Module xgadget::semantics

Determine attack-relevant instruction semantics

Functions

• is_gadget_body
  Check if instruction should exist in a gadget body.
• is_gadget_tail
  Check if instruction is a ROP/JOP/SYS gadget tail
• is_indirect_call
  Check if call instruction with register-controlled target
• is_indirect_jmp
  Check if jump instruction with register-controlled target
• is_jop_gadget_tail
  Check if instruction is a JOP gadget tail
• is_reg_ops_only
  Check if instruction has register (controllable) operands only
• is_reg_rw
  Check if instruction both reads and writes the same register
• is_reg_set
  Check if sets register from another register or stack (e.g. exclude constant write)
• is_ret
  Check if return instruction.
• is_rop_gadget_tail
  Check if instruction is a ROP gadget tail
• is_sys_gadget_tail
  Check if instruction is a SYS gadget tail, in general
• is_syscall
  Check if syscall/sysenter instruction
• is_sysret
  Check if sysret/sysexit instruction