From 39c9794d64095065086304a581dd2e047a1e308e Mon Sep 17 00:00:00 2001 From: yellows8 Date: Fri, 5 Jun 2015 17:12:24 -0400 Subject: [PATCH] Initial commit. --- ropgadget_patternfinder.c | 230 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100644 ropgadget_patternfinder.c diff --git a/ropgadget_patternfinder.c b/ropgadget_patternfinder.c new file mode 100644 index 0000000..9a10682 --- /dev/null +++ b/ropgadget_patternfinder.c @@ -0,0 +1,230 @@ +#include +#include +#include +#include + +#include + +//Build with: gcc -o ropgadget_patternfinder ropgadget_patternfinder.c -lcrypto + +int load_bindata(char *arg, unsigned char **buf, unsigned int *size) +{ + int i; + unsigned int tmp=0; + unsigned char *bufptr; + FILE *f; + struct stat filestat; + + bufptr = *buf; + + if(arg[0]!='@') + { + if(bufptr==NULL) + { + tmp = strlen(arg); + if(tmp<2 || (tmp & 1)) + { + printf("The length of the input hex param is invalid.\n"); + return 4; + } + + *size = strlen(arg) / 2; + *buf = (unsigned char*)malloc(*size); + bufptr = *buf; + if(bufptr==NULL) + { + printf("Failed to allocate memory for input buffer.\n"); + return 1; + } + + memset(bufptr, 0, *size); + } + + for(i=0; i<*size; i++) + { + if(i>=strlen(arg))break; + sscanf(&arg[i*2], "%02x", &tmp); + bufptr[i] = (unsigned char)tmp; + } + } + else + { + if(stat(&arg[1], &filestat)==-1) + { + printf("Failed to stat %s\n", &arg[1]); + return 2; + } + + f = fopen(&arg[1], "rb"); + if(f==NULL) + { + printf("Failed to open %s\n", &arg[1]); + return 2; + } + + if(bufptr) + { + if(*size < filestat.st_size)*size = filestat.st_size; + } + else + { + *size = filestat.st_size; + *buf = (unsigned char*)malloc(*size); + bufptr = *buf; + + if(bufptr==NULL) + { + printf("Failed to allocate memory for input buffer.\n"); + return 1; + } + + memset(bufptr, 0, *size); + } + + if(fread(bufptr, 1, *size, f) != *size) + { + printf("Failed to read file %s\n", &arg[1]); + fclose(f); + return 3; + } + + fclose(f); + } + + return 0; +} + +int main(int argc, char **argv) +{ + int argi; + int ret; + int hashpattern_set = 0; + int found; + unsigned char *filebuf = NULL; + unsigned char inhash[0x20]; + unsigned char calchash[0x20]; + unsigned char *inhashptr; + size_t filebufsz=0, pos, hashblocksize=0; + unsigned int tmpsize=0; + struct stat filestat; + FILE *fbin; + + if(argc<3) + { + printf("ropgadget_patternfinder by yellows8.\n"); + printf("Locates the offset/address of the specified pattern in the input binary. This tool is mainly intended for locating ROP-gadgets, but it could be used for other purposes as well.\n"); + printf(" below can be either hex with any byte-length(unless specified otherwise), or '@' followed by a file-path to load the data from."); + printf("Usage:\n"); + printf("ropgadget_patternfinder \n"); + printf("Options:\n"); + printf("--patternsha256= Hash every --patternsha256size bytes in the binary, for locating the target pattern. The input bindata(sha256 hash) size must be 0x20-bytes.\n"); + printf("--patternsha256size=0x See --patternsha256.\n"); + + return 0; + } + + ret = 0; + + for(argi=2; argi