Skip to content

Instantly share code, notes, and snippets.

@mgeeky mgeeky/
Last active Jan 16, 2017

What would you like to do?
Ultra simple Assembly instruction grepper rolling byte-by-byte within target's .text section - to be used while looking for trampoline address for ROP/Exploit
# Simple script for finding specific instructions within target's .text section
# even inside other ones (rolling byte-by-byte), like to be used during ROP
# building in Exploit development.
# Written as I was out of internet and needed such utility on a vanilla plain
# linux where all I had was binutils. :)
# Yup, it's not perfect, but allowed me to find JMP ESP in a blink of an eye.
# Mariusz B., 2016
if [ "$#" -lt "2" ]; then
echo "Usage: findInstr <file> <regexp> [grep-opts]"
exit 1
S=$(readelf -W -S $FILE | grep .text);
A=0x$(echo $S | awk '{print $4}');
B=0x$(echo $S | awk '{print $6}');
for (( i = 0 ; i < $B ; i++))
ADDR=$(printf "0x%08X" $(($A + $i)) );
objdump -j .text -D -M intel --start-address $ADDR $FILE | grep -vE "^$" | grep -vE "<|>|Disassembly|file|format" 2>&1
done | grep --color=always $OPTS -iE "$PATTERN" | sed -r 's/DWORD|FWORD|WORD|BYTE|PTR//g' | sort -u
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.