dewdrop-0.1: Find gadgets for return-oriented programming on x86




Print ROP gadgets having some desired property.

This module provides the quickest way to get started:

 $ cat find.hs

 import Dewdrop
 main = dewdrop (any (usesRegister RBP))

 $ runhaskell find.hs /bin/ls
   pop %rbp

   shl %cl, -0x15(%rbp)
   rep ret


If you need more control, see Dewdrop.Analyze.


Finding gadgets

dewdrop :: ([Metadata] -> Bool) -> IO ()Source

Opens the ELF binary file passed as the first command-line argument, and prints all ROP gadgets satisfying the specified property.

Helpers for selecting gadgets

usesRegister :: GPR -> Metadata -> BoolSource

Does this instruction use a given register?

This only includes registers explicitly mentioned in disassembly, and not e.g. the rsi / rdi operands of movsd.

usesSegment :: Segment -> Metadata -> BoolSource

Does this instruction mention a given segment register?

This only includes explicit overrides, and loads/stores of segment registers.

opcode :: Metadata -> OpcodeSource

Get the Opcode directly from an instruction-with-metadata.

Re-export of disassembler

The types and functions of Hdis86 are re-exported for convenience.

module Hdis86