Dewdrop

Contents

Finding gadgets
Helpers for selecting gadgets
Re-export of disassembler

Description

Print ROP gadgets having some desired property.

This module provides the quickest way to get started:

 $ cat find.hs

 import Dewdrop
 main = dewdrop (any (usesRegister RBP))

 $ runhaskell find.hs /bin/ls
 00402e56:
   pop %rbp
   ret

 0040afe7:
   shl %cl, -0x15(%rbp)
   rep ret

 ...

If you need more control, see Dewdrop.Analyze.

Synopsis

Finding gadgets

dewdrop :: ([Metadata] -> Bool) -> IO ()Source

Opens the ELF binary file passed as the first command-line argument, and prints all ROP gadgets satisfying the specified property.

Helpers for selecting gadgets

usesRegister :: GPR -> Metadata -> Bool Source

Does this instruction use a given register?

This only includes registers explicitly mentioned in disassembly, and not e.g. the rsi / rdi operands of movsd.

usesSegment :: Segment -> Metadata -> Bool Source

Does this instruction mention a given segment register?

This only includes explicit overrides, and loads/stores of segment registers.

opcode :: Metadata -> Opcode Source

Get the Opcode directly from an instruction-with-metadata.

Re-export of disassembler

The types and functions of Hdis86 are re-exported for convenience.

module Hdis86