search

sashs / Ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
https://scoding.de/ropper
BSD 3-Clause "New" or "Revised" License
1.87k stars 206 forks source link

Fix addr for relative jumps #141

Open STKFLT opened 3 years ago

STKFLT commented 3 years ago

targets of instructions like 'bl' were wrong because the proper image base was not being taken into account when disassembling. This applies the same solution used to calculate the address of each gadget in gadget.py:209 by adding the image base to the start address when disassembling.

This is presumably caused by:

# rop.py:371
# TODO: Another solution should be used here. This is a hack for compatibility reasons. to resolve the gadget address calculation of segments of elf files have a different base address if calculated segment.virtualAddress - segment.offset

I just don't know enough to understand what the fix would look like so this is more of a workaround of a workaround

sashs commented 3 years ago

targets of instructions like 'bl' were wrong

I am not sure if I understand what do you mean. Do you think the target is shown wrong in the gadget?