def search(self, file, search, find): options = {"color": True, "detailed": True} rs = RopperService(options) ls = file rs.addFile(ls) rs.setArchitectureFor(name=ls, arch=self.arch) if search == "instructions": os.system('ropper --file {} --search "{}"'.format(self.target, find)) elif search == "opcode": os.system('ropper --file {} --opcode "{}"'.format(self.target, find)) else: print "[!] Select a valid search (instructions/opcode)." return
def search(self, file, search, find): options = {'color' : True, 'detailed': True} rs = RopperService(options) ls = file rs.addFile(ls) rs.setArchitectureFor(name=ls, arch=self.arch) if search == "instructions": os.system('ropper --file {} --search "{}"'.format(self.target,find)) elif search == "opcode": os.system('ropper --file {} --opcode "{}"'.format(self.target,find)) else: print "[!] Select a valid search (instructions/opcode)." return
##### open binaries ###### # it is possible to open multiple files rs.addFile('test-binaries/ls-x86') rs.addFile('ls', bytes=open('test-binaries/ls-x86','rb').read()) # other possiblity rs.addFile('ls_raw', bytes=open('test-binaries/ls-x86','rb').read(), raw=True, arch='x86') ##### close binaries ###### rs.removeFile('ls') rs.removeFile('ls_raw') # Set architecture of a binary, so it is possible to look for gadgets for a different architecture # It is useful for ARM if you want to look for ARM gadgets or Thumb gadgets # Or if you opened a raw file ls = 'test-binaries/ls-x86' rs.setArchitectureFor(name=ls, arch='x86') rs.setArchitectureFor(name=ls, arch='x86_64') rs.setArchitectureFor(name=ls, arch='ARM') rs.setArchitectureFor(name=ls, arch='ARMTHUMB') rs.setArchitectureFor(name=ls, arch='ARM64') rs.setArchitectureFor(name=ls, arch='MIPS') rs.setArchitectureFor(name=ls, arch='MIPS64') rs.setArchitectureFor(name=ls, arch='PPC') rs.setArchitectureFor(name=ls, arch='PPC64') rs.setArchitectureFor(name=ls, arch='x86') ##### load gadgets ###### # load gadgets for all opened files rs.loadGadgetsFor()
rs.addFile('ls', bytes=open('test-binaries/ls-x86', 'rb').read()) # other possiblity rs.addFile('ls_raw', bytes=open('test-binaries/ls-x86', 'rb').read(), raw=True, arch='x86') ##### close binaries ###### rs.removeFile('ls') rs.removeFile('ls_raw') # Set architecture of a binary, so it is possible to look for gadgets for a different architecture # It is useful for ARM if you want to look for ARM gadgets or Thumb gadgets # Or if you opened a raw file ls = 'test-binaries/ls-x86' rs.setArchitectureFor(name=ls, arch='x86') rs.setArchitectureFor(name=ls, arch='x86_64') rs.setArchitectureFor(name=ls, arch='ARM') rs.setArchitectureFor(name=ls, arch='ARMTHUMB') rs.setArchitectureFor(name=ls, arch='ARM64') rs.setArchitectureFor(name=ls, arch='MIPS') rs.setArchitectureFor(name=ls, arch='MIPS64') rs.setArchitectureFor(name=ls, arch='PPC') rs.setArchitectureFor(name=ls, arch='PPC64') rs.setArchitectureFor(name=ls, arch='x86') ##### load gadgets ###### # load gadgets for all opened files rs.loadGadgetsFor()
'--nojop', '--nosys', ] rg_args = Args(config).getArgs() rg_bin = Binary(rg_args) G = Gadgets(rg_bin, rg_args, rg_offset) exec_sections = rg_bin.getExecSections() rg_gadgets = [] for section in exec_sections: rg_gadgets += G.addROPGadgets(section) rg_gadgets = G.passClean(rg_gadgets, rg_args.multibr) rg_gadgets = Options(rg_args, rg_bin, rg_gadgets).getGadgets() # --------------------- if not ropper_parsing_error: rs.setArchitectureFor(name=f, arch='x86') rs.loadGadgetsFor(name=f) rp_gadgets = rs.getFileFor(f).gadgets rp_gadgets.sort(key=attrgetter('address')) print 'Found {} gadgets!'.format(len(rp_gadgets)) rs.setImageBaseFor(name=f, imagebase=0x0) else: rp_gadgets = [] rp_len = len(rp_gadgets) rg_len = len(rg_gadgets) rp = True gadgets = rp_gadgets if rp_len < rg_len: gadgets = rg_gadgets rp = False