Rp++ – Tool That Aims To Find ROP Sequences In PE/Elf/Mach-O X86/X64 Binaries

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn’t support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I’m trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable.You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.Benchmark: Is it efficient ?Yeah, here are some benchmarks on Win7 x64, Intel i7 Q720 @ 1.6GHz, 4GB RAM:- Target: ntoskrnl.exe x64 version 6.1.7601.17790 D:\rp-win-x64.exe –file=ntoskrnl.exe –rop=8 > n ~80s for a total of 267356 gadgets found.- Target: chrome.exe x86 version 18.0.1025.168 D:\rp-win-x64.exe –file=chrome.exe –rop=8 > n ~13s for a total of 75459 gadgets found.- Target: cmd.exe x86 version v6.1.7600 D:\rp-win-x64.exe –file=cmd.exe –rop=8 > n ~15s for a total of 18818 gadgets found.- Target: bash x86 version D:\rp-win-x64.exe –file=bash-x86 –rop=8 > n ~12s for a total of 45385 gadgets found.Screenshotsrp++ on Win7 x64 / Debian Squeeze x64 / FreeBSD x64 / Mac OSX Lion x64: How to use it ?USAGE:./rp++ [-hv] [-f ] [-i <1,2,3>] [-r <positive int>] [–raw=<archi>] [–atsyntax] [–unique] [–search-hexa=<\x90A\x90>] [–search-int=<int in hex>]OPTIONS: -f, –file=<binary path> give binary path -i, –info=<1,2,3> display information about the binary header -r, –rop=<positive int> find useful gadget for your future exploits, arg is the gadget maximum size in instructions –raw=<archi> find gadgets in a raw file, ‘archi’ must be in the following list: x86, x64 –atsyntax enable the at&t syntax –unique display only unique gadget –search-hexa=<\x90A\x90> try to find hex values –search-int=<int in hex> try to find a pointer on a specific integer value -h, –help print this help and exit -v, –version print version information and exitWhere I can download standalone binaries ?There are an x86 and an x64 versions for Windows (compiled with VS 2010 on Win7 x64), Linux (compiled with gcc 4.4.5 on Debian x64 6.0.1), FreeBSD (compiled with gcc 4.2.1 on FreeBSD 8.2) and Mac OSX (compiled with gcc 4.2.1 on OSX 10.7.3 ; not statically linked): https://github.com/0vercl0k/rp/downloadsHere are the sha1sums:a2e71e88a5c14c81ae184258184e5d83082f184d *rp-fbsd-x6429c2d5462865d28042bffe9e723d25c19f0da1f7 *rp-fbsd-x8657e23ef42954a08c9833099d87544e2166c58b94 *rp-lin-x64efcaf2a9584a23559e3e5b109eb37cbde89f8b29 *rp-lin-x865c612b3eff470b613ea06ebbbb882f0aaef8e3b4 *rp-osx-x642e32273b657b44d6b9a56e89ec2e2c2731713d87 *rp-osx-x86e5e6930eb469e92f79b59941330f23daf62800be *rp-win-x64.exef83d4d9f9e73a60a31e495e2fbd2404c560f1a27 *rp-win-x86.exeDownload Rp++

Link: http://feedproxy.google.com/~r/PentestTools/~3/IY0eObzZgyM/rp-tool-that-aims-to-find-rop-sequences.html