`rop` – ROP gadgets¶

The ROP module contains a function to find gadgets in ELF binaries that can be used to create ROP chains.

pwnypack.rop.find_gadget(elf, gadget, align=1, unique=True)[source]¶

Find a ROP gadget in a the executable sections of an ELF executable or library. The ROP gadget can be either a set of bytes for an exact match or a (bytes) regular expression. Once it finds gadgets, it uses the capstone engine to verify if the gadget consists of valid instructions and doesn’t contain any call or jump instructions.

Parameters:

elf (ELF) – The ELF instance to find a gadget in.
gadget (bytes or regexp) – The gadget to find.
align (int) – Make sure the gadget starts at a multiple of this number
unique (bool) – If true, only unique gadgets are returned.

Returns:

A dictionary containing a description of the found

gadget. Contains the following fields:

section: The section the gadget was found in.
offset: The offset inside the segment the gadget was found at.
addr: The virtual memory address the gadget will be located at.
gadget: The machine code of the found gadget.
asm: A list of disassembled instructions.

Return type:

dict

rop – ROP gadgets¶

`rop` – ROP gadgets¶