Bug #195

Jae Won - findwild option bug

Added by Jae Won 4 months ago. Updated 4 months ago.

Status:New Start date:10 Jan 2012
Priority:Normal Due date:
Assignee:Peter % Done:

0%
Category:-
Target version:v1.3

Description

fw -s *#jmp r32 -depth 6 -all (or *#jmp [r32] -depth 6 -all)

results single jumps instructions like

jmp eax
jmp ecx
etc

or

jmp [ebx]
jmp [eax]

etc

instead of jmp gadgets with 6 instruction sequences

History

#1
Updated by Peter 4 months ago

  • Assignee set to Peter
  • Target version set to v1.3

#2
Updated by Peter 4 months ago

I had a look at the code and this is not a bug, but this was how I designed it
the current code simply wasn't designed to do this, as I figured you could use the rop functionality (with -end parameter) to do something like that
Implementing this in the findwild command would require a rewrite of the entire code, but the current routine is not able to first search backwards and then potentionally having to search forwards, and keeping everything within the -depth limit.
Before doing this, I need to be sure there is a structural need for this kind of functionality (and it's not a one-time thing)

Also available in: Atom PDF