Comparison between sections in a binary?

[Arslan8]

Hi,

I am trying to use this tool to compare the number of gadgets in a particular section in the binary with the number of overall gadgets in the binary. As the script doesn't take in address information about the binary, instead of modifying the internals of the script to support my use-case, I have used the following workflow:

1. I dump the relevant section of the binary in a raw form using obdump: objcopy -O binary --only-section=.text1 ./original.bin ./original.text1.bin
2. From the raw binaries I create an elf: objcopy.exe --input-target=binary --output-target=elf32-little ./original.text1.bin ./original.text1.bin.elf
3. Lastly, I run the tool on the two binaries: ./src/GSA.py --output_metrics --output_addresses ./original.bin "{'Aggressive':'./original.text1.bin.elf'}" --output_console

Since I am not familiar with the internals, I assume the way gadgets are counted in the original and debloated binary are independent so the comparison between these two binaries should work. However, in all cases, I see 100% gadget reduction and wanted to confirm if the workflow I used is compatible with GSA, as the tool is supposed to be used as a tool for debloated binaries. Note that, I don't see any warnings/errors from GSA in this workflow.

Thanks,
Arslan

[Arslan8]

any comments on this?

[michaelbrownuc]

Sorry, just now seeing this. GSA uses ROPgadget under the hood to catalog gadgets. AFAIK there is no option there to limit to gadgets in a particular section.

You could test your workflow by using ROPgadget directly on your section specific binaries and seeing if it can catalog gadgets. If they can, then GSA should be able to analyze and compare the sets.

[michaelbrownuc]

As for the comparison of one section's gadgets to the entire binary - I suspect something may be wrong if you are seeing 100% gadget reduction, GSA calculates this without considering addresses, so I would expect to see a non-zero value for gadget reduction.