search

sashs / Ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
https://scoding.de/ropper
BSD 3-Clause "New" or "Revised" License
1.88k stars 206 forks source link

ValueError: Buffer size too small #124

Closed norey closed 4 years ago

norey commented 4 years ago 
# ropper --file dbghelp.dll  --chain virtualprotect
Traceback (most recent call last):
  File "/usr/bin/ropper", line 11, in <module>
    load_entry_point('ropper==1.12.5', 'console_scripts', 'ropper')()
  File "/usr/lib/python3/dist-packages/ropper/__main__.py", line 36, in main
    ropper.start(sys.argv[1:])
  File "/usr/lib/python3/dist-packages/ropper/__init__.py", line 52, in start
    Console(app_options).start()
  File "/usr/lib/python3/dist-packages/ropper/console.py", line 184, in start
    self.__loadFile(file)
  File "/usr/lib/python3/dist-packages/ropper/console.py", line 203, in __loadFile
    arch=self.__options.arch)
  File "/usr/lib/python3/dist-packages/ropper/service.py", line 514, in addFile
    loader = Loader.open(name, bytes=bytes, raw=raw, arch=arch)
  File "/usr/lib/python3/dist-packages/ropper/loaders/loader.py", line 178, in open
    return subclass(fileName, bytes)
  File "/usr/lib/python3/dist-packages/ropper/loaders/pe.py", line 49, in __init__
    super(PE, self).__init__(filename, bytes, arch)
  File "/usr/lib/python3/dist-packages/ropper/loaders/loader.py", line 82, in __init__
    self.__binary = self._loadFile(filename, bytes)
  File "/usr/lib/python3/dist-packages/ropper/loaders/pe.py", line 123, in _loadFile
    return pe.PE(fileName, bytes)
  File "/usr/lib/python3/dist-packages/filebytes/pe.py", line 430, in __init__
    self.__sections = self._parseSections(self._bytes, self.imageDosHeader, self.imageNtHeaders)
  File "/usr/lib/python3/dist-packages/filebytes/pe.py", line 506, in _parseSections
    raw = (c_ubyte * size).from_buffer(data, ishdr.PointerToRawData)
ValueError: Buffer size too small (1038848 instead of at least 1074372 bytes)
norey commented 4 years ago

dbghelp.dll.zip

sashs commented 4 years ago

Hey. This is a problem of filebytes not of ropper. I will check that.

norey commented 4 years ago

Just tried it on macOS, running version 1.13.3 (latest on pip3)

$ ropper -v
Version: Ropper 1.13.3
Author: Sascha Schirra
Website: http://scoding.de/ropper

$ ropper --file dbghelp.dll --chain virtualprotect
[INFO] Load gadgets for section: .text
[LOAD] loading... 100%
[LOAD] removing double gadgets... 100%

[INFO] Ropchain Generator for VirtualProtect:

[INFO] eax 0x90909090
ecx old protection (writable addr)
edx 0x40 (RWE)
ebx size
esp address
ebp return address (jmp esp)
esi pointer to VirtualProtect
edi ret (rop nop)

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/ropper/console.py", line 360, in __generateChain
    chain = self.__rs.createRopChain(generator, str(self.currentFile.arch) ,options)
  File "/usr/local/lib/python3.7/site-packages/ropper/service.py", line 775, in createRopChain
    return generator.create(options)
  File "/usr/local/lib/python3.7/site-packages/ropper/ropchain/arch/ropchainx86.py", line 947, in create
    jmp_esp = self._createJmp()
  File "/usr/local/lib/python3.7/site-packages/ropper/ropchain/arch/ropchainx86.py", line 888, in _createJmp
    self._updateUsedBinaries(gadget[0])
NameError: name 'gadget' is not defined

[ERROR] Please report this error on https://github.com/sashs/ropper
[ERROR] Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/ropper/console.py", line 62, in cmd
    func(self, text)
  File "/usr/local/lib/python3.7/site-packages/ropper/console.py", line 499, in __handleOptions
    self.__generateChain(options.chain)
  File "/usr/local/lib/python3.7/site-packages/ropper/console.py", line 377, in __generateChain
    raise e
  File "/usr/local/lib/python3.7/site-packages/ropper/console.py", line 360, in __generateChain
    chain = self.__rs.createRopChain(generator, str(self.currentFile.arch) ,options)
  File "/usr/local/lib/python3.7/site-packages/ropper/service.py", line 775, in createRopChain
    return generator.create(options)
  File "/usr/local/lib/python3.7/site-packages/ropper/ropchain/arch/ropchainx86.py", line 947, in create
    jmp_esp = self._createJmp()
  File "/usr/local/lib/python3.7/site-packages/ropper/ropchain/arch/ropchainx86.py", line 888, in _createJmp
    self._updateUsedBinaries(gadget[0])
NameError: name 'gadget' is not defined
jie-xiao commented 2 years ago

gadget means gadgets ,look the source file

sashs commented 2 years ago

Yes, that bug is already fixed. What do you mean?

br-sn commented 1 year ago

I'm somehow still getting this issue:

ropper --file ~/Downloads/ntoskrnl.exe --console                       
Traceback (most recent call last):
  File "/usr/local/bin/ropper", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/ropper/__main__.py", line 36, in main
    ropper.start(sys.argv[1:])
  File "/usr/local/lib/python3.10/site-packages/ropper/__init__.py", line 52, in start
    Console(app_options).start()
  File "/usr/local/lib/python3.10/site-packages/ropper/console.py", line 184, in start
    self.__loadFile(file)
  File "/usr/local/lib/python3.10/site-packages/ropper/console.py", line 202, in __loadFile
    self.__rs.addFile(file, raw=self.__options.raw,
  File "/usr/local/lib/python3.10/site-packages/ropper/service.py", line 526, in addFile
    loader = Loader.open(name, bytes=bytes, raw=raw, arch=arch)
  File "/usr/local/lib/python3.10/site-packages/ropper/loaders/loader.py", line 182, in open
    return subclass(fileName, bytes)
  File "/usr/local/lib/python3.10/site-packages/ropper/loaders/pe.py", line 49, in __init__
    super(PE, self).__init__(filename, bytes, arch)
  File "/usr/local/lib/python3.10/site-packages/ropper/loaders/loader.py", line 82, in __init__
    self.__binary = self._loadFile(filename, bytes)
  File "/usr/local/lib/python3.10/site-packages/ropper/loaders/pe.py", line 123, in _loadFile
    return pe.PE(fileName, bytes)
  File "/usr/local/lib/python3.10/site-packages/filebytes/pe.py", line 451, in __init__
    self.__dataDirectory = self._parseDataDirectory(self._bytes, self.sections, self.imageNtHeaders)
  File "/usr/local/lib/python3.10/site-packages/filebytes/pe.py", line 580, in _parseDataDirectory
    loadconfig_data = self._parseLoadConfig(loadconfig_data_directory, loadconfig_section)
  File "/usr/local/lib/python3.10/site-packages/filebytes/pe.py", line 678, in _parseLoadConfig
    cffEntry = GUARD_CFF_ENTRY.from_buffer(section.raw, sectionOffset)
ValueError: Buffer size too small (35840 instead of at least 35843 bytes)

This is on MacOS, with Python 3.10.7. I have this same issue on Kali with python 3.8. Installed package versions:

ropper                   1.13.8   /usr/local/lib/python3.10/site-packages pip
keystone-engine          0.9.2    /usr/local/lib/python3.10/site-packages pip
capstone                 4.0.2    /usr/local/lib/python3.10/site-packages pip
filebytes                0.10.2   /usr/local/lib/python3.10/site-packages pip
sashs commented 1 year ago

Hi. This is a different error and, as mentioned before, an error in die lib filetytes not ropper. Could you provide the binary? Then I can check it.

br-sn commented 1 year ago

Hi sashs,

I've attached it below - cheers.

ntoskrnl.exe.zip