def analyze_to_get_gadgets(self):
if os.path.isfile('rop_core.cache'):
try:
self.c._Core__offset = int(self.c._Core__options.offset, 16) if self.c._Core__options.offset else 0
except ValueError:
print("[Error] The offset must be in hexadecimal")
return Fa
self.c._Core__binary = Binary(self.c._Core__options)
if self.c._Core__checksBeforeManipulations() == False:
return False
print '[+] loading rop core from disk'
with open('rop_core.cache','rb') as f:
self.c._Core__gadgets = pickle.load(f)
else:
try:
self.c._Core__offset = int(self.c._Core__options.offset, 16) if self.c._Core__options.offset else 0
except ValueError:
print("[Error] The offset must be in hexadecimal")
return Fa
self.c._Core__binary = Binary(self.c._Core__options)
if self.c._Core__checksBeforeManipulations() == False:
return False
else:
print 'getting all gadgets'
self.c._Core__getAllgadgets()
print '[+] dumping rop core to disk'
with open('rop_core.cache','wb') as f:
for agadget in self.c.gadgets():
agadget['decodes'] = None
pickle.dump(self.c.gadgets(), f, -1)
def analyze(self):
try:
self.__offset = int(self.__options.offset, 16) if self.__options.offset else 0
except ValueError:
print("[Error] The offset must be in hexadecimal")
return False
if self.__options.console:
if self.__options.binary:
self.__binary = Binary(self.__options)
if self.__checksBeforeManipulations() == False:
return False
self.cmdloop()
return True
self.__binary = Binary(self.__options)
if self.__checksBeforeManipulations() == False:
return False
if self.__options.string: return self.__lookingForAString(self.__options.string)
elif self.__options.opcode: return self.__lookingForOpcodes(self.__options.opcode)
elif self.__options.memstr: return self.__lookingForMemStr(self.__options.memstr)
else:
self.__getGadgets()
self.__lookingForGadgets()
if self.__options.ropchain:
ROPMaker(self.__binary, self.__gadgets, self.__offset)
return True
def custom_analysis(core):
try:
core._Core__offset = int(core._Core__options.offset,
16) if core._Core__options.offset else 0
except ValueError:
print("[Error] The offset must be in hexadecimal")
return Fa
if core._Core__options.console:
if core._Core__options.binary:
core._Core__binary = Binary(core._Core__options)
if core._Core__checksBeforeManipulations() == False:
return False
core.cmdloop()
return T
core._Core__binary = Binary(core._Core__options)
if core._Core__checksBeforeManipulations() == False:
return Fa
if core._Core__options.string:
return core._Core__lookingForAString(core._Core__options.string)
elif core._Core__options.opcode:
return core._Core__lookingForOpcodes(core._Core__options.opcode)
elif core._Core__options.memstr:
return core._Core__lookingForMemStr(core._Core__options.memstr)
else:
core._Core__getAllgadgets()
core._Core__lookingForGadgets()
#custom_looingForGadgets(core)
if core._Core__options.ropchain:
ROPMaker(core._Core__binary, core.__gadgets, core.__offset)
return True
def analyze(self):
try:
self.__offset = int(self.__options.offset,
16) if self.__options.offset else 0
except ValueError:
print("[Error] The offset must be in hexadecimal")
return False
if self.__options.console:
if self.__options.binary:
self.__binary = Binary(self.__options)
if self.__checksBeforeManipulations() == False:
return False
self.cmdloop()
return True
self.__binary = Binary(self.__options)
if self.__checksBeforeManipulations() == False:
return False
if self.__options.string:
return self.__lookingForAString(self.__options.string)
elif self.__options.opcode:
return self.__lookingForOpcodes(self.__options.opcode)
elif self.__options.memstr:
return self.__lookingForMemStr(self.__options.memstr)
else:
self.__getGadgets()
if (self.__options.microgadgets):
self.__checkingForClasses()
# print self.__options
else:
self.__lookingForGadgets()
if self.__options.ropchain:
ROPMaker(self.__binary, self.__gadgets, self.__offset)
elif self.__options.fns:
arch = self.__binary.getArchMode()
if arch != CS_MODE_32:
self.functions().show()
else:
print("Not implemented on 32 bit yet.")
elif self.__options.fns2map:
arch = self.__binary.getArchMode()
if arch != CS_MODE_32:
self.functions().map()
else:
print("Not implemented on 32 bit yet.")
elif self.__options.fns2list:
arch = self.__binary.getArchMode()
if arch != CS_MODE_32:
self.functions().list()
else:
print("Not implemented on 32 bit yet.")
elif self.__options.fns2lines:
arch = self.__binary.getArchMode()
if arch != CS_MODE_32:
self.functions().lines()
else:
print("Not implemented on 32 bit yet.")
return True
def __init__(self, binary, depth=20):
self.__opt = PseudoOpt(binary, depth)
self.__binary = Binary(self.__opt)
self.__rpg_core = Gadgets(self.__binary, self.__opt, 0)
self.__gadget_list = []
self.__serach_gadget()
def do_binary(self, s, silent=False):
# Do not split the filename with spaces since it might contain
# whitespaces
if len(s) == 0:
if not silent:
return self.help_binary()
return False
binary = s
self.__options.binary = binary
self.__binary = Binary(self.__options)
if self.__checksBeforeManipulations() == False:
return False
if not silent:
print("[+] Binary loaded")
def getGadgetsQuiet(self):
self.__binary = Binary(self.__options)
self.__getAllgadgets()
return self.__gadgets
pe.has_relocs(),
'FunctionsOffset':
nucleus_out,
}
# ----- ROPgadget -----
rg_offset = 0
config = [
'--binary',
os.path.join(pe_dir, f),
'--all',
'--nojop',
'--nosys',
]
rg_args = Args(config).getArgs()
rg_bin = Binary(rg_args)
G = Gadgets(rg_bin, rg_args, rg_offset)
exec_sections = rg_bin.getExecSections()
rg_gadgets = []
for section in exec_sections:
rg_gadgets += G.addROPGadgets(section)
rg_gadgets = G.passClean(rg_gadgets, rg_args.multibr)
rg_gadgets = Options(rg_args, rg_bin, rg_gadgets).getGadgets()
# ---------------------
if not ropper_parsing_error:
rs.setArchitectureFor(name=f, arch='x86')
rs.loadGadgetsFor(name=f)
rp_gadgets = rs.getFileFor(f).gadgets
rp_gadgets.sort(key=attrgetter('address'))
print 'Found {} gadgets!'.format(len(rp_gadgets))
