Operand 'registers' is invalid or not yet supported

[Waterman178]

what happened?

[Boyan-MILANOV]

Hey,

ROPGenerator accepts semantic queries with registers and constants. "registers" isn't a valid register name so the query is invalid and the command returns an error...
What behaviour did you expect ?

Boyan

[Waterman178]

Hey,

ROPGenerator accepts semantic queries with registers and constants. "registers" isn't a valid register name so the query is invalid and the command returns an error...
What behaviour did you expect ?

Boyan

There is a structure address in [rsp+0x28]. There is a function address in this structure +0x30. I want to jump over.How can I find instructions that implement features like the following?

mov rax,[rsp+0x28]
jmp qword ptr[rax+0x30]

[Boyan-MILANOV]

There isn't yet a query type that implements double dereferencing.
I see 2 possible improvements to ROPGenerator that would fill this need:

1. enable nested expressions in queries like: find rip=mem( mem(rsp+0x28) + 0x30 )
2. enable a generic operand such as: find ?=mem(rsp+0x28)

I'll mark this as a feature request, and implement those features in the 2.0 version :)

Edit: So far, as a workaround, you can try to combine the following kind of requests, with xxx being any supported register (rax, rbx, rcx, rdx, rsi, ...) :

find xxx = mem(rsp+0x28)
find rip = mem(xxx+0x30)