ROP Search using ESIL

[radare]

Will be useful to search for gadgets that indirectly modify registers that are not implicit by the instruction. This is for example DIV on x86, which drops the mod in xDX.

[jvoisin]

It would also be great to do some semantic search like finding stack pivots.

[radare]

in related news esil for rop searching is used for emulating the gadgets and classify them. it's not exactly rop searching.

[jvoisin]

What does it mean?

[radare]

it means that esil is used for gadget classificiation, but not for rop searching

On 13 Dec 2016, at 15:02, jvoisin notifications@github.com wrote:

What does it mean?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/2612#issuecomment-266745723, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lgFRMVavserw-jdTskGDVCOV9mRdks5rHqVugaJpZM4EmRFV.

[jvoisin]

Care to give an example?

[radare]

emulate the code until a specific condition or sequence of actions happen that can be considered a rop gadget.

On 13 Dec 2016, at 18:04, jvoisin notifications@github.com wrote:

Care to give an example?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/2612#issuecomment-266797533, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-ltdLA9hAvJQI9oTFPgMk6DWXLNAbks5rHtA4gaJpZM4EmRFV.

[ret2libc]

This issue has been moved from radareorg/radare2 to radareorg/ideas as we are trying to clean our backlog and this issue has probably been created a long while ago. This is an effort to help contributors understand what are the actionable items they can work on, prioritize issues better and help users find active/duplicated issues more easily. If this is not an enhancement/improvement/general idea but a bug, feel free to ask for re-transfer to main repo. Thanks for your understanding and contribution with this issue.