def search(self, file, search, find):
options = {"color": True, "detailed": True}
rs = RopperService(options)
ls = file
rs.addFile(ls)
rs.setArchitectureFor(name=ls, arch=self.arch)
if search == "instructions":
os.system('ropper --file {} --search "{}"'.format(self.target, find))
elif search == "opcode":
os.system('ropper --file {} --opcode "{}"'.format(self.target, find))
else:
print "[!] Select a valid search (instructions/opcode)."
return
def search(self, file, search, find):
options = {'color' : True,
'detailed': True}
rs = RopperService(options)
ls = file
rs.addFile(ls)
rs.setArchitectureFor(name=ls, arch=self.arch)
if search == "instructions":
os.system('ropper --file {} --search "{}"'.format(self.target,find))
elif search == "opcode":
os.system('ropper --file {} --opcode "{}"'.format(self.target,find))
else:
print "[!] Select a valid search (instructions/opcode)."
return
##### open binaries ######
# it is possible to open multiple files
rs.addFile('test-binaries/ls-x86')
rs.addFile('ls', bytes=open('test-binaries/ls-x86','rb').read()) # other possiblity
rs.addFile('ls_raw', bytes=open('test-binaries/ls-x86','rb').read(), raw=True, arch='x86')
##### close binaries ######
rs.removeFile('ls')
rs.removeFile('ls_raw')
# Set architecture of a binary, so it is possible to look for gadgets for a different architecture
# It is useful for ARM if you want to look for ARM gadgets or Thumb gadgets
# Or if you opened a raw file
ls = 'test-binaries/ls-x86'
rs.setArchitectureFor(name=ls, arch='x86')
rs.setArchitectureFor(name=ls, arch='x86_64')
rs.setArchitectureFor(name=ls, arch='ARM')
rs.setArchitectureFor(name=ls, arch='ARMTHUMB')
rs.setArchitectureFor(name=ls, arch='ARM64')
rs.setArchitectureFor(name=ls, arch='MIPS')
rs.setArchitectureFor(name=ls, arch='MIPS64')
rs.setArchitectureFor(name=ls, arch='PPC')
rs.setArchitectureFor(name=ls, arch='PPC64')
rs.setArchitectureFor(name=ls, arch='x86')
##### load gadgets ######
# load gadgets for all opened files
rs.loadGadgetsFor()
rs.addFile('ls', bytes=open('test-binaries/ls-x86',
'rb').read()) # other possiblity
rs.addFile('ls_raw',
bytes=open('test-binaries/ls-x86', 'rb').read(),
raw=True,
arch='x86')
##### close binaries ######
rs.removeFile('ls')
rs.removeFile('ls_raw')
# Set architecture of a binary, so it is possible to look for gadgets for a different architecture
# It is useful for ARM if you want to look for ARM gadgets or Thumb gadgets
# Or if you opened a raw file
ls = 'test-binaries/ls-x86'
rs.setArchitectureFor(name=ls, arch='x86')
rs.setArchitectureFor(name=ls, arch='x86_64')
rs.setArchitectureFor(name=ls, arch='ARM')
rs.setArchitectureFor(name=ls, arch='ARMTHUMB')
rs.setArchitectureFor(name=ls, arch='ARM64')
rs.setArchitectureFor(name=ls, arch='MIPS')
rs.setArchitectureFor(name=ls, arch='MIPS64')
rs.setArchitectureFor(name=ls, arch='PPC')
rs.setArchitectureFor(name=ls, arch='PPC64')
rs.setArchitectureFor(name=ls, arch='x86')
##### load gadgets ######
# load gadgets for all opened files
rs.loadGadgetsFor()
'--nojop',
'--nosys',
]
rg_args = Args(config).getArgs()
rg_bin = Binary(rg_args)
G = Gadgets(rg_bin, rg_args, rg_offset)
exec_sections = rg_bin.getExecSections()
rg_gadgets = []
for section in exec_sections:
rg_gadgets += G.addROPGadgets(section)
rg_gadgets = G.passClean(rg_gadgets, rg_args.multibr)
rg_gadgets = Options(rg_args, rg_bin, rg_gadgets).getGadgets()
# ---------------------
if not ropper_parsing_error:
rs.setArchitectureFor(name=f, arch='x86')
rs.loadGadgetsFor(name=f)
rp_gadgets = rs.getFileFor(f).gadgets
rp_gadgets.sort(key=attrgetter('address'))
print 'Found {} gadgets!'.format(len(rp_gadgets))
rs.setImageBaseFor(name=f, imagebase=0x0)
else:
rp_gadgets = []
rp_len = len(rp_gadgets)
rg_len = len(rg_gadgets)
rp = True
gadgets = rp_gadgets
if rp_len < rg_len:
gadgets = rg_gadgets
rp = False
