Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100755 144 lines (118 sloc) 3.454 kb
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
1 #!/usr/bin/env ruby
2 #
3 # $Id$
4 #
5 # This tool will collect, export, and import ROP gadgets
6 # from various file formats (PE, ELF, Macho)
7 # $Revision$
8 #
9
10 msfbase = __FILE__
11 while File.symlink?(msfbase)
12 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
13 end
14
15 $:.unshift(File.join(File.dirname(msfbase), 'lib'))
16 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
17
18 require 'rex'
19 require 'rex/ropbuilder'
20 require 'rex/ui/text/output/stdio'
21 require 'rex/ui/text/color'
22 require 'optparse'
23
24 def opt2i(o)
25 o.index("0x")==0 ? o.hex : o.to_i
26 end
27
28 opts = {}
29
30 # set defaults
31 opts[:depth] = 3
32
33 opt = OptionParser.new
34 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
35 opt.separator('')
36 opt.separator('Options:')
37
38 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
39 opts[:depth] = opt2i(d)
40 end
41
42 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
43 opts[:pattern] = regex
44 end
45
46 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
47 opts[:export] = csv
48 end
49
50 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
51 opts[:import] = csv
52 end
53
54 opt.on('-v', '--verbose', 'Output very verbosely') do
55 opts[:verbose] = true
56 end
57
58 opt.on_tail('-h', '--help', 'Show this message') do
59 puts opt
60 exit(1)
61 end
62
63 begin
64 opt.parse!
65 rescue OptionParser::InvalidOption
66 puts "Invalid option, try -h for usage"
67 exit(1)
68 end
69
70 gadgets = []
71
72 if opts[:import].nil?
73 files = []
74 ARGV.each do |file|
75 if(File.directory?(file))
76 dir = Dir.open(file)
77 dir.entries.each do |ent|
78 path = File.join(file, ent)
79 next if not File.file?(path)
80 files << File.join(path)
81 end
82 else
83 files << file
84 end
85 end
86
87 ropbuilder = Rex::RopBuilder::RopCollect.new
88 files.each do |file|
89 found = []
90 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
91 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n")
92 found = ropbuilder.collect(opts[:depth])
93 ropbuilder.print_msg("Found %grn#{found.count}%clr gadgets\n\n")
94
95 # compile a list of all gadgets from all files
96 found.each do |gadget|
97 gadgets << gadget
98 end
99 end
100
101 if opts[:verbose]
102 gadgets.each do |gadget|
103 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n")
104 ropbuilder.print_msg gadget[:disasm] + "\n"
105 end
106 end
107 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n")
108 end
109
110 if opts[:import]
111
112 ropbuilder = Rex::RopBuilder::RopCollect.new()
113 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n")
114 gadgets = ropbuilder.import(opts[:import])
115
116 gadgets.each do |gadget|
117 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n")
118 ropbuilder.print_msg gadget[:disasm] + "\n"
119 end
120
121 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n")
122 end
123
124 if opts[:pattern]
125 matches = ropbuilder.pattern_search(opts[:pattern])
126 if opts[:verbose]
127 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n")
128 end
129 end
130
131 if opts[:export]
132 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n")
133 csv = ropbuilder.to_csv(gadgets)
134 begin
135 fd = File.new(opts[:export], 'w')
136 fd.puts csv
137 fd.close
138 rescue
139 puts "Error writing #{opts[:export]} file"
140 exit(1)
141 end
142 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n")
143 end
Something went wrong with that request. Please try again.