Find gadgets for return-oriented programming on x86 https://github.com/kmcallister/dewdrop
|Latest on Hackage:||0.1|
This package is not currently in any snapshots. If you're interested in using it, we recommend adding it to Stackage Nightly. Doing so will make builds more reliable, and allow stackage.org to host generated Haddocks.
Traditional buffer-overflow attacks work by filling a data buffer with exploit code and then redirecting execution to that buffer. As a countermeasure, modern operating systems will forbid (by default) the execution of writable memory regions.
Return-oriented programming  is an alternative exploitation strategy that works around this restriction. The exploit payload is built by chaining together short code sequences ("gadgets") which are already present in the exploited program, and thus are allowed to be executed.
dewdrop is a Haskell library for finding useful gadgets in 32- and 64-bit
x86 ELF binaries. You can describe the desired gadget properties with a
Haskell function, and use the
Dewdrop module to make a customized
gadget-finder program. Or you can import
Dewdrop.Analyze and integrate
this functionality into a larger program.
Shacham, Hovav. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). CCS 2007, pages 552-561.