What is Rip-Rop Deducer: Return-Oriented Programming (ROP) emerges today as one of the most effective ways to attack software. There are several techniques that have been proposed in the literature to protect programs against this kind of attack. However, none of these strategies seems to be foolproof. For instance, a recent approach to detect ROP attacks uses the density of function terminators, e.g., return (RET) instructions, to identify attacks. A high density of such instructions indicates an exploit with very high probability. Although effective, this approach may yield false positives, because there are applications that can display – legitimately – a high density of RET opcodes in their instruction stream. Identifying the maximum density of RETs that a program may produce during its execution is, thus, a very important problem.

Select a C/C++ file to upload:

Choose the output:
RIP-ROP Deducer estimates, statically, the maximum density of RETs that can be observed in a program’s trace. Given the source code of a program, we can generate its Control Flow Graph (CFG). Then we determine the path in this CFG that yields the greatest amount of RETs for a fixed size instructions window (e.g. 32 instructions). The identification of this maximum threshold of RETs allows that the optimal values of threshold be applied in a frequency-based defense mechanism against ROP attacks.
How to use this page: To use this page, you must load up a C or C++ file using the console on the right. Upon clicking on 'Compile Source Code', you will receive back a number, stating the maximum density of return instructions in windows of 32 and 64 instructions. We will also give you a graph indicating the path, within the Control Flow Graph of the program, along which such a density can be found.