Kyle-Kyle
commented
4 months ago this is something I have been wanting to fix for a long time. But there was no use case so I was procrastinating on it. But now, it is partially done! :) The PR can be found here: https://github.com/angr/angrop/pull/105
Description
This issue boils down to the order of operations. Angrop currently thinks 0x10 is added to rsp, and then the return address is popped from the stack. The correct order of events is that the return address is popped from the stack, and then 0x10 is added to rsp.
Steps to reproduce the bug
Attached is a zip file. Unzip and run start.sh. This will init a python env, install requirements, build the test binary, and run the python test file. This file will provide an example of the issue. angrop_issue_retn_0x10.zip
Environment
No response
Additional context
No response