Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
gdb
 
 
 
 
 
 
 
 
 
 

README.md

ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form that can be analyzed by traditional reverse engineering tools. In particular, it is based on memory forensics (as its input is a physical memory dump), code emulation (to faithfully rebuild the original ROP chain), multi-path execution (to extract the ROP chain payload), CFG recovery (to rebuild the original control flow), and a number of compiler transformations (to simplify the final instructions of the ROP chain).

Specifically, the memory forensics part is based on Volatility [1] plugins. The emulation and the multi-path part is implemented through the Unicorn emulator [2].

ROPMEMU has been published at AsiaCCS 2016 [3] and the paper can be found here [4].

ROPMEMU documentation can be found in the Wiki pages.

Happy hacking!

About

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.