From dc989748f043b97d32947bf5c8b09546e85a2e3e Mon Sep 17 00:00:00 2001
From: Jack Bond-Preston <jackbondpreston@outlook.com>
Date: Wed, 2 Dec 2020 12:13:45 +0000
Subject: [PATCH] add ropper

---
 .gitignore                                       | 5 ++++-
 ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py | 5 ++++-
 autoRop.py                                       | 2 +-
 init.sh                                          | 7 +++++++
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index d2958a4..f3d61fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -145,4 +145,7 @@ out/*
 rop.txt
 
 # netcat 
-netcat-0.7.1
\ No newline at end of file
+netcat-0.7.1
+
+# Ropper
+Ropper
diff --git a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
index e09b60e..96839d2 100644
--- a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
+++ b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
@@ -84,14 +84,17 @@ class ROPMakerX86(object):
         return p
 
     def __write4bytes(self, address, data, data_addr, popDst, popSrc, write4where):
+        # write address to dst
         p  = pack("<I", popDst['vaddr'])
         p += pack("<I", address)
-        p += self.__padding(popDst, {})
+        p += self.__padding(popDst, {}) 
 
+        # write data to src
         p += pack("<I", popSrc['vaddr'])
         p += data
         p += self.__padding(popSrc, {popDst["gadget"].split()[1]: data_addr}) # Don't overwrite reg dst
 
+        # write src to [dst] (address pointed to by dst)
         p += pack("<I", write4where['vaddr'])
         p += self.__padding(write4where, {})
 
diff --git a/autoRop.py b/autoRop.py
index 4315218..e8f92a4 100755
--- a/autoRop.py
+++ b/autoRop.py
@@ -113,4 +113,4 @@ if run:
     print()
     print(f"[ Run Program : ./{exec_file} {rop_file} ]")
     os.execv(exec_file, [exec_file, rop_file])
-    
\ No newline at end of file
+    
diff --git a/init.sh b/init.sh
index 26aa0c1..64ee127 100644
--- a/init.sh
+++ b/init.sh
@@ -31,6 +31,13 @@ python3 -m pip uninstall --yes ROPgadget
 
 cd /home/vagrant/cw && ./ropinstall.sh
 
+python3 -m pip install --upgrade keystone-engine capstone filebytes pyvex
+cd /home/vagrant/cw && git clone https://github.com/sashs/Ropper.git
+cd /home/vagrant/cw/Ropper && git submodule init && git submodule update
+cd /home/vagrant/ && git clone https://github.com/Z3Prover/z3.git && cd z3 && python3 scripts/mk_make.py && cd build && make -j$(nproc) && sudo make install
+cp -R /home/vagrant/z3/build/python/z3 /home/vagrant/cw/Ropper
+
+
 sudo apt-get clean
 
 echo ":)"
\ No newline at end of file