RPOrganizer.exe is a helper tool created with .NET Core to help organize (as a first filter) ROPs commands in order to create ROP chains.
It receives as input a file generated by RP++ (https://github.com/0vercl0k/rp)
PS C:\Users\daniel\Desktop\RP> .\rp-win-x86.exe -f "somedll.dll" -r 5 > rop.txtUsage:
PS C:\Users\daniel> .\RPOrganizer.exe C:\Temp\ROP.txt C:\Temp\Output.txt
[+] Loaded 195983 gadgets...
[!] Found 0 "DEREF" gadgets...
[!] Found 123 "XCHG" gadgets...
[!] Found 15 "MOV" gadgets...
[!] Found 30 "ADD" gadgets...
[!] Found 2 "SUB" gadgets...
[!] Found 3638 "POP" gadgets...
[!] Found 3 "NEG" gadgets...
[!] Found 66 "INC" gadgets...
[!] Found 64 "DEC" gadgets...
[!] Found 17007 "RET" gadgets...
[!] Found 0 "WRITE" gadgets...
[!] Found 67 "GET ESP" gadgets...
[+] Output saved to C:\Temp\Output.txtThe output file would loook like:
DEREF gadgets [0]
-----------------
XCHG gadgets [123]
------------------
0x68aad07c, # .\Qt5Core.dll :: xchg eax, ebx ; ret ;
0x68ab1639, # .\Qt5Core.dll :: xchg eax, ebx ; ret ;
0x68b06a41, # .\Qt5Core.dll :: xchg eax, ebx ; ret ;
0x68b5a3c3, # .\Qt5Core.dll :: xchg eax, ebx ; ret ;
[...]
SUB gadgets [2]
---------------
0x68ad422b, # .\Qt5Core.dll :: sub eax, ecx ; ret ;
0x68ad4276, # .\Qt5Core.dll :: sub eax, ecx ; ret ;
POP gadgets [3638]
------------------
0x68ae7ee3, # .\Qt5Core.dll :: pop eax ; ret ;
0x68aec4a6, # .\Qt5Core.dll :: pop eax ; ret ;
0x68aec6ab, # .\Qt5Core.dll :: pop eax ; ret ;
[...]
WRITE gadgets [0]
-----------------
GET ESP gadgets [67]
--------------------
0x68c47182, # .\Qt5Core.dll :: add al, 0x1B ; push esp ; and al, 0x14 ; add esp, 0x28 ; pop ebx ; ret ;
0x68c02aa5, # .\Qt5Core.dll :: add byte [eax+eax*8+0x5E892674], al ; push esp ; add esp, 0x14 ; pop ebx ; pop esi ; retn 0x0004 ;
0x68d773f2, # .\Qt5Core.dll :: add byte [ecx-0x2A17DBFC], cl ; push esp ; sar edi, cl ; add esp, 0x18 ; pop ebx ; ret ;
[...]It was created during my studies for OSED and it's far from it's optimal stage.