Closed hwchen18546 closed 9 years ago
$ ls -l test -rwxrwxr-x 1 hwchen18546 hwchen18546 752336 Aug 5 17:07 test
$ ./ropchain test | sort -n | uniq -c -w 1
Gadget find = 14716 4496 2 0x0804812a: xchg eax, ecx ; ret 4286 3 0x08048127: fcom qword ptr [ecx + 0x3a] ; ... 3036 4 0x08048126: in eax, dx ; fcom qword ... 1765 5 0x080483cf: lock pop ebx ; pop esi ; pop edi ; ... 954 6 0x080483ce: mov eax, esi ; pop ebx ; pop esi ; ... 177 7 0x0804859e: hlt ; mov eax, ebx ; pop ebx ; pop esi ; ... 2 8 0x0805775a: nop ; nop ; nop ; nop ; nop ; nop ...
$ ls -l /usr/bin/net.samba3 -rwxr-xr-x 1 root root 8893156 Apr 16 2013 /usr/bin/net.samba3
$ ./ropchain /usr/bin/net.samba3 | sort -n | uniq -c -w 1
Gadget find = 135269 37522 2 0x08048504: fild dword ptr... 42712 3 0x0804856a: dec eax ; sbb eax,... 27342 4 0x080485fa: add byte ptr [edx], ... 18013 5 0x08048707: rol byte ptr [eax], 1 ; ... 8023 6 0x08048706: and al, al ; .. 1644 7 0x08052497: mov fs, edi ; .. 12 8 0x0810ff2b: int3 ; pop es ; .. 1 9 0x0875e690: inc edx ; inc edx ; inc edx ;..
Moved to wiki https://github.com/SQLab/ropchain/wiki/Number-of-unique-gadgets-found-in-serveral-binary-executables
lancechentw
commented
9 years ago lancechentw
commented
9 years ago
$ ls -l test -rwxrwxr-x 1 hwchen18546 hwchen18546 752336 Aug 5 17:07 test
$ ./ropchain test | sort -n | uniq -c -w 1
Gadget find = 14716 4496 2 0x0804812a: xchg eax, ecx ; ret 4286 3 0x08048127: fcom qword ptr [ecx + 0x3a] ; ... 3036 4 0x08048126: in eax, dx ; fcom qword ... 1765 5 0x080483cf: lock pop ebx ; pop esi ; pop edi ; ... 954 6 0x080483ce: mov eax, esi ; pop ebx ; pop esi ; ... 177 7 0x0804859e: hlt ; mov eax, ebx ; pop ebx ; pop esi ; ... 2 8 0x0805775a: nop ; nop ; nop ; nop ; nop ; nop ...
$ ls -l /usr/bin/net.samba3 -rwxr-xr-x 1 root root 8893156 Apr 16 2013 /usr/bin/net.samba3
$ ./ropchain /usr/bin/net.samba3 | sort -n | uniq -c -w 1
Gadget find = 135269 37522 2 0x08048504: fild dword ptr... 42712 3 0x0804856a: dec eax ; sbb eax,... 27342 4 0x080485fa: add byte ptr [edx], ... 18013 5 0x08048707: rol byte ptr [eax], 1 ; ... 8023 6 0x08048706: and al, al ; .. 1644 7 0x08052497: mov fs, edi ; .. 12 8 0x0810ff2b: int3 ; pop es ; .. 1 9 0x0875e690: inc edx ; inc edx ; inc edx ;..