owl 0.0.3

ROP-gadget finder in Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

use error::*;
use falcon_capstone::capstone;
use gadget::*;
use util::find;


/// A ROP-gadget finder for the x86 (32-bit) architecture.
#[derive(Clone, Debug)]
pub struct X86 {}


impl X86 {
    /// Create a new x86 ROP-Gadget finder.
    pub fn new() -> X86 {
        X86 {}
    }

    /// Find ROP-Gadgets in x86 code.
    pub fn find(&self, address: u64, bytes: &[u8], depth: usize) -> Result<Vec<Gadget>> {
        find(address,
             bytes,
             depth,
             1,
             capstone::cs_arch::CS_ARCH_X86,
             capstone::CS_MODE_32,
             RET_INSTRUCTIONS,
             VALID_INSTRUCTIONS,
             0)
    }
}


impl ::GadgetFinder for X86 {
    fn find(&self, address: u64, bytes: &[u8], depth: usize) -> Result<Vec<Gadget>> {
        self.find(address, bytes, depth)
    }
}


/// A ROP-gadget finder for the amd64 (64-bit) architecture.
#[derive(Clone, Debug)]
pub struct Amd64 {}


impl Amd64 {
    /// Create a new amd64 ROP-Gadget finder.
    pub fn new() -> Amd64 {
        Amd64 {}
    }

    /// Find ROP-Gadgets in Amd64 code.
    pub fn find(&self, address: u64, bytes: &[u8], depth: usize) -> Result<Vec<Gadget>> {
        find(address,
             bytes,
             depth,
             1,
             capstone::cs_arch::CS_ARCH_X86,
             capstone::CS_MODE_64,
             RET_INSTRUCTIONS,
             VALID_INSTRUCTIONS,
             0)
    }
}


impl ::GadgetFinder for Amd64 {
    fn find(&self, address: u64, bytes: &[u8], depth: usize) -> Result<Vec<Gadget>> {
        self.find(address, bytes, depth)
    }
}


static VALID_INSTRUCTIONS: &[capstone::InstrIdArch] = &[
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_ADC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_ADD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_AND),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BSF),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BSR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BSWAP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BT),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BTC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BTR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_BTS),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CBW),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CDQ),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CLC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CLD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CLI),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVA),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVAE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVBE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVG),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVGE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVLE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVNE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVNO),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVNP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVNS),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVO),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMOVS),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMPSB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CMPXCHG),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CWD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_CWDE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_DEC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_DIV),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_IDIV),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_IMUL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_INC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LEA),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LEAVE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LODSB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LOOP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LOOPE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_LOOPNE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOV),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOVSB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOVSW),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOVSD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOVSX),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MOVZX),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_MUL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_NEG),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_NOP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_NOT),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_OR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_POP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_PUSH),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_ROL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_ROR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SAR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SBB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETAE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETA),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETBE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETGE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETG),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETLE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETNE),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETNO),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETNP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETNS),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETO),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETP),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SETS),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SHL),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SHR),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SHLD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SHRD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STC),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STI),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STOSB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STOSW),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_STOSD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_SUB),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_TEST),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_XADD),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_XCHG),
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_XOR)
];


static RET_INSTRUCTIONS: &[capstone::InstrIdArch] = &[
    capstone::InstrIdArch::X86(capstone::x86_insn::X86_INS_RET)
];