Problem showing gadgets in console

Question

Problem showing gadgets in console

Closed this issue 10 years ago · 2 comments

Hello!

First of all, I'm glad this project goes on :)
I was about to explain that I couldn't find gadgets, but the problem was another. Look:

$ ROPgadget.py --binary /bin/ls --console
(ROPgadget)> load
[+] Loading gadgets, please wait...
[+] Gadgets loaded !
(ROPgadget)> display
Gadgets information
============================================================
0x000000010000308a : adc eax, 0x89490000 ; fmul qword ptr [rax + 0xffffffffffffff89] ; ret
0x0000000100002245 : adc ecx, dword ptr [rax + 0xffffffffffffffff] ; ret
0x0000000100001e9f : add al, -0x7a ; add rax, r14 ; jmp rax
(...)

Unique gadgets found: 136
(ROPgadget)> search eax
0x000000010000308a : adc eax, 0x89490000 ; fmul qword ptr [rax + 0xffffffffffffff89] ; ret
(...)
0x00000001000020f5 : add eax, 0x33fe ; pop rbp ; jmp rax
0x0000000100004048 : add eax, 0x89480000 ; ret
0x0000000100001ea2 : add eax, esi ; jmp rax
0x00000001000022e1 : add ecx, eax ; jmp rcx

You can see that a chain of two items is found (without counting the ret), but if I change depth to 3 and execute a new search, those chains are not found.

(ROPgadget)> depth 3
[+] Depth updated. You have to reload gadgets
(ROPgadget)> search eax
(ROPgadget)>

Am I doing something wrong? I'm using osx and I have installed RopGadget as explained in the github readme.

Thanks for your time :)

Answer 1 · 2014-05-16T22:01:08.000Z

btw, you might want to modify the first line of ROPgadged.py from

#!/usr/bin/env python2

to

#!/usr/bin/env python

I've never seen that expression using python2. I had to modify it. But I suppose you might have your reasons.

Answer 2 · 2014-05-17T13:00:57.000Z

Hey,

About :

(ROPgadget)> depth 3
[+] Depth updated. You have to reload gadgets
(ROPgadget)> search eax
(ROPgadget)>

As is written, you have to reload gadgets :).

(ROPgadget)> depth 3
[+] Depth updated. You have to reload gadgets
(ROPgadget)> load
(ROPgadget)> search eax
[...]

About

#!/usr/bin/env python2

it's because ropgadget doesn't use python3 at this moment. On some Linux, the link "python2" doesn't exist but if you have python3 /usr/bin/python points on python3 and break ROPgadget. To fix that, I have to implement python{2,3} retro-compatibility (it's on my todo list :)).

Cheers,