Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-01-23 14:28:07 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

enable conditional stuff for rop-gadget-search

Browse Source
This commit is contained in:
condret 2014-10-07 19:35:15 +02:00 committed by pancake
parent 6e0285ab90
commit e816189ec7
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libr/core/cmd_search.c
View File

@ -292,6 +292,7 @@ static RList* construct_rop_gadget(RCore *core, ut64 addr, ut8 *buf, int idx, co
RList *hitlist = r_core_asm_hit_list_new ();
ut8 nb_instr = 0;
const ut8 max_instr = r_config_get_i (core->config, "search.roplen");
const ut8 crop = r_config_get_i (core->config, "search.conditionalrop"); //decide if cjmp, cret, and ccall should be used too for the gadget-search
boolt valid = 0;
if (grep) {
@ -332,13 +333,23 @@ static RList* construct_rop_gadget(RCore *core, ut64 addr, ut8 *buf, int idx, co
case R_ANAL_OP_TYPE_TRAP:
case R_ANAL_OP_TYPE_RET:
case R_ANAL_OP_TYPE_UCALL:
case R_ANAL_OP_TYPE_CJMP:
case R_ANAL_OP_TYPE_UJMP:
case R_ANAL_OP_TYPE_JMP:
case R_ANAL_OP_TYPE_CALL:
valid = 1;
valid = R_TRUE;
goto ret;
}
if (crop) { //if conditional jumps, calls and returns should be used for the gadget-search too
switch (aop.type) {
case R_ANAL_OP_TYPE_CJMP:
case R_ANAL_OP_TYPE_UCJMP:
case R_ANAL_OP_TYPE_CCALL:
case R_ANAL_OP_TYPE_UCCALL:
case R_ANAL_OP_TYPE_CRET: //i'm a condret
valid = R_TRUE;
goto ret;
}
}
}
nb_instr++;
}

3
libr/core/config.c
View File

@ -1011,6 +1011,7 @@ R_API int r_core_config_init(RCore *core) {
SETI("search.roplen", 5, "Maximum number of instructions for a ROP Gadget");
SETPREF("search.show", "true", "Show search results while found (disable if lot of hits)");
SETI("search.to", -1, "Search end address");
SETPREF("search.conditionalrop", "false", "Use conditional jump, calls and returns for ropsearch too");
/* io */
SETICB("io.enforce", 0, &cb_ioenforce, "Honor IO section permissions for 1=read , 2=write, 0=none");
@ -1023,7 +1024,7 @@ R_API int r_core_config_init(RCore *core) {
SETCB("io.va", "true", &cb_iova, "If enabled virtual address layout can be used");
SETCB("io.zeromap", "0", &cb_iozeromap, "Double map the last opened file to address zero");
SETCB("io.autofd", "true", &cb_ioautofd, "change fd when opening new file automatically");
/* file */
SETPREF("file.analyze", "false", "Analyze file on load. Same as r2 -c aa ..");
SETPREF("file.desc", "", "User defined file description. Used by projects");