From 5ee1b67889543d3a30f61c2c0898d205cfb91b3e Mon Sep 17 00:00:00 2001 From: Kyle Zeng Date: Wed, 31 Jan 2024 00:28:16 -0700 Subject: [PATCH] comply with the changes in angrop --- rex/crash.py | 4 ++-- rex/exploit/techniques/rop_leak_memory.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rex/crash.py b/rex/crash.py index b56e30b..716576a 100644 --- a/rex/crash.py +++ b/rex/crash.py @@ -67,7 +67,7 @@ def initialize_rop(self): return # finally, create an angrop object - rop = self.project.analyses.ROP(fast_mode=self._rop_fast_mode, rebase=False) + rop = self.project.analyses.ROP(fast_mode=self._rop_fast_mode) rop.set_badbytes(self._bad_bytes) if self._rop_cache and self._rop_cache[0]: l.info("Loading rop gadgets from cache") @@ -107,7 +107,7 @@ def initialize_libc_rop(self): # finally, create an angrop object bin_opts = {"base_addr": base_addr} project = angr.Project(self.libc_binary, auto_load_libs=False, main_opts=bin_opts) - libc_rop = project.analyses.ROP(fast_mode=self._rop_fast_mode, rebase=False) + libc_rop = project.analyses.ROP(fast_mode=self._rop_fast_mode) libc_rop.set_badbytes(self._bad_bytes) if self._rop_cache and self._rop_cache[1]: l.info("Loading libc rop gadgets from cache") diff --git a/rex/exploit/techniques/rop_leak_memory.py b/rex/exploit/techniques/rop_leak_memory.py index 2485e2d..ffd214c 100644 --- a/rex/exploit/techniques/rop_leak_memory.py +++ b/rex/exploit/techniques/rop_leak_memory.py @@ -109,7 +109,7 @@ def apply(self, **kwargs): address_var = claripy.BVS('address_var', self.crash.project.arch.bits, explicit_name=True) length_var = claripy.BVS('length_var', self.crash.project.arch.bits, explicit_name=True) chain = self.rop.do_syscall(2, [1, address_var, length_var, 0x0], - ignore_registers=rop_uncontrolled) + preserve_regs=rop_uncontrolled) chain, chain_addr = self._ip_overwrite_with_chain(chain)