RIP Module
-
class RopUtils
- #include <RopUtils.h>
Utility functions for ROP chain generation.
Public Static Functions
-
static void Ret2Usr(RopChain &rop, void *after_lpe_func, size_t stack_size = 0x8000, size_t redzone_size = 0x100)
Generates a ROP chain to return to user space after a kernel exploit.
This function sets up a fake user stack and uses the KPTI trampoline to transition back to user space.
- Parameters:
rop – The RopChain object to add the return-to-user ROP action to.
after_lpe_func – The address of the function to execute in user space after returning from the kernel.
stack_size – The size of the fake user stack to allocate (default is 0x8000).
redzone_size – The size of the redzone at the end of the fake user stack (default is 0x100).
-
static void Ret2Usr(RopChain &rop, void *after_lpe_func, size_t stack_size = 0x8000, size_t redzone_size = 0x100)