Tools/scripts I used/developed during the EXP-301 course.
Tool to filter the rp++ output file for higher-quality ROP gadgets to greatly speed up the process of developing a ROP chain. example without ASLR:
python3 filter-ropfile.py rpppfile.txt --bad-bytes "\x00\x0a\x0d"
With ASLR, specify the number of hex chars of the address to disregard and the imagebase rp++ used:
python3 filter-ropfile.py rpppfile.txt --bad-bytes "\x00\x0a\x0d" --aslr 4 --image-base 10000000
Tool to run on the same module as rp++ to find out which dll base address rp++ used in its output file. The output of this script can be used as --image-base for filter-ropfile.py. Run this on Windows to not violate exp-301 course policies.
python3 find-imagebase.py path-to-module
Adapted version of the workspace from https://github.com/nextco/windbg-readable-theme to be more compatible with the Exp-301 course. Credits go to Nextco for developing the theme!
Edits made:
- Symbols are only resolved locally, as this otherwise hangs the UI for a while when starting WinDbg and attaching to a target process;
- Removed some unused windows. The Workspace now displays the assembly code & command windows like in the course and additionally also an overview of the registers and stack on the right. This greatly improved my work speed and visibility.