diff --git a/CHANGELOG b/CHANGELOG index 6ad70350..28db7817 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,7 +1,8 @@ -ROPGadget v4.0.1 - X +ROPGadget v4.0.1 - 11/04/2013 - Update python3 to python2. - Add new script python to generate gadgets table 32 and 64 bits. - Update default syntax to Intel. + - genInstrX86.py: Add severals pop + ret combination ROPGadget v4.0.0 - 1/29/2013: - Addition of Windows PE file loading for gadget searching. diff --git a/script/genInstrX86.py b/script/genInstrX86.py index 01f52312..2b0e3d1a 100755 --- a/script/genInstrX86.py +++ b/script/genInstrX86.py @@ -23,8 +23,6 @@ import sys import commands -#TODO : Gen severals pop combinaison - class genInstr(): def __init__(self, arch='32'): @@ -147,13 +145,47 @@ def assemble(self): return + def _getAllIns(self, ins): + l = [] + for Intelins in self._IntelInsCompiled: + try: + if Intelins[1].split(' ')[0] == ins: + l.append(Intelins) + except: + if Intelins[1] == ins: + l.append(Intelins) + + for Intelins in self._IntelBrCompiled: + try: + if Intelins[1].split(' ')[0] == ins: + l.append(Intelins) + except: + if Intelins[1] == ins: + l.append(Intelins) + return l + def createGadgets(self): + + # Gen severals pop combination + combi = [] + ret = self._getAllIns('ret') + allPop = self._getAllIns('pop') + for pop1 in allPop: + for pop2 in allPop: + for pop3 in allPop: + combi += [[pop1[0]+pop2[0]+pop3[0]+ret[0][0], + pop1[1]+' ; '+pop2[1]+' ; '+pop3[1]+' ; '+ret[0][1], + pop1[2]+' ; '+pop2[2]+' ; '+pop3[2]+' ; '+ret[0][2]]] + self._IntelX86GadgetsTable += combi + + # Gen gadget with branch instruction for IntelBr in self._IntelBrCompiled: for IntelIns in self._IntelInsCompiled: self._IntelX86GadgetsTable += [[IntelIns[0]+IntelBr[0], IntelIns[1]+' ; '+IntelBr[1], IntelIns[2]+' ; '+IntelBr[2]]] + # Gen gadget with interrupt instruction for IntelSyscall in self._IntelSyscallCompiled: self._IntelX86GadgetsTable += [[IntelSyscall[0], IntelSyscall[1],