From 31ef0e9a7a67ba3c361e72d279ae84b9285fb470 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sat, 18 Mar 2023 21:21:44 -0400
Subject: rev: Normalize the reported offset of found gadgets

ROP gadgets returned through search from the r2 API will now always
contain a file-relative offset, even if they come from a non-pic binary
using a fixed baddr.

However, gadgets returned through the ELF API will be mapped according
to the ELF's Symtbl.  This ensures the correct offset is returned
following a library leak, and allows the user to always safely insert an
ELF-returned gadget into that ELF's Symtbl without issue.

Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
---
 sploit/rev/elf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sploit/rev/elf.py')

diff --git a/sploit/rev/elf.py b/sploit/rev/elf.py
index 990cfde..28cd08d 100644
--- a/sploit/rev/elf.py
+++ b/sploit/rev/elf.py
@@ -198,8 +198,8 @@ class ELF:
         cont (bool): If true, this function will return all of the assembly past
         the found gadget up to the next return point.
         """
-        return r2.rop_gadgets(self.path, *regexes, cont=cont)
+        return [ self.sym[g] for g in r2.rop_gadgets(self.path, *regexes, cont=cont) ]
 
     def gadget(self, *regexes):
         """Returns the first gadget found that matches the given regex list."""
-        return r2.rop_gadget(self.path, *regexes)
+        return self.sym[r2.rop_gadget(self.path, *regexes)]
-- 
cgit v1.2.3