ROPgadget安装及报错解决

Uncategorized
4.4k words

安装

sudo apt-get install python-capstone
 
git clone https://github.com/JonathanSalwan/ROPgadget.git
 
cd ROPgadget
 
sudo python setup.py install

运行

m1sceden4@DESKTOP-H37I3CV:~/ROPgadget$ ROPgadget

报错

运行之后可能会发现报错

Traceback (most recent call last):
  File "/usr/local/bin/ROPgadget", line 4, in <module>
    __import__('pkg_resources').run_script('ROPGadget==6.6', 'ROPgadget')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1429, in run_script
    .format(**locals()),
pkg_resources.ResolutionError: Script 'scripts/ROPgadget' not found in metadata at '/usr/local/lib/python3.6/dist-packages/ROPGadget-6.6.dist-info'

解决

sudo cp -r scripts /usr/local/lib/python3.6/dist-packages/ROPGadget-6.6.dist-info

这里不要复制 , 将你之前报错中显示的路径复制到上面的路径中

m1sceden4@DESKTOP-H37I3CV:~/ROPgadget$ ROPgadget --help
usage: ROPgadget [-h] [-v] [-c] [--binary <binary>] [--opcode <opcodes>]
                 [--string <string>] [--memstr <string>] [--depth <nbyte>]
                 [--only <key>] [--filter <key>] [--range <start-end>]
                 [--badbytes <byte>] [--rawArch <arch>] [--rawMode <mode>]
                 [--rawEndian <endian>] [--re <re>] [--offset <hexaddr>]
                 [--ropchain] [--thumb] [--console] [--norop] [--nojop]
                 [--callPreceded] [--nosys] [--multibr] [--all] [--noinstr]
                 [--dump] [--silent] [--align ALIGN] [--mipsrop <rtype>]

description:
  ROPgadget lets you search your gadgets on a binary. It supports several
  file formats and architectures and uses the Capstone disassembler for
  the search engine.

formats supported:
  - ELF
  - PE
  - Mach-O
  - Raw

architectures supported:
  - x86
  - x86-64
  - ARM
  - ARM64
  - MIPS
  - PowerPC
  - Sparc

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Display the ROPgadget's version
  -c, --checkUpdate     Checks if a new version is available
  --binary <binary>     Specify a binary filename to analyze
  --opcode <opcodes>    Search opcode in executable segment
  --string <string>     Search string in readable segment
  --memstr <string>     Search each byte in all readable segment
  --depth <nbyte>       Depth for search engine (default 10)
  --only <key>          Only show specific instructions
  --filter <key>        Suppress specific mnemonics
  --range <start-end>   Search between two addresses (0x...-0x...)
  --badbytes <byte>     Rejects specific bytes in the gadget's address
  --rawArch <arch>      Specify an arch for a raw file
  --rawMode <mode>      Specify a mode for a raw file
  --rawEndian <endian>  Specify an endianness for a raw file
  --re <re>             Regular expression
  --offset <hexaddr>    Specify an offset for gadget addresses
  --ropchain            Enable the ROP chain generation
  --thumb               Use the thumb mode for the search engine (ARM only)
  --console             Use an interactive console for search engine
  --norop               Disable ROP search engine
  --nojop               Disable JOP search engine
  --callPreceded        Only show gadgets which are call-preceded
  --nosys               Disable SYS search engine
  --multibr             Enable multiple branch gadgets
  --all                 Disables the removal of duplicate gadgets
  --noinstr             Disable the gadget instructions console printing
  --dump                Outputs the gadget bytes
  --silent              Disables printing of gadgets during analysis
  --align ALIGN         Align gadgets addresses (in bytes)
  --mipsrop <rtype>     MIPS useful gadgets finder
                        stackfinder|system|tails|lia0|registers

examples:
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --ropchain
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --depth 3
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string "main"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string "m..n"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|ret"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|pop|xor|ret"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --filter "xchg|add|sub|cmov.*"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --memstr "/bin/sh"
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --console
  ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --badbytes "00|01-1f|7f|42"
  ROPgadget.py --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000
  ROPgadget.py --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5
  ROPgadget.py --binary ./test-suite-binaries/elf-ARM64-bash --depth 5
  ROPgadget.py --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32

问题解决