Can't find the pop rdi;ret; with ropr in LK01

Question

Can't find the pop rdi;ret; with ropr in LK01

Securee opened this issue a year ago · comments

Hi,
I try to following the LK01 to reproduce the get root procedure.
But when I use ropr to get rop gadget by: ropr vmlinux --noisy --nosys --nojop -R '^pop rdi.+ret;'
the result is:

the address 0xffffffff81f1f0e9 of curse in not correct.

I have no idear why the ropr can't find the correct address

Yudai · Answer 1 · Thu Aug 24 2023 15:11:07 GMT+0800 (China Standard Time)

You can use nouniq option to get other gadgets.
Please refer this PR for more details:
Ben-Lichtman/ropr#13