ROPgadget(1)
search executables for exploitable ROP gadgets
Description
ROPGADGET
NAME
ROPgadget - search executables for exploitable ROP gadgets
SYNOPSIS
ROPgadget [--binary FILE] [options]
DESCRIPTION
ROPGadget is a tool for security research and vulnerability exploitation. It lets you search binaries for sequences of useful machine code instructions followed by a return statement ("gadgets"). If an exploit can manipulate the callstack to point to a sequence of gadgets, the return statements will redirect the program flow to execute the sequence ("return oriented programming"). By reusing existing code out of context, an attacker can potentially circumvent security measures which prevent the execution of injected code. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, PowerPC, SPARC and MIPS architectures.
The following
options are available:
--binary FILE
specify the executable to be analyzed
--opcode OPCODES
Search for particular opcodes in executable sections
--string STRING
Search for a particular string in readable sections
--memstr STRING
Search for each byte in readable sections
--depth DEPTH
Limit search depth for internal engine (default: 10)
--only KEY
Only show specific instructions
--filter KEY
Suppress specific instructions
--range START-END
Limit search to address range between START and END.
--badbytes BYTES
Reject specific bytes in the address of a gadget
--rawArch ARCH
Specify architecture for raw binaries
--rawMode MODE
Specify mode for raw binaries
--re EXPR
Search for gadgets using the regular expression EXPR.
--offsetOFFSET
Add an offset to all gadget addresses
--ropchain
Enable ROP chain generation
--thumb
Use thumb mode for ARM architecture binaries
--console
Enable the interactive console for the search engine
--norop
Disable ROP search engine
--nojop
Disable JOP search engine
--nosys
Disable SYS search engine
--multibr
Enable multiple branch gadgets
|
--all |
Show all gadgets, even duplicates |
--dump
Output the gadget bytes
AUTHOR
This manual page was written for Debian by Timo Röhling and may be used without restriction.