ROP gadget search

[danghvu]

Any possibility to do that now ? Input a binary and come out with a set of useful gadgets or allow to search given a regular expression of the syntax i.e. "pop.+pop.+ret"

[postmodern]

I was working on some code that used ffi-udis86 to find Gadgets. I'm not sure if it belongs in ronin-asm or should be moved into a ronin-rop library?

[danghvu]

If I can use it independently from ronin-asm then I would want it to be separately. But I can imagine that It must somehow be involved. For example if I want to search for pop eax; ret, I first use ronin-asm to convert to binary, then grep it from the binary source, convert it to the correct address somehow.

[postmodern]

Ah yes, we could inspect Ronin::ASM::Program#instructions and map those to gadgets.

[postmodern]

One downside to this would be adding ffi-udis86 and libudis86 as dependencies. Luckily, libudis86 is available in almost every package manager.

[postmodern]

If you're interested, there's an old rop branch. I was trying to extract it and update it for a Capture The Flag competition. One of my goals is to add min/max number of instructions to search for.