(Translated by https://www.hiragana.jp/)
GitHub - hugsy/ropgadget-rs: Another (bad) ROP gadget finder, but this time in Rust
Skip to content
/ ropgadget-rs Public

Another (bad) ROP gadget finder, but this time in Rust

License

MIT license
16 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hugsy/ropgadget-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
.github
.github
 
 
examples
examples
 
 
src
src
 
 
tests/bin
tests/bin
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rustfmt.toml
rustfmt.toml
 
 

Repository files navigation

logo

ropgadget-rs

Discord

RopGadget-rs started as a weekend project to learn Rust. But as usual it also started from the need to get really fast & easily portable ropgadget finder capable of handling quickly any binary (especially very large ones such as mshtml, ntoskrnl, chrome, etc.).

Note

This library is a side project to learn Rust. If you want better tools, see the ones mentioned at the bottom of the page.

Currently supports:

ELF PE MachO
x86
x64
arm
arm64

ropgadget-rs

Since 0.4, RopGadget-Rs was re-designed to be built as a library so it can be integrated to other projects. But a lightweight standalone binary that features all what the library offers, can also be built.

Build

(Optionally) If you don't have cargo:

  • On Linux/MacOS
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • On Windows
Invoke-WebRequest https://win.rustup.rs/x86_64 -UseBasicParsing -OutFile "rustup-init.exe"
Invoke-Expression rustup-init.exe

Then build:

git clone https://github.com/hugsy/ropgadget-rs
cd ropgadget-rs
cargo build --release --lib

You might also want to build the ropgadget-rs binary so it can be easily used from the command line:

cargo build --release --example rp-rs

And run:

cargo run -- --help

Install

Via cargo

cargo install --bins --git https://github.com/hugsy/ropgadget-rs.git

Performance

The tool performs decently but could largely be optimized (and will be, over time). Here are some performance obtained on an old i5-4300M (build in --release mode) with 2 threads (default)

  • ntoskrnl.exe (Windows 10 RS6 - 10.0.19041.329) - 10,921,280 bytes
>  ./ropgadget-rs.exe -o rop.txt -vv ./ntoskrnl-rs6.exe
[INFO] - Checking file './ntoskrnl-rs6.exe'
[INFO] - Creating new Session(file=./ntoskrnl-rs6.exe, Info(Arch=x86-64, OS=PE))
[INFO] - Looking for gadgets in 15 sections (with 2 threads)...'
[INFO] - Dumping 336787 gadgets to 'rop.txt'...
[INFO] - Done!
[INFO] - Execution: 336787 gadgets found in 13.5224138s
  • msedge.dll (Chromium Edge - 83.0.478.64) - 145,665,416 bytes
> ./ropgadget-rs -o rop.txt -vv ./msedge.dll
[INFO] - Checking file './msedge.dll'
[INFO] - Creating new Session(file=./msedge.dll, Info(Arch=x86-64, OS=PE))
[INFO] - Looking for gadgets in 1 sections (with 2 threads)...'
[INFO] - Dumping 5713703 gadgets to 'rop.txt'...
[INFO] - Done!
[INFO] - Execution: 5713703 gadgets found in 132.2237842s

YMMV but most small files (like Unix binaries) will execute in way under 1 second.

$ ./ropgadget-rs -vv -o /dev/null /bin/ls
[INFO] - Checking file '/bin/ls'
[INFO] - Creating new Session(file=/bin/ls, Info(Arch=x86-64, OS=ELF))
[INFO] - Looking for gadgets in 5 sections (with 2 threads)...'
[INFO] - Dumping 3544 gadgets to '/dev/null'...
[INFO] - Done!
[INFO] - Execution: 3544 gadgets found in 151.5587ms

Better projects

Unless you're ok with experiencing my bugs, you should probably check out one of those projects:

About

Another (bad) ROP gadget finder, but this time in Rust

Topics

rust pwn rop exploit-development ropgadget rop-gadget-finder

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases 2

v0.3.1 Latest
Dec 24, 2022
+ 1 release

Languages