Comments (17)
At least your bug should be fixed now. However, the cache has to be deleted. You can do that by using the --clear-cache
command.
from ropper.
Hi,
could you provide the test.exe?
Best
Sascha
from ropper.
Alright, here it is:
https://drive.google.com/file/d/0B7AnNw--HBtWM3VMZ3RyU09xWmc/view?usp=sharing
Do you need the source code?
from ropper.
Thanks. No, I don't. The binary is enough. :)
from ropper.
And I forgot to mention I am using Python 2.7.1...
from ropper.
I need more information, because I cannot reproduce that. It works perfectly for me. I tested it with python2.7.1 and the current version.
Which windows version?
What is the output of this command print(__import__("sys").platform)
?
from ropper.
My windows version is Windows 7, and the output of the command is win32
from ropper.
Mh, strange.
I tested it on a freshly installed Windows. It works for me.
Which version of ropper did you use?
from ropper.
I am using version 1.10.7...
Perhaps there is something wrong with my python installation
from ropper.
Have you tried it again with a new python installation?
from ropper.
I'm getting this error too - tried reinstalling Python several times.
I'm trying to use an ELF for PowerPC (32 bit, big endian) using the latest master (320c242) on WSL (aka Bash on Ubuntu on Windows). Running Python 2.7.6, linux2. Fresh installs of capstone and filebytes, got 'em this morning. Any ideas? The executable is technically copyrighted but I'll look around for another file that causes a similar issue.
/bin/ls works fine.
Update: The file that doesn't work doesn't appear to have any section headers. Hmm.
from ropper.
Hi,
the current problem is that I cannot reproduce this issue. Can you provide the file? If not, I will try to create an ELF file without section headers.
from ropper.
I had the same problem. In my case I resolved it after deleting files from C:\Users\user\Local Settings\Temp\ropper_cache.
from ropper.
Regarding the list index out of range
error:
The path for the cache on Windows 10 is: %USERPROFILE%\.ropper\cache
- clearing it helped.
@sashs, I think the issue with the IndexError
(raised here) is happening because there aren't necessarily count
processes in the list.
from ropper.
There are different changes in ropper, also in the cache. You can find it in the dev branch. Could someone retest this issue, please? I would like to close this issue.
from ropper.
Tested on:
- Windows 10 standard cmd with Python 2.7.13
- WSL with Python 2.7.13
Cannot reproduce.
Edit: After doing some more testing on dev branch:
This happens for every binary, only after searching for gadgets (i.e. --info
doesn't trigger this exception).
To reproduce:
- Clear the cache (delete
%USERPROFILE%\.ropper
) - Run the command twice or more
In the second run, output becomes unsynchronized.
Running tasklist | findstr /i python
during the first run shows one python process, and every run after that is 2 python processes.
First run:
python Ropper.py -f test-binaries\ls-x86_64
[INFO] Load gadgets for section: PHDR
[LOAD] loading... 100%
[INFO] Load gadgets for section: LOAD
[LOAD] loading... 100%
[LOAD] removing double gadgets... 100%
Gadgets
=======
0x000000000041adfe: adc al, 0; add byte ptr [rax], ah; add edi, edi; jmp qword ptr [rbp];
0x000000000041ae79: adc al, 0; add byte ptr [rax], al; adc al, 0x15; add byte ptr [rax], al; rol byte ptr [rbx], 0xff; jmp qword ptr [rax];
0x000000000041b889: adc al, 0; add byte ptr [rax], al; and al, 0x1f; add byte ptr [rax], al; xor byte ptr [rdi + rdi*8], dh; call qword ptr [rdx];
0x000000000041b8a1: adc al, 0; add byte ptr [rax], al; cmp al, 0x1f; add byte ptr [rax], al; cmp byte ptr [rdi + rdi*8], dh; call qword ptr [rcx];
...
1258 gadgets found
Second run:
[INFO] Load gadgets from cache
[LOAD] loading... 0%[INFO] Load gadgets for section: PHDR
[LOAD] loading... 100%
[INFO] Load gadgets for section: LOAD
INFO][LOAD] Lload gadgets for section: PHDRoading...
oading...[LOAD] 1l00%oading...
[2INFO]% Load gadgets for section: LOAD
[LOAD] loading... 100%%ing... 79%% 87%6%
[LOAD]l oading...r emoving double gadgets...1 00%2 729%0%
00%[LOAD]emoving double gadgets...r emoving double gadgets...6 2%1 692%9%
removing double gadgets...
6
adgets
[LOAD]= ======
r
emoving double gadgets...
0[LOAD]x000000000041adfe: adc al, 0; add byte ptr [rax], ah; add edi, edi; jmp qword ptr [rbp];
removing double gadgets... 602%x000000000041ae79: adc al, 0; add byte ptr [rax], al; adc al, 0x15; add byte ptr [rax], al; rol byte ptr [rbx], 0xff; jmp qword ptr [rax];
[LOAD] removing double gadgets...0 x000000000041b889: adc al, 0; add byte ptr [rax], al; and al, 0x1f; add byte ptr [rax], al; xor byte ptr [rdi + rdi*8], dh; call qword ptr [rdx]; 6
[LOAD]0 x000000000041b8a1: adc al, 0; add byte ptr [rax], al; cmp al, 0x1f; add byte ptr [rax], al; cmp byte ptr [rdi + rdi*8], dh; call qword ptr [rcx]; r
emoving double gadgets... 62%0x000000000041b841: adc al, 0; add byte ptr [rax], al; fcomp qword ptr [rsi]; add byte ptr [rax], al; sub byte ptr [rdi + rdi*8], dh; call qword ptr [rdi];
[LOAD] removing double gadgets...0 x000000000041bb71: adc al, 0; add byte ptr [rax], al; or al, 0x22; add byte ptr [rax], al; fcom dword ptr [rdx - 1]; jmp qword ptr [rax]; 6
[LOAD]0 x000000000041ae7d: adc al, 0x15; add byte ptr [rax], al; rol byte ptr [rbx], 0xff; jmp qword ptr [rax]; r
emoving double gadgets... 602%x0000000000408614: adc al, 0x89; ret 0xe281;
[LOAD] 0rx0000000000412131: adc al, 0xb8; add dword ptr [rax], eax; add byte ptr [rax], al; ret; emoving double gadgets...
602%x0000000000410fc5: adc al, 0xff; jmp qword ptr [rsi + 0xf];
[LOAD] 0rx000000000040c9c6: adc al, byte ptr [rax - 0x80]; int 0x80; emoving double gadgets...
602%x000000000040e589: adc al, ch; ret 0xff3c;
[LOAD] 0rx000000000041106f: adc bh, bh; jmp qword ptr [rsi + 0x2e]; emoving double gadgets...
602%x0000000000406bb9: adc bh, dh; ret 0x8080;
[LOAD] r0emoving double gadgets...x000000000040aae1: adc byte ptr [r11 + 9], sil; shl rax, 4; add rax, qword ptr [rbx]; pop rbx; ret;
x0000000000405e03: adc byte ptr [r8 + 1], cl; ror byte ptr [rax - 0x7d], 1; ret 0x4808; [LOAD]
r0emoving double gadgets...x000000000040b25d: adc byte ptr [r8], r8b; ret;
0[LOAD]x000000000040b16e: adc byte ptr [rax + 0x39], cl; push rdi; or byte ptr [rdi - 0x46], dh; mov rax, rcx; ret;
...
0x0000000000404944: xor edx, edx; div rsi; mov rax, rdx; ret;
0x000000000040aab4: xor edx, edx; ror rax, 3; div rsi; mov rax, rdx; ret;
0x000000000040e6bf: xor edx, esi; mov dword ptr [rdi], edx; ret;
1258 gadgets found
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\python27\lib\multiprocessing\forking.py", line 381, in main
self = load(from_parent)
File "C:\python27\lib\pickle.py", line 1384, in load
return Unpickler(file).load()
File "C:\python27\lib\pickle.py", line 864, in load
dispatch[key](self)
File "C:\python27\lib\pickle.py", line 886, in load_eof
raise EOFError
EOFError
I'm not exactly certain if this is the same bug though but it does look like the root cause is the same, or at least very related.
from ropper.
Yep 👍
from ropper.
Related Issues (20)
- Constraint for assigning register to memory
- Generators for PE HOT 1
- Enhancement: progress bar while processing large binaries HOT 1
- stuck when find gadgets in vmlinux HOT 2
- Cannot get ropper working with multiple files HOT 4
- macOS: AttributeError: 'Ropper' object has no attribute '__gatherGadgetsByEndings' HOT 1
- When I extract vmlinux, the process kills itself
- Offset calculation is incorrect
- Incorrectly generated ROP chain due to push instruction in a gadget HOT 1
- disassemble error ? HOT 4
- Cannot Find some Gadgets because of disassemble error ! HOT 3
- Show addresses along with symbols
- tests fail on macOS: RuntimeError: context has already been set HOT 2
- Error trying to get some gadgets on libc HOT 1
- Crash upon loading libc HOT 8
- Z3 was successfully installed. ; [ERROR] z3 has to be installed in order to use semantic search HOT 24
- AttributeError: 'module' object has no attribute 'get_start_method' HOT 2
- loading libc error HOT 1
- The codesx
- Ropchain generator displays incorrect syscall code for execve HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ropper.