-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgadget_finder
executable file
·61 lines (51 loc) · 1.62 KB
/
gadget_finder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
# script for gadgets finding optimization
# it runs ROPgadget and puts the output to gadgets file
# it then parses gadgets with different awk filters and prints the outputs to stdout
# current filters are:
# - all lines that have only pop operations
# - all lines that contain a mov rsp, *** operation
# check for help option
if [ -n "$1" ] && [ "-h" = "$1" -o "--help" = "$1" ]; then
echo -e "script for gadgets finding optimization"
echo "it runs ROPgadget and puts the output to a gadgets file"
echo "it then parses gadgets with different awk filters and prints the outputs to stdout"
echo "current filters are:"
echo " - all lines that have only pop operations"
echo " - all lines that contain a mov rsp, *** operation"
echo "you can use grep on its output to filter it even more"
echo ""
echo "usage: gadget_finder [options] FILE"
echo "options are:"
echo "-h, --help display this help message"
exit 0
fi
# check if file provided in input exists
if [ ! -n "$1" -o ! -e "$1" ]; then
echo "file not found"
exit -1
fi
# executing ROPgadget in it
ROPgadget --binary "$1" > gadgets
# awk filter for all lines of gadgets file
# and printing to stdout the result after the filter
awk '{
# check if the string ends with ret or syscal
if ($NF ~ /(ret|syscall)$/){
# all lines that just have a ret or syscall
if($3 == "ret" || $3 == "syscall")
print;
# all lines that starts with mov rsp, ***
else if($3 == "mov" && $4 = "rsp")
print;
# all lines that only have pops
else if($3 == "pop"){
flag = 1
for(i=3; i < NF; i+=3)
if($i != "pop")
flag = 0;
if(flag == 1)
print;
}
}
}' gadgets