Changelog rop-tool v2.2 (2015-05-15):
– Port project on windows
– Fix bugs in PE parser
– Fix bugs in api/utils
– Add –bad option in gadget and search command, to exclude bad bytes in address
– Add NX bit on info command (ELF only)
– New command : heap, used to visualize heap allocations (Linux/glibc only)
– Fix bad behavior in ‘search –all’
– Gadgets which finished by syscall or int 0x80 instruction are now filtered
ropc is A tool to help you writing binary exploits.
Example ropc :
A tool to help you writing binary exploits
FEATURES :
+ String searching, Gadget searching
+ Colored output
+ Intel and AT&T flavor
+ Support of ELF and PE binary format
+ Support of big and little endian
+ Support of x86 and x86_64 architecture
Usage :
Usage: rop <cmd> [OPTIONS] Commands : gadget Search gadgets search Search on binary help Print help version Print version Try "ropc help <cmd>" for more informations about a command. Usage : ropc gadget [OPTIONS] [FILENAME] OPTIONS: --arch, -A Select an architecture (in raw mode only) --all, -a Print all gadgets --bad, -B [b] Specify bad chars in address --depth, -d [d] Specify the depth for gadget searching (default is 5) --flavor, -f [f] Select a flavor (att or intel) --help, -h Print this help message --no-color, -n Don't colorize output --raw, -r Open file in raw mode (don't considere any file format) Usage : rop search [OPTIONS] [FILENAME] OPTIONS: --all-string, -a [n] Search all printable strings of at least [n] caracteres. (default is 6) --byte, -b [b] Search the byte [b] in binary --bad, -B [b] Specify bad chars in address --dword, -d [d] Search the dword [d] in binary --help, -h Print this help message --no-color, -n Don't colorize output --qword, -q [q] Search the qword [q] in binary --raw, -r Open file in raw mode (don't considere any file format) --split-string, -s [s] Search a string "splited" in memory (which is not contiguous in memory) --string, -S [s] Search a string (a byte sequence) in binary --word, -w [w] Search the word [w] in binary
GADGET COMMAND
Usage : rop-tool gadget [OPTIONS] [FILENAME] OPTIONS: --arch, -A Select an architecture (in raw mode only) --all, -a Print all gadgets (even gadgets which are not uniq) --depth, -d [d] Specify the depth for gadget searching (default is 5) --flavor, -f [f] Select a flavor (att or intel) --no-filter, -F Do not apply some filters on gadgets --help, -h Print this help message --no-color, -n Do not colorize output --raw, -r Open file in raw mode (don't considere any file format)
SEARCH COMMAND
Usage : rop-tool search [OPTIONS] [FILENAME] OPTIONS: --all-string, -a [n] Search all printable strings of at least [n] caracteres. (default is 6) --byte, -b [b] Search the byte [b] in binary --dword, -d [d] Search the dword [d] in binary --help, -h Print this help message --no-color, -n Don't colorize output --qword, -q [q] Search the qword [q] in binary --raw, -r Open file in raw mode (don't considere any file format) --split-string, -s [s] Search a string "splited" in memory (which is not contiguous in memory) --string, -S [s] Search a string (a byte sequence) in binary --word, -w [w] Search the word [w] in binary
PATCH COMMAND
Usage : rop-tool patch [OPTIONS] [FILENAME] OPTIONS: --address, -a [a] Select an address to patch --bytes, -b [b] A byte sequence (e.g. : "\xaa\xbb\xcc") to write --filename, -f [f] Specify the filename --help, -h Print this help message --offset, -o [o] Select an offset to patch (from start of the file) --output, -O [o] Write to an another filename --raw, -r Open file in raw mode
Example Heap Command
HEAP COMMAND Rop-Tool
Download :
rop-tool-2.2.zip
rop-tool-2.2.tar.gz
Source : https://t0x0sh.org/ | Our Post Before