Last updated: 26 Jul 22 23:17:21 (UTC)

ROP attacks

Sources

https://trustfoundry.net/basic-rop-techniques-and-tricks/

https://ropemporium.com/index.html

https://radareorg.github.io/blog/posts/ropnroll/

https://ret2rop.blogspot.com/2018/08/return-to-libc.html

https://github.com/david942j/one_gadget

64 bit

  • x86-64 (64-bit), in contrast, passes parameters to functions via registers (most of the time; functions that take more than six parameters or take parameters that are particularly large will make use of the stack, but this is rare. You can read more about this (here)[https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf]
  • The first four registers used for passing parameters are rdi, rsi, rdx, and rcx, in that order. Therefore, when developing a ROP chain, you’ll want to find gadgets that allow you to control as many of those registers as you need for a desired function call.

32 bit

  • Passing parameters to functions: In x86 (32-bit), parameters are passed to functions on the stack.