Add a functionality to search for instructions and buggy --opcode option
arty-hlr opened this issue · 7 comments
Hi,
It seems ROPgadget got some gadgets which r2 with /R missed, so I was eager to try it. Upon trying it on a few binaries and reading the source code though, I realized I could only use -- only with such a string "pop|ret" which checks if each instruction of the gadgets found is a pop or a ret.
I don't believe adding the possibility to search for whole instructions in clear would be very difficult, could there be such an option to look only for gadgets with "pop rdi" or only with "pop rdi; ret" inside? The way it is implemented with --only now, I see a lot of other pop gadgets which I'm not looking for.
I'm aware there is an --opcode option, but here is what I get upon trying it:
Opcodes information
============================================================
Traceback (most recent call last):
File "/usr/bin/ROPgadget", line 17, in <module>
ropgadget.main()
File "/usr/lib/python3.7/site-packages/ropgadget/__init__.py", line 28, in main
sys.exit(Core(Args().getArgs()).analyze())
File "/usr/lib/python3.7/site-packages/ropgadget/core.py", line 173, in analyze
elif self.__options.opcode: return self.__lookingForOpcodes(self.__options.opcode)
File "/usr/lib/python3.7/site-packages/ropgadget/core.py", line 116, in __lookingForOpcodes
allRef = [m.start() for m in re.finditer(opcodes.decode("hex"), section["opcodes"])]
AttributeError: 'str' object has no attribute 'decode'
Thanks in advance!
Florian
You can just grep output of ROPgadget for finding desired instructions.
I also suggest that your input for --opcode option was in incorrect format.
Obviously I can, but that's like saying "just use something else to do it".
My formatting was right for --opcode, I can send a screenshot later today.
No screenshot needed, just provide the input.
I tried the exact syntax specified in the help:
ROPgadget --binary fluff32 --opcode c9c3
Opcodes information
============================================================
Traceback (most recent call last):
File "/usr/bin/ROPgadget", line 17, in <module>
ropgadget.main()
File "/usr/lib/python3.7/site-packages/ropgadget/__init__.py", line 28, in main
sys.exit(Core(Args().getArgs()).analyze())
File "/usr/lib/python3.7/site-packages/ropgadget/core.py", line 173, in analyze
elif self.__options.opcode: return self.__lookingForOpcodes(self.__options.opcode)
File "/usr/lib/python3.7/site-packages/ropgadget/core.py", line 116, in __lookingForOpcodes
allRef = [m.start() for m in re.finditer(opcodes.decode("hex"), section["opcodes"])]
AttributeError: 'str' object has no attribute 'decode'
I guess it's a python error that has to do with encoding/decoding of strings, that's all I can get from that error.
With python2 --opcode works fine, but with python3 it really produces error.
=> python ./ROPgadget.py --binary ./fluff32 --opcode c9c3
Opcodes information
============================================================
0x0804864a : c9c3
0x08048663 : c9c3
=> python3 ./ROPgadget.py --binary ./fluff32 --opcode c9c3
Opcodes information
============================================================
Traceback (most recent call last):
File "./ROPgadget.py", line 12, in <module>
ropgadget.main()
File "/home/oleshka/fast-workspace/ROPgadget/ropgadget/__init__.py", line 24, in main
sys.exit(0 if Core(Args().getArgs()).analyze() else 1)
File "/home/oleshka/fast-workspace/ROPgadget/ropgadget/core.py", line 203, in analyze
elif self.__options.opcode: return self.__lookingForOpcodes(self.__options.opcode)
File "/home/oleshka/fast-workspace/ROPgadget/ropgadget/core.py", line 150, in __lookingForOpcodes
allRef = [m.start() for m in re.finditer(re.escape(opcodes.decode("hex")), section["opcodes"])]
AttributeError: 'str' object has no attribute 'decode'
Ok, I guess I'll use python2 until that is fixed. Thanks for the help!