def test_jmpreg(self):
ropper = Ropper()
regs=['rax']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 4)
self.assertEqual(gadget.lines[0][0], 0x19bb)
regs=['rcx','rax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 7)
self.assertEqual(gadget.imageBase, 0x100000000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x100000000)
with self.assertRaises(RopperError):
regs=['invalid']
ropper.searchJmpReg(self.file, regs)
def test_badbytes(self):
r = Ropper()
badbytes = "adfd"
gadgets = r.searchGadgets(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0x1ADFD)
badbytes = "52f8"
gadgets = r.searchPopPopRet(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
self.assertNotEqual(gadgets[0].lines[0][0], 0x52F8)
badbytes = "b1c7"
gadgets = r.searchJmpReg(self.file, ["rsp"])
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0xB1C7)
with self.assertRaises(RopperError):
badbytes = "b1c"
gadgets = ropper.filterBadBytes(gadgets, badbytes)
with self.assertRaises(RopperError):
badbytes = "qwer"
gadgets = ropper.filterBadBytes(gadgets, badbytes)
def test_badbytes(self):
r = Ropper()
badbytes = 'adfd'
gadgets = r.searchGadgets(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0x1adfd)
badbytes = '52f8'
gadgets = r.searchPopPopRet(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
self.assertNotEqual(gadgets[0].lines[0][0], 0x52f8)
badbytes = 'b1c7'
gadgets = r.searchJmpReg(self.file, ['rsp'])
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0xb1c7)
with self.assertRaises(RopperError):
badbytes = 'b1c'
gadgets = ropper.filterBadBytes(gadgets, badbytes)
with self.assertRaises(RopperError):
badbytes = 'qwer'
gadgets = ropper.filterBadBytes(gadgets, badbytes)
def test_badbytes(self):
r = Ropper()
badbytes = 'adfd'
gadgets = r.searchGadgets(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0x1adfd)
badbytes = '52f8'
gadgets = r.searchPopPopRet(self.file)
gadgets = ropper.filterBadBytes(gadgets, badbytes)
self.assertNotEqual(gadgets[0].lines[0][0], 0x52f8)
badbytes = 'b1c7'
gadgets = r.searchJmpReg(self.file, ['rsp'])
gadgets = ropper.filterBadBytes(gadgets, badbytes)
gadget = gadgets[0]
self.assertNotEqual(gadget.lines[0][0], 0xb1c7)
with self.assertRaises(RopperError):
badbytes = 'b1c'
gadgets = ropper.filterBadBytes(gadgets, badbytes)
with self.assertRaises(RopperError):
badbytes = 'qwer'
gadgets = ropper.filterBadBytes(gadgets, badbytes)
def test_ppr(self):
ropper = Ropper()
gadgets = ropper.searchPopPopRet(self.file)
self.assertEqual(len(gadgets), 109)
self.assertEqual(gadgets[0].lines[0][0], 0x444a)
def __searchGadgets(self, binary):
r = Ropper(self.__cprinter)
gadgets = r.searchGadgets(binary, depth=self.__options.depth, gtype=GadgetType[self.__options.type.upper()])
binary.loaded = True
binary.gadgets = gadgets
self.__gadgets[binary] = ropper.filterBadBytes(gadgets, self.__options.badbytes)
if not self.__options.all:
self.__gadgets[binary] = ropper.deleteDuplicates(self.__gadgets[binary])
return self.__gadgets[binary]
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for section in self._binaries[0].executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchOpcode(self._binaries[0],opcode=opcode,disass=True))
if len(gadgets) > 0:
return gadgets[0]
else:
raise RopChainError('Cannot create gadget for opcode: %s' % opcode)
def __searchGadgets(self, binary):
r = Ropper(self.__searchGadgetCallback)
gadgets = r.searchGadgets(binary, instructionCount=self.__options.inst_count, gtype=GadgetType[self.__options.type.upper()])
binary.loaded = True
binary.gadgets = gadgets
self.__gadgets[binary] = ropper.filterBadBytes(gadgets, self.__options.badbytes)
if not self.__options.all:
self.__cprinter.printInfo('deleting double gadgets...')
self.__gadgets[binary] = ropper.deleteDuplicates(self.__gadgets[binary], self.__printProgress)
return self.__gadgets[binary]
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for section in self._binaries[0].executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchOpcode(self._binaries[0],opcode=opcode,disass=True))
if len(gadgets) > 0:
return gadgets[0]
else:
raise RopChainError('Cannot create gadget for opcode: %x' % opcode)
def __searchGadgets(self, binary):
r = Ropper(self.__cprinter)
gadgets = r.searchGadgets(binary, instructionCount=self.__options.inst_count, gtype=GadgetType[self.__options.type.upper()])
binary.loaded = True
binary.gadgets = gadgets
self.__gadgets[binary] = ropper.filterBadBytes(gadgets, self.__options.badbytes)
if not self.__options.all:
self.__cprinter.printInfo('deleting double gadgets...')
self.__gadgets[binary] = ropper.deleteDuplicates(self.__gadgets[binary], self.__printProgress)
return self.__gadgets[binary]
def __init__(self, options={}, callbacks=None):
super(RopperService, self).__init__()
self.__options = Options(options, self.__optionChanged)
if callbacks and hasattr(callbacks, '__gadgetSearchProgress__'):
self.__ropper = Ropper(callback=callbacks.__gadgetSearchProgress__)
else:
self.__ropper = Ropper()
self.__files = []
self.__callbacks = callbacks
if self.__options.color:
cstr.COLOR = self.__options.color
Gadget.DETAILED = self.__options.detailed
def __init__(self, options={}, callbacks=None):
super(RopperService, self).__init__()
self.__options = Options(options, self.__optionChanged)
if callbacks and hasattr(callbacks, '__gadgetSearchProgress__'):
self.__ropper = Ropper(callback=callbacks.__gadgetSearchProgress__)
else:
self.__ropper = Ropper()
self.__files = []
self.__callbacks = callbacks
if self.__options.color:
cstr.COLOR = self.__options.color
Gadget.DETAILED = self.__options.detailed
def test_gadgets_pe(self):
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 4800)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase, gadget.address)
self.assertEqual(gadget.imageBase, 0x4ad00000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x4ad00000)
def test_jmpreg(self):
ropper = Ropper()
regs=['esp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 10)
self.assertEqual(gadget.lines[0][0], 0xc63)
self.assertEqual(gadget.imageBase, 0x8048000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x8048000)
def __asm(self, code, arch, format):
r = Ropper()
if format == 'R':
f = FORMAT.RAW
elif format == 'H':
f = FORMAT.HEX
elif format == 'S':
f = FORMAT.STRING
else:
raise RopperError('wrong format: %s' % f)
self.__cprinter.println(r.assemble(code, arch, f))
def test_search(self):
r = Ropper()
gadgets = r.searchGadgets(self.file)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [rax]')
self.assertGreater(len(found_gadgets), 5)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x]')
self.assertGreater(len(found_gadgets), 25)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x%]')
self.assertGreater(len(found_gadgets), 70)
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchJmpReg(binary, reg))
if len(gadgets) > 0:
self._updateUsedBinaries(gadget[0])
return self._printRopInstruction(gadgets[0])
else:
return None
def test_search(self):
r = Ropper()
gadgets = r.searchGadgets(self.file)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [rax]')
self.assertEqual(len(found_gadgets), 8)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x]')
self.assertEqual(len(found_gadgets), 31)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x%]')
self.assertEqual(len(found_gadgets), 83)
def test_search(self):
r = Ropper()
gadgets = r.searchGadgets(self.file)
found_gadgets = self.file.arch.searcher.search(gadgets, "mov [rax]")
self.assertEqual(len(found_gadgets), 1)
found_gadgets = self.file.arch.searcher.search(gadgets, "mov [r?x]")
self.assertEqual(len(found_gadgets), 5)
found_gadgets = self.file.arch.searcher.search(gadgets, "mov [r?x%]")
self.assertEqual(len(found_gadgets), 7)
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchOpcode(binary,opcode=opcode,disass=True))
if len(gadgets) > 0:
self._usedBinaries.append((gadgets[0].fileName, gadgets[0]._section))
return gadgets[0]
else:
raise RopChainError('Cannot create gadget for opcode: %s' % opcode)
def test_search(self):
r = Ropper()
gadgets = r.searchGadgets(self.file)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [rax]')
self.assertEqual(len(found_gadgets), 8)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x]')
self.assertEqual(len(found_gadgets), 31)
found_gadgets = self.file.arch.searcher.search(gadgets, 'mov [r?x%]')
self.assertEqual(len(found_gadgets), 83)
def test_gadgets_pe(self):
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 1300)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase, gadget.address)
self.assertEqual(gadget.imageBase, 0x00008000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES['test-binaries/ls-arm'] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x00008000)
def _createJmp(self, reg=['rsp']):
r = Ropper()
gadgets = []
for section in self._binaries[0].executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchJmpReg(self._binaries[0],reg))
if len(gadgets) > 0:
if (gadgets[0]._binary, gadgets[0]._section) not in self._usedBinaries:
self._usedBinaries.append((gadgets[0]._binary, gadgets[0]._section))
return self._printRopInstruction(gadgets[0])
else:
return None
def test_gadgets_pe(self):
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 1300)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase,
gadget.address)
self.assertEqual(gadget.imageBase, 0x00008000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x00008000)
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(
r.searchOpcode(binary, opcode=opcode, disass=True))
if len(gadgets) > 0:
self._usedBinaries.append(
(gadgets[0].fileName, gadgets[0]._section))
return gadgets[0]
else:
raise RopChainError('Cannot create gadget for opcode: %s' % opcode)
def __searchGadgets(self, binary):
r = Ropper(self.__cprinter)
gadgets = r.searchGadgets(
binary,
depth=self.__options.depth,
gtype=GadgetType[self.__options.type.upper()])
binary.loaded = True
binary.gadgets = gadgets
self.__gadgets[binary] = ropper.filterBadBytes(gadgets,
self.__options.badbytes)
if not self.__options.all:
self.__gadgets[binary] = ropper.deleteDuplicates(
self.__gadgets[binary])
return self.__gadgets[binary]
def test_gadgets_pe(self):
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 1900)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase, gadget.address)
self.assertEqual(gadget.imageBase, 0x00400000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x00400000)
def _createJmp(self, reg=['rsp']):
r = Ropper()
gadgets = []
for section in self._binaries[0].executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchJmpReg(self._binaries[0], reg))
if len(gadgets) > 0:
if (gadgets[0].fileName,
gadgets[0].section) not in self._usedBinaries:
self._usedBinaries.append(
(gadgets[0].fileName, gadgets[0].section))
return self._printRopInstruction(gadgets[0])
else:
return None
def test_jmpreg(self):
ropper = Ropper()
regs = ['rsp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 3)
self.assertEqual(gadget.lines[0][0], 0x37dd)
regs = ['rsp', 'rax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 15)
self.assertEqual(gadget.imageBase, 0x4ad00000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x4ad00000)
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.offset
gadgets.extend(
r.searchJmpReg(binary,reg))
if len(gadgets) > 0:
self._updateUsedBinaries(gadgets[0])
return gadgets[0]
else:
return None
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for section in self._binaries[0].executableSections:
vaddr = section.offset
gadgets.extend(
r.searchJmpReg(self._binaries[0],reg))
if len(gadgets) > 0:
if (gadgets[0]._binary, gadgets[0]._section) not in self._usedBinaries:
self._usedBinaries.append((gadgets[0]._binary, gadgets[0]._section))
return gadgets[0]
else:
return ''
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.offset
gadgets.extend(
r.searchJmpReg(binary,reg))
if len(gadgets) > 0:
self._updateUsedBinaries(gadget[0])
return gadgets[0]
else:
return None
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.offset
gadgets.extend(r.searchJmpReg(self._binaries[0], reg))
if len(gadgets) > 0:
if (gadgets[0]._binary,
gadgets[0]._section) not in self._usedBinaries:
self._usedBinaries.append(
(gadgets[0]._binary, gadgets[0]._section))
return gadgets[0]
else:
return None
def _createJmp(self, reg=['esp']):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(
r.searchJmpReg(binary,reg))
if len(gadgets) > 0:
self._updateUsedBinaries(gadgets[0])
return self._printRopInstruction(gadgets[0])
else:
return None
def test_jmpreg(self):
ropper = Ropper()
regs = ["rsp"]
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 3)
self.assertEqual(gadget.lines[0][0], 0x37DD)
regs = ["rsp", "rax"]
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 15)
self.assertEqual(gadget.imageBase, 0x4AD00000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x4AD00000)
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchOpcode(binary,opcode=opcode,disass=True))
if len(gadgets) > 0:
for gadget in gadgets:
if not gadget:
continue
if not self.containsBadbytes(gadget.IMAGE_BASES.get(gadget.fileName,0) + gadget.lines[0][0]):
self._updateUsedBinaries(gadget)
return gadget
else:
raise RopChainError('Cannot create gadget for opcode: %s' % opcode)
def test_jmpreg_pe(self):
ropper = Ropper()
regs=['esp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 1)
self.assertEqual(gadget.lines[0][0], 0xc797)
regs=['esp','eax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 13)
self.assertEqual(gadget.imageBase, 0x4ad00000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x4ad00000)
def _searchOpcode(self, opcode):
r = Ropper()
gadgets = []
for binary in self._binaries:
for section in binary.executableSections:
vaddr = section.virtualAddress
gadgets.extend(r.searchOpcode(binary,opcode=opcode,disass=True))
if len(gadgets) > 0:
for gadget in gadgets:
if not gadget:
continue
if not self.containsBadbytes(gadget.IMAGE_BASES.get(gadget.fileName,0) + gadget.lines[0][0]):
self._updateUsedBinaries(gadget)
return gadget
else:
raise RopChainError('Cannot create gadget for opcode: %s' % opcode)
def test_gadgets(self):
self.assertEqual(self.file.arch, PPC)
self.assertEqual(self.file.type, Type.ELF)
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 1400)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase, gadget.address)
self.assertEqual(gadget.imageBase, 0x10000000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x10000000)
def test_gadgets(self):
self.assertEqual(self.file.arch, PPC)
self.assertEqual(self.file.type, Type.ELF)
ropper = Ropper()
gadgets = ropper.searchGadgets(self.file)
gadget = gadgets[0]
self.assertGreater(len(gadgets), 1400)
self.assertEqual(gadget.lines[0][0] + self.file.imageBase, gadget.address)
self.assertEqual(gadget.imageBase, 0x10000000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x10000000)
def disassAddress(self, name, address, length):
fc = self.getFileFor(name)
if not fc:
raise RopperError('No such file opened: %s' % name)
eSections = fc.loader.executableSections
for section in eSections:
if section.virtualAddress <= address and section.virtualAddress + section.size > address:
ropper = Ropper()
g = ropper.disassembleAddress(section, fc.loader, address, address - (fc.loader.imageBase+section.offset), length)
if not g:
raise RopperError('Cannot disassemble address: %s' % toHex(address))
if length < 0:
length = length * -1
return g.disassemblyString()
return ''
def test_database(self):
r = Ropper()
db = "./testdb.db"
if os.path.exists(db):
os.remove(db)
dao = GadgetDAO(db)
gadgets = r.searchGadgets(self.file)
dao.save(gadgets)
self.assertTrue(os.path.exists(db))
loaded_gadgets = dao.load(self.file)
self.assertEqual(len(gadgets), len(loaded_gadgets))
self.assertEqual(gadgets[0].lines[0][0], loaded_gadgets[0].lines[0][0])
os.remove(db)
def disassAddress(self, name, address, length):
fc = self.getFileFor(name)
if not fc:
raise RopperError('No such file opened: %s' % name)
eSections = fc.loader.executableSections
for section in eSections:
if section.virtualAddress <= address and section.virtualAddress + section.size > address:
ropper = Ropper()
g = ropper.disassembleAddress(section, fc.loader, address, address - (fc.loader.imageBase+section.offset), length)
if not g:
raise RopperError('Cannot disassemble address: %s' % toHex(address))
if length < 0:
length = length * -1
return g.disassemblyString()
return ''
def test_database(self):
r = Ropper()
db = './testdb.db'
if os.path.exists(db):
os.remove(db)
dao = GadgetDAO(db)
gadgets = r.searchGadgets(self.file)
dao.save(gadgets)
self.assertTrue(os.path.exists(db))
loaded_gadgets = dao.load(self.file)
self.assertEqual(len(gadgets), len(loaded_gadgets))
self.assertEqual(gadgets[0].lines[0][0], loaded_gadgets[0].lines[0][0])
os.remove(db)
def test_jmpreg(self):
ropper = Ropper()
regs=['rsp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 3)
self.assertEqual(gadget.lines[0][0], 0x37dd)
regs=['rsp','rax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 15)
self.assertEqual(gadget.imageBase, 0x4ad00000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x4ad00000)
def test_jmpreg_pe(self):
ropper = Ropper()
regs = ['esp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 1)
self.assertEqual(gadget.lines[0][0], 0xc797)
regs = ['esp', 'eax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 13)
self.assertEqual(gadget.imageBase, 0x4ad00000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x4ad00000)
def test_jmpreg(self):
ropper = Ropper()
regs = ["rsp"]
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 18)
self.assertEqual(gadget.lines[0][0], 0xB1C7)
regs = ["rsp", "rax"]
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 25)
self.assertEqual(gadget.imageBase, 0x400000)
self.file.imageBase = 0x0
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
self.assertEqual(gadget.imageBase, 0x400000)
with self.assertRaises(RopperError):
regs = ["invalid"]
ropper.searchJmpReg(self.file, regs)
def __asm(self, code, arch, format):
r = Ropper()
if format == 'R':
f = 'raw'
elif format == 'H':
f = 'hex'
elif format == 'S':
f = 'string'
else:
raise RopperError('wrong format: %s' % f)
self.__cprinter.println(self.__rs.asm(code, arch, f))
def test_jmpreg(self):
ropper = Ropper()
regs=['rax']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 4)
self.assertEqual(gadget.lines[0][0], 0x19bb)
regs=['rcx','rax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 7)
self.assertEqual(gadget.imageBase, 0x100000000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.checksum] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x100000000)
with self.assertRaises(RopperError):
regs=['invalid']
ropper.searchJmpReg(self.file, regs)
def test_jmpreg(self):
ropper = Ropper()
regs=['rsp']
gadgets = ropper.searchJmpReg(self.file, regs)
gadget = gadgets[0]
self.assertEqual(len(gadgets), 18)
self.assertEqual(gadget.lines[0][0], 0xb1c7)
regs=['rsp','rax']
gadgets = ropper.searchJmpReg(self.file, regs)
self.assertEqual(len(gadgets), 25)
self.assertEqual(gadget.imageBase, 0x400000)
self.file.imageBase = 0x0
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x0)
self.file.imageBase = None
Gadget.IMAGE_BASES[self.file.fileName] = self.file.imageBase
self.assertEqual(gadget.imageBase, 0x400000)
with self.assertRaises(RopperError):
regs=['invalid']
ropper.searchJmpReg(self.file, regs)
def __disassembleAddress(self, addr, length):
eSections = self.binary.executableSections
for section in eSections:
if section.virtualAddress <= addr and section.virtualAddress + section.size > addr:
ropper = Ropper()
g = ropper.disassembleAddress(section, self.binary, addr, addr - (self.binary.imageBase+section.offset), length)
if not g:
self.__cprinter.printError('Cannot disassemble address: %s' % toHex(addr))
return
if length < 0:
length = length * -1
if len(g) < length:
self.__cprinter.printInfo('Cannot disassemble specified count of instructions')
self.binary.printer.printTableHeader('Instructions')
self.__cprinter.println(g.disassemblyString())
return
def test_opcode_failures(self):
r = Ropper()
if version_info.major == 3 and version_info.minor >= 2:
# Wrong question mark position
with self.assertRaisesRegex(
RopperError,
'A \? for the highest 4 bit of a byte is not supported.*'):
r.searchOpcode(self.file, 'ff?4')
# Wrong lengh
with self.assertRaisesRegex(
RopperError,
'The length of the opcode has to be a multiple of two'):
r.searchOpcode(self.file, 'ff4')
# Unallowed character
with self.assertRaisesRegex(RopperError,
'Invalid characters in opcode string'):
r.searchOpcode(self.file, 'ff4r')
else:
# Wrong question mark position
with self.assertRaisesRegexp(
RopperError,
'A \? for the highest 4 bit of a byte is not supported.*'):
r.searchOpcode(self.file, 'ff?4')
# Wrong lengh
with self.assertRaisesRegexp(
RopperError,
'The length of the opcode has to be a multiple of two'):
r.searchOpcode(self.file, 'ff4')
# Unallowed character
with self.assertRaisesRegexp(
RopperError, 'Invalid characters in opcode string'):
r.searchOpcode(self.file, 'ff4r')
def test_ppr(self):
ropper = Ropper()
with self.assertRaises(NotSupportedError):
gadgets = ropper.searchPopPopRet(self.file)
def test_jmpreg(self):
ropper = Ropper()
regs = ['esp']
with self.assertRaises(NotSupportedError):
gadgets = ropper.searchJmpReg(self.file, regs)
def __searchPopPopRet(self):
r = Ropper(self.__searchGadgetCallback)
pprs = r.searchPopPopRet(self.binary)
pprs = ropper.filterBadBytes(pprs, self.__options.badbytes)
self.__printGadgets(pprs, header='POP;POP;RET Instructions')
