Add --offset option to specify an arbitrary offset to the base address about ropper HOT 5 CLOSED

Hey,

ropper has such an option, but it works a little bit different. The option -I (upper i) sets the imagebase. The default imagebase of an library in linux is 0x0 and if you use that option, you can add an offset.
But for example /bin/ls (x64) has an imagebase of 0x400000
0x000000000040d6cb: xlatb; jne 0xd6a8; mov rax, rcx; ret;
If you set -I 0x1000000, you will get
0x000000000100d6cb: xlatb; jne 0xd6a8; mov rax, rcx; ret;
If you set -I 0x0, you will get (only the offset in the file will be printed)
0x000000000000d6cb: xlatb; jne 0xd6a8; mov rax, rcx; ret;

This is very useful when you look for gadgets in PE files and the application makes use of ASLR.

I hope this helps. ;)

from ropper.

How could I miss that... Sorry about that, closing the issue!

Thanks again for your tool!

from ropper.

No problem. :)
You can set this in the interactive commandline as well. There is the command imagebase

from ropper.

Yes, that's exactly what I was looking for. Just FYI, I made ropper the only ROP finder for my tool gef, and the use of the option imagebase is to create an accurate ROP chain based on the current debugging context (considering the process mapping, page permission and such). ROPgadget allows me only to do a subset of this but I think ropper will do the trick perfectly.

Cheers,

from ropper.

Cool! In the ropper cli it is possible to open multiple files. ATM I have noticed that I forgot to change -I that you can change the imagebase when you open multiple files with --files.

from ropper.