Ropper does not return all gadget occurences when using the search command

sashs / Ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.

https://scoding.de/ropper

BSD 3-Clause "New" or "Revised" License

1.87k stars 206 forks source link

Ropper does not return all gadget occurences when using the search command #135

Open ariel-miculas opened 3 years ago

ariel-miculas commented 3 years ago

❯ ropper --version Version: Ropper 1.13.3 Author: Sascha Schirra Website: http://scoding.de/ropper Screenshot 2020-12-12 02:52:12 Screenshot 2020-12-12 02:53:04 There's a "pop rbp" gadget at address 0x0040081f, but "search pop rbp" does not show it. Interestingly enough, "search nop" returns the gadget at address 0x0040081e which includes the "pop rbp" gadget. Also, it is listed in the gadgets list. Screenshot 2020-12-12 02:58:31 I can also provide the binary if it's necessary.

sashs commented 3 years ago

Hey. Thanks for raising this issue. Yes, it would be very helpful if you can provide the binary.

ariel-miculas commented 3 years ago

https://wetransfer.com/downloads/0d164b30cdf03791d2ed78d3d60ee6b120201215171541/d506919fa392a4963f30ab7676cbe25120201215171610/dd3c75