{"id":30281695,"url":"https://github.com/mar-ket-vector/vxpp","last_synced_at":"2025-08-16T16:07:00.366Z","repository":{"id":251833196,"uuid":"838544777","full_name":"mar-ket-vector/VXpp","owner":"mar-ket-vector","description":"VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advanced security protections like Intel CET and Control-Flow Guard (CFG) to achieve Remote Code Execution.","archived":false,"fork":false,"pushed_at":"2025-03-16T20:34:28.000Z","size":390,"stargazers_count":12,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-04T04:26:31.295Z","etag":null,"topics":["binary-exploitation","buffer-overflow","cet","cfg","code-reuse","control-flow-guard","control-flow-integrity","coop","exploit","exploit-development","intel-cet","lop","rce","rce-exploit","rop","rop-gadgets","ropgadget","security-bypass","uaf","use-after-free"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mar-ket-vector.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-08-05T21:35:51.000Z","updated_at":"2025-03-16T20:34:31.000Z","dependencies_parsed_at":"2024-08-26T02:05:13.597Z","dependency_job_id":"1c919c69-deeb-40f9-9094-26f60ace338a","html_url":"https://github.com/mar-ket-vector/VXpp","commit_stats":null,"previous_names":["x256-64/vpp","und3rth3bu5/vxpp","x86-512/vxpp","mar-ket-vector/vxpp"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/mar-ket-vector/VXpp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mar-ket-vector%2FVXpp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mar-ket-vector%2FVXpp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mar-ket-vector%2FVXpp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mar-ket-vector%2FVXpp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mar-ket-vector","download_url":"https://codeload.github.com/mar-ket-vector/VXpp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mar-ket-vector%2FVXpp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270735003,"owners_count":24636282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-16T02:00:11.002Z","response_time":91,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-exploitation","buffer-overflow","cet","cfg","code-reuse","control-flow-guard","control-flow-integrity","coop","exploit","exploit-development","intel-cet","lop","rce","rce-exploit","rop","rop-gadgets","ropgadget","security-bypass","uaf","use-after-free"],"created_at":"2025-08-16T16:04:23.032Z","updated_at":"2025-08-16T16:07:00.356Z","avatar_url":"https://github.com/mar-ket-vector.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Virtual Xploiter++ (VX++)\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"test_images/chrome_elf.png\" alt=\"Google Chrome VFGadgets\"/\u003e\n\u003c/div\u003e\u003cbr\u003e\nVX++ is a simple script that looks for usable vfgadgets in a Counterfeit-Object Oriented Programming (COOP) or a Loop Oriented Programming (LOP) attack. COOP is an exploitation technique that bypasses advanced security mitigations like Intel CET. COOP involves injecting counterfeit objects into a program with different vtables with pointers to legitimate functions that can be chained to execute arbitrary code. LOP involves overwriting a dispatch table with pointers to LOP gadgets. A looper loops through the overwritten table to execute gadgets. This script is also a free alternative to Uf0's idapython script so you don't have to buy IDA Pro to use Idapython.\n\n# Features\n\nHere is a list of VFGadgets that are supported:\n\n| VFGadget | Support |  Description |\n| --- | --- | --- |\n| ML-G and Variants | Supported | Loops through an object's encapsulatd classes and calls a virtual method of the subclass | \n| ARITH-G | Supported | Does a simple mathematical operation to a field |\n| LOAD-R64-G | Supported | Loads an argument into a register (meant for x64) |\n| Invoker | Supported | Invokes an API function |\n| W-G and variants | Planned | Writes to memory |\n\nThese VFGadgets work for both COOP and LOP.\n\n# Effectiveness Against Exploit Protections\n\n| Protection | Support |  Description |\n| --- | --- | --- |\n| Intel CET | Bypassed | This feature uses shadow stacks to detect IP overwrites and checks branches to validate a call target. |\n| Windows CFG | Bypassed | This feature validates the destination of a call target. |\n| VTGuard | Bypassed | To bypass, simply use LOP. |\n| Windows XFG | Partial | This Feature validates the parameters and return type destination of a call target via hashes. This script marks hashes of hashed functions. |\n\n# How to run:\n- Install ghidra\n- Install requirements: ```pip install -r requirements.txt```\n- Set your GHIDRA_INSTALL_DIR environment variable to your Ghidra installation location\n- Run the script\n  \nThis script is designed for Python 3.10 or later\n\nSyntax:\n```python3 vxpp.py \u003cyour_binary_path_here\u003e \u003cmax_vfgadget_length\u003e \u003carguments\u003e```\n\n# Examples:\nMicrosoft Photos (PhotoViewer.dll): 9 potential MainLoop-Gadgets found\n![Photo Viewer Results](test_images/photoviewer_test_1.png)\n\nGoogle Chrome (chrome_elf.dll): 2 Invoker Gadgets found\n![Google Chrome Results](test_images/chrome_elf.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmar-ket-vector%2Fvxpp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmar-ket-vector%2Fvxpp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmar-ket-vector%2Fvxpp/lists"}