Title | Description |
---|---|
About | Brief Description about the tool |
Installation | Installation and Requirements |
Usage | Ropweaver usage |
Semantic | About semantic |
Examples | Examples |
Changelog | Ropweaver changelog |
Disclaimer | Disclaimer |
ropweaver is a straightforward, unpretentious tool developed as part of my OSED certification journey. It classifies and chains ROP gadgets in Windows binaries, supporting semantic-based searches, bad byte filtering, and organized gadget categorization.
git clone https://github.com/aas-n/ropweaver.git
pip install argparse
python ropweaver.py <filename> [options]
Options
<filename>: R++ file output containing the list of gadgets.
-b, --bad-bytes: Specify bad bytes to exclude from the gadgets, e.g., '00 0a 0b 0d'.
-c, --no-color: Disable colored output.
-l, --limit: Limit the number of gadgets displayed per category.
-s, --semantic: Search for gadgets matching a specific semantic instruction, e.g., 'eax <- ecx' or '[edi] <- ecx'.
-a, --virtualaddress: The virtual address of the module in hexadecimal (-a '0x10000000').
-v, --debug: Enable verbose output for debugging.
Semantic allows you to find and chain gadgets based on pseudo code.
-s 'eax <- ecx' # mov eax, ecx
-s '[eax] <- ecx' # mov [eax], ecx or mov dword ptr [eax], ecx
-s 'eax <- [ecx]' # mov eax, [ecx] or mov eax, dword ptr [ecx]
-s 'eax <-> ecx' # xchg eax, ecx
-s 'eax + ecx' # add eax, ecx
-s 'eax - ecx' # sub eax, ecx
-s 'eax <- 0' # xor eax, eax;
-s 'eax <- ecx + offset # offset two complement; pop ecx; ret; sub eax, ecx; ret;
-s 'eax++' # inc eax;
-s 'eax--' # dec eax;
-s 'neg eax' # neg eax;
Version 0.1
=============
[ ] add advanced chaining
[ ] add variations to categories
[x] add baseAddress option
[x] support windows r++ outputs
[x] support linux r++ outputs
[x] add basic chaining
[x] add semantic eax <- ecx + offset and eax <- ecx offset
[x] add gadget categorization
[x] add gadget filtering
[x] add no-color to make grep easier
[x] add semantic mode
[x] add debug mode
This tool was developed as part of my OSED certification journey and is intended for educational and research purposes only. Use it responsibly.