Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0vercl0k/rp

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
https://github.com/0vercl0k/rp

binary-exploitation exploit-development exploitation-framework gadget return-oriented-programming rop rop-chain rop-gadgets

Last synced: about 1 hour ago
JSON representation

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

Host: GitHub
URL: https://github.com/0vercl0k/rp
Owner: 0vercl0k
License: mit
Created: 2012-02-26T19:26:33.000Z (almost 13 years ago)
Default Branch: master
Last Pushed: 2024-05-13T15:40:08.000Z (7 months ago)
Last Synced: 2024-12-06T07:04:53.120Z (7 days ago)
Topics: binary-exploitation, exploit-development, exploitation-framework, gadget, return-oriented-programming, rop, rop-chain, rop-gadgets
Language: C++
Homepage:
Size: 19.4 MB
Stars: 1,823
Watchers: 69
Forks: 254
Open Issues: 5
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-rainmana - 0vercl0k/rp - rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. (C++)

README

# rp++: a fast ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries

![Builds](https://github.com/0vercl0k/rp/workflows/Builds/badge.svg)

## Overview

**rp++** or **rp** is a C++ [ROP](https://en.wikipedia.org/wiki/Return-oriented_programming) gadget finder for [PE](https://docs.microsoft.com/en-us/windows/win32/debug/pe-format)/[ELF](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format)/[Mach-O](https://en.wikipedia.org/wiki/Mach-O) executables and x86/x64/ARM/ARM64 architectures.

## Finding ROP gadgets

To find ROP gadget you need to specify a file with the `--file` / `-f` option and use the `--rop` / `-r` option specifying the maximum the number of instructions in the gadget:

You can customize the base address of the module with the `--va` option (if you pass a base of `0`, then you get relative offsets) and you can also use the `--raw` option to analyze raw code dumps.

## Finding pointers

Oftentimes when building ROP chains, you might need to find pointers to integers with specific values. To look for those, you can use the `--search-int` option like in the below:

Other times, you might need to find pointers to specific strings. To look for those, you can use the `--search-hexa` option like in the below:

You can also use the `--va` option to specify your own base address.

## Build

You can find shell scripts in [src/build](src/build) for every supported platforms; below is the Linux example:

```
src/build$ chmod u+x ./build-release.sh && ./build-release.sh
-- The C compiler identification is GNU 9.3.0
-- The CXX compiler identification is GNU 9.3.0
[...]
[16/16] Linking CXX executable rp-lin-x64
```

## Authors

* Axel '[0vercl0k](https://twitter.com/0vercl0k)' Souchet