Home

Awesome

ROPInjector

A tool written in C (Win32) to convert any shellcode in ROP and patch it into a given portable executable (PE). It supports only 32-bit target PEs and the x86 instruction set.

Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More info:

Usage

  ropinjector <file-to-infect> <shellcode-file> <output-file>* [options]*

(* denotes optional arguments)

e.g.

ropinjector.exe firefox.exe revshell.txt
				
	text		Force reading of shellcode file as text file. Shellcode in text 
				form must be in the \xHH\xHH\xHH format.
	
	norop		Don't transform shellcode to ROP.
	
	nounroll	Don't unroll SIBs.
	
	noinj		Don't inject missing gadgets.
	
	getpc		Don't replace getPC constructs in the shellcode.
	
	entry		Have shellcode run before the original PE code. Without this
				option, ROPInjector will try to hook calls to ExitProcess(),
				exit() and the like so that the shellcode runs last, right
				before process exit.
				
	-d<secs>	Number of seconds to Sleep() before executing the shellcode.
				When this option is specified, "entry" is also implicitly used.

ROPInjector will output some comma-delimited stats in the end. These are (in order of appearance):

LICENSE

GPLv2.0, http://www.gnu.org/licenses/old-licenses/gpl-2.0.html