Folks, a quick and dirty post on how to compare using Return Oriented Programming.

Lets say we simply want to compare two operands:

cmp %ax, %cx
Doing it by using a simple compare is pretty easy, but when we are dealing with ROP it’s pretty rare having a straight cmp %ax, %cx. So what is the alternative ? cmp (like many other commands) once compared the two operands sets a number of flags in the EFLAGS register. Luckily many other instructions set flags as side effect !!
For example we can use an instruction called neg. neg %ax calculates two’s complements and sets a carry flag (CF) is the argument is not zero. So, do you want test for equality ? neg is your guy ! Another great example comes from the function sub. sub %ax, %cx subtraces the source (%cx) operator from the destiny (%ax) and sets the Carry Flag once destiny is bigger then source. You might use it to compare if a number is greater then another.
Of course these are only a couple of ways to perform comparisons but are the most frequent ones. By searching on the imported libraries you will find a lot of neg and/or sub. Now you know how to use them ;).

One thought on “ ROP: How to make comparisons ? ”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.