Skip to content

bjoernd/ROPScan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.gitignore
.gitignore
 
 
README
README
 
 
TODO
TODO
 
 
bdutil.py
bdutil.py
 
 
cmd.py
cmd.py
 
 
data.py
data.py
 
 
opcodestream.py
opcodestream.py
 
 
rc.py
rc.py
 
 

Repository files navigation

ROPScan v1.0
============

Motivation
----------

Return-oriented programming is a technique that relies on opcode sequences
ending in a RET instruction and that are available from library or binary
code within an application's address space. These sequences are therefore
available in executable code pages and may be executed even if the underlying
OS/HW supports non-executable page rights.

For details on these attacks read:
http://cseweb.ucsd.edu/~hovav/talks/blackhat08.html

To initiate ROP, one needs a database of RET sequences. ROPScan supports
deriving such a database by scanning executable sequences of a binary/library
and checking the sequence's disassembly for being a valid and useful RET
sequence.


Usage
-----
rc.py scan <options> <file>

Options:
- - - - -

--dump=[yes|no]    Dump found sequences. Default: yes
--numbytes=<num>   Number of bytes a sequence may at most contain.
                   Default: 20

About

Scan ELF binaries for RET (0xC3) sequences

Resources

Readme
Activity

Stars

5 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages