hhc0null · March 9, 2015 18:15 · hhc0null · Mar 9, 2015
diff --git a/gizmo.py b/gizmo.py
 #!/usr/bin/env python2

 """Usage:
    gizmo.py [-h] [-o NAME] [-r NUMBER] PATH
    gizmo.py --version

 Arguments:
    PATH    source path

 Options:
    -r NUMBER --rop=NUMBER      find useful gadget for your future exploits, arg is the gadget maximum size in instructions
    -o NAME --output=NAME       output to file.
    -h --help                   Show this screen.
    -v --version                Show version.
 """

 # plz install capstone:)
 import capstone
 import collections
 import docopt
 import re
 import string
 import sys


 if __name__ == '__main__':
    source_path = ""
    destination_path = ""
    rop = 3

    try:
        arguments = docopt.docopt(__doc__, version='0.1.0')
        source_path = arguments['PATH']
        destination_path = arguments['--output']
        rop = int(arguments['--rop']) 
    except docopt.DocoptExit as e:
        print e.message
        sys.exit(1)

    if not source_path:
        sys.exit(0)

    with open(source_path, "rb") as f:
        data = f.read()
    codes = tuple(map(lambda x: x+'\xc3', data.split('\xc3')[:-1]))

    lines, base = [], 0
    cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
    for code in codes:
        for i in reversed(range(1, rop+1)):
            line = "".join(["0x{:08x}: {} {} ; ".format(x.address, x.mnemonic, x.op_str) for x in cs.disasm(code, base)][-i:])
            if not "ret  ;" in line:
                break
            lines.append(line)
            if len(code) == 1:
                break
        base += len(code)

    dataset = dict()
    for line in lines:
        line = "".join(line)
        try:
            address = int(line[:10], 16)
        except:
            continue
        dataset.update({"0x{:08x}".format(address):"{}".format(re.sub(r"0x[0-9a-f]{8}: ", "", line))})
    dataset = collections.OrderedDict(sorted(dataset.items(), key = lambda t: t[1]))

    lines = ""
    for address, code in dataset.iteritems():
        lines += "{}: {}\n".format(address, code)

    if destination_path:
        with open(destination_path, "w") as f:
            f.write(lines)
    else:
        sys.stdout.write(lines)
	#!/usr/bin/env python2

	"""Usage:
	gizmo.py [-h] [-o NAME] [-r NUMBER] PATH
	gizmo.py --version

	Arguments:
	PATH source path

	Options:
	-r NUMBER --rop=NUMBER find useful gadget for your future exploits, arg is the gadget maximum size in instructions
	-o NAME --output=NAME output to file.
	-h --help Show this screen.
	-v --version Show version.
	"""

	# plz install capstone:)
	import capstone
	import collections
	import docopt
	import re
	import string
	import sys


	if __name__ == '__main__':
	source_path = ""
	destination_path = ""
	rop = 3

	try:
	arguments = docopt.docopt(__doc__, version='0.1.0')
	source_path = arguments['PATH']
	destination_path = arguments['--output']
	rop = int(arguments['--rop'])
	except docopt.DocoptExit as e:
	print e.message
	sys.exit(1)

	if not source_path:
	sys.exit(0)

	with open(source_path, "rb") as f:
	data = f.read()
	codes = tuple(map(lambda x: x+'\xc3', data.split('\xc3')[:-1]))

	lines, base = [], 0
	cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
	for code in codes:
	for i in reversed(range(1, rop+1)):
	line = "".join(["0x{:08x}: {} {} ; ".format(x.address, x.mnemonic, x.op_str) for x in cs.disasm(code, base)][-i:])
	if not "ret ;" in line:
	break
	lines.append(line)
	if len(code) == 1:
	break
	base += len(code)

	dataset = dict()
	for line in lines:
	line = "".join(line)
	try:
	address = int(line[:10], 16)
	except:
	continue
	dataset.update({"0x{:08x}".format(address):"{}".format(re.sub(r"0x[0-9a-f]{8}: ", "", line))})
	dataset = collections.OrderedDict(sorted(dataset.items(), key = lambda t: t[1]))

	lines = ""
	for address, code in dataset.iteritems():
	lines += "{}: {}\n".format(address, code)

	if destination_path:
	with open(destination_path, "w") as f:
	f.write(lines)
	else:
	sys.stdout.write(lines)