dewdrop: Find gadgets for return-oriented programming on x86

[ bsd3, library, reverse-engineering, security ] [ Propose Tags ] [ Report a vulnerability ]

Traditional buffer-overflow attacks work by filling a data buffer with exploit code and then redirecting execution to that buffer. As a countermeasure, modern operating systems will forbid (by default) the execution of writable memory regions.

Return-oriented programming [1] is an alternative exploitation strategy that works around this restriction. The exploit payload is built by chaining together short code sequences ("gadgets") which are already present in the exploited program, and thus are allowed to be executed.

dewdrop is a Haskell library for finding useful gadgets in 32- and 64-bit x86 ELF binaries. You can describe the desired gadget properties with a Haskell function, and use the Dewdrop module to make a customized gadget-finder program. Or you can import Dewdrop.Analyze and integrate this functionality into a larger program.

\[1\] Shacham, Hovav. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). CCS 2007, pages 552-561.

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 0.1
Dependencies base (>=3 && <5), bytestring (>=0.9), containers (>=0.3), elf (>=0.2), hdis86 (>=0.2), syb (>=0.1) [details]
License BSD-3-Clause
Author Nelson Elhage <nelhage@nelhage.com>, Keegan McAllister <mcallister.keegan@gmail.com>
Maintainer Keegan McAllister <mcallister.keegan@gmail.com>
Category Reverse Engineering, Security
Home page https://github.com/kmcallister/dewdrop
Source repo head: git clone git://github.com/kmcallister/dewdrop.git
Uploaded by KeeganMcAllister at 2011-08-28T19:07:37Z
Distributions
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 1207 total (3 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs uploaded by user
Build status unknown [no reports yet]