Ropper

Ropper copied to clipboard

Hi, 1- Don't you consider the following gadgets as stack pivot ?

• add esp, %; ret%
• sub esp, %; ret%
• pop%pop%pop esp%ret%

2- shall you filter the stack pivot output, in order to remove lines with "leave; ret%" except if there is a modification to ebp ?

3- is it possible to add a context before generating stack pivot ? we can, for example, set registers, some memory values, distance between esp and out controlled stack buffer, ... This will allow filtering some invalid instructions like mov esp, [eax] when eax = 0x00.

4- loock backward (will fill an other issue ticket ;-)) will allow checking previous instructions. This would be helpful for analyzing "xchg eax, esp; ret;" like gadgets :)

Thank you,

Regarding your first point, I have implemented that today, shortly before you posted this issue. :)

Hey,

It would be cool if stack_pivot would also work for x86_64 and not just for x86. Or at least display a message that it has not been implemented for that architecture (yet).

Of course I can also "manually" look for stack_pivot gadgets in other architectures but it does confuse the user a bit in the current implementation....

thanks!

EDIT: as an example: with an x86_64 binary ropper doesn't display "pop rsp; ret" as a stack_pivot gadget