search

sashs / Ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
https://scoding.de/ropper
BSD 3-Clause "New" or "Revised" License
1.87k stars 206 forks source link

Limit memory/cpu usage #97

Closed disconnect3d closed 5 years ago

disconnect3d commented 5 years ago

TLDR: Ropper may take enormous amount of memory (e.g. ~4GB for a 200MB binary) and fails on fork with OOM (out of mem):

dc@ubuntu:~/train/snote_pwn/snote$ ropper -f vmlinux 

[INFO] Load gadgets for section: LOAD
[LOAD] loading... 100%
[INFO] Load gadgets for section: LOAD
[ERROR] Please report this error on https://github.com/sashs/ropper
[ERROR] Traceback (most recent call last):
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/console.py", line 53, in cmd
    func(self, text)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/console.py", line 492, in __handleOptions
    self.__loadGadgets()
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/console.py", line 290, in __loadGadgets
    self.__searchGadgetsFor(self.currentFileName)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/console.py", line 294, in __searchGadgetsFor
    self.__rs.loadGadgetsFor(binary)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/service.py", line 622, in loadGadgetsFor
    load_gadgets(fc)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/service.py", line 607, in load_gadgets
    f.allGadgets = self.__ropper.searchGadgets(f.loader, instructionCount=self.options.inst_count, gtype=gtype)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/rop.py", line 277, in searchGadgets
    newGadgets = self._searchGadgetsForked(section=section, binary=binary, instruction_count=instructionCount, gtype=gtype)
  File "/home/dc/.local/lib/python2.7/site-packages/ropper/rop.py", line 361, in _searchGadgetsForked
    processes[cpu].start()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 130, in start
    self._popen = Popen(self)
  File "/usr/lib/python2.7/multiprocessing/forking.py", line 121, in __init__
    self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory

It would be nice to have an option to either limiting number of proceses or just a single process mode.

sashs commented 5 years ago

Hi,

thx for the bug report. Yes, ropper needs a lot of memory. This is because of the many strings that are managed by ropper internally, those are necessary to speed up the search, the semantic search etc. I think an option to set the number of processes makes sense.

sashs commented 5 years ago

Hi,

there is a new option, --single. ropper uses only one process if this option is used. However, Ropper takes much more time for loading gadgets when only one process is used.