As for the filter I personally would classify it as a "sys" gadget since it does have a syscall instruction, so -s should not show it. But treating it as rop gadgets is also fine for me.

[Ben-Lichtman]

That seems reasonable. I will change the classification next release