one_gadget 1.7.4 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0fe60c3f0af1e50f5f6e4bf579e5af69873791ae698fe31312a03e4f05fba8fc
-  data.tar.gz: 6ff66186eda2487cc7e8dcce6db357fc26a761b6d341a9549a826b8e7bb81836
+  metadata.gz: 698ac48e3e7980de7f6c1b5b8bb4085a0466702cd80a427c33612191b6bda47c
+  data.tar.gz: 55bad01393fc60e1872becf2f0b3e9d2b92a5269683428617f8fb09d1f3776a7
 SHA512:
-  metadata.gz: 7d6337e050e7b571564ed3b69b4913349955c4b2adf5ae41a7df34c9ac8fb26fd75cebb1e26c2190eaad40cdbdfe80030285cbc785a230af738bf53355dddebf
-  data.tar.gz: ab229816cbeee8d2dc4546a7db6ac21e010526ddd3f66b41f62d235f0b0ef86f626a636aa507909fd7a1105c5dd8ecbe710ed8f58cdaa3ecf45f43d55c650b0e
+  metadata.gz: 6069d1f1c95628d2fd5a30430ce5f3b80ddd6256a2df0d5a94bede26aa034c5e796cb0682496f94835d31b5c359f78dc42fc7e3c942305b3c3bc597d5a5c722f
+  data.tar.gz: 8d69884a81539655aa360af17a6c443f65985235e422a9ea45f2a693cf0dff4387436c4e4340d9160e73166dc686067a87c025a466d71623a86c9ba600895880

data/README.md

@@ -1,4 +1,5 @@
 [![Gem Version](https://badge.fury.io/rb/one_gadget.svg)](https://badge.fury.io/rb/one_gadget)
+[![Build Status](https://github.com/david942j/one_gadget/workflows/build/badge.svg)](https://github.com/david942j/one_gadget/actions)
 [![Downloads](http://ruby-gem-downloads-badge.herokuapp.com/one_gadget?type=total&color=orange)](https://rubygems.org/gems/one_gadget)
 [![Code Climate](https://codeclimate.com/github/david942j/one_gadget/badges/gpa.svg)](https://codeclimate.com/github/david942j/one_gadget)
 [![Issue Count](https://codeclimate.com/github/david942j/one_gadget/badges/issue_count.svg)](https://codeclimate.com/github/david942j/one_gadget)
@@ -339,7 +340,7 @@ one_gadget('b417c0ba7cc5cf06d1d1bed6652cedb9253c60d0')
 ```python
 import subprocess
 def one_gadget(filename):
-  return map(int, subprocess.check_output(['one_gadget', '--raw', filename]).split(' '))
+  return [int(i) for i in subprocess.check_output(['one_gadget', '--raw', filename]).decode().split(' ')]
 
 one_gadget('/lib/x86_64-linux-gnu/libc.so.6')
 #=> [324293, 324386, 1090444]

data/lib/one_gadget/abi.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module OneGadget
-  # Defines the abi of different architectures.
+  # Defines the ABI of different architectures.
   module ABI
     # Registers of i386.
     X86_32 = %w[eax ebx ecx edx edi esi ebp esp] + 0.upto(7).map { |i| "xmm#{i}" }
@@ -19,7 +19,7 @@ module OneGadget
     # Registers' name of amd64.
     # @return [Array<String>] List of registers.
     def amd64
-      X86_64.uniq
+      X86_64
     end
 
     # Registers' name of i386.

data/lib/one_gadget/builds/libc-2.19-df559a150829d9f3cdd0b5ce1e5b4d512d20f55f.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.19-16.2.5.i686/lib/libc-2.19.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-32bit-2.19-16.2.5.x86_64/lib/libc-2.19.so
 # 
 # Intel 80386
 # 

data/lib/one_gadget/builds/libc-2.20-398115bd423958b1769317a6f7e4928df141eb57.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-3-i686.pkg.tar/usr/lib/libc-2.20.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-4-i686.pkg.tar/usr/lib/libc-2.20.so
 # 
 # Intel 80386
 # 

data/lib/one_gadget/builds/libc-2.20-f3063b7115d5a383189937852ce356f4c60fd190.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-3-x86_64.pkg.tar/usr/lib/libc-2.20.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.20-4-x86_64.pkg.tar/usr/lib/libc-2.20.so
 # 
 # Advanced Micro Devices X86-64
 # 

data/lib/one_gadget/builds/libc-2.21-9ac81172d5ff96f40d984fe7c10073a98f1a6b2e.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-1-x86_64.pkg.tar/usr/lib/libc-2.21.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-2-x86_64.pkg.tar/usr/lib/libc-2.21.so
 # 
 # Advanced Micro Devices X86-64
 # 

data/lib/one_gadget/builds/libc-2.21-f0c24219cbba0605e39e02123398437c5dbbb104.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-2.21-3.2.i686/lib/libc-2.21.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/glibc-32bit-2.21-3.2.x86_64/lib/libc-2.21.so
 # 
 # Intel 80386
 # 

data/lib/one_gadget/builds/libc-2.22-b916e3c1d80069d0209f6376b33e42b75ec49eda.rb

@@ -1,5 +1,5 @@
 require 'one_gadget/gadget'
-# https://gitlab.com/david942j/libcdb/blob/master/libc/lib32-glibc-2.22-3-x86_64.pkg.tar/usr/lib32/libc-2.22.so
+# https://gitlab.com/david942j/libcdb/blob/master/libc/lib32-glibc-2.22-3.1-x86_64.pkg.tar/usr/lib32/libc-2.22.so
 # 
 # Intel 80386
 # 

data/lib/one_gadget/builds/libc-2.23-18f761287ed46e213bec29c2e440e73fd72373be.rb

@@ -0,0 +1,46 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.23-0ubuntu11.3_i386/lib/i386-linux-gnu/libc-2.23.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.3) stable release version 2.23, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 5.4.0 20160609.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 240748,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x28, environ)")
+OneGadget::Gadget.add(build_id, 240750,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x2c, environ)")
+OneGadget::Gadget.add(build_id, 240754,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 240761,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 240796,
+                      constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp])")
+OneGadget::Gadget.add(build_id, 240797,
+                      constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp], [esp+0x4])")
+OneGadget::Gadget.add(build_id, 392149,
+                      constraints: ["esi is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 392150,
+                      constraints: ["esi is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+

data/lib/one_gadget/builds/libc-2.23-30773be8cf5bfed9d910c8473dd44eaab2e705ab.rb

@@ -0,0 +1,46 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.23-0ubuntu11.3_amd64/lib/x86_64-linux-gnu/libc-2.23.so
+# 
+# Advanced Micro Devices X86-64
+# 
+# GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.3) stable release version 2.23, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 5.4.0 20160609.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 283174,
+                      constraints: ["rax == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 283258,
+                      constraints: ["[rsp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 840051,
+                      constraints: ["[rcx] == NULL || rcx == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", rcx, r12)")
+OneGadget::Gadget.add(build_id, 840264,
+                      constraints: ["[rax] == NULL || rax == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", rax, r12)")
+OneGadget::Gadget.add(build_id, 983972,
+                      constraints: ["[rsp+0x50] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x50, environ)")
+OneGadget::Gadget.add(build_id, 983984,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, [rax])")
+OneGadget::Gadget.add(build_id, 987719,
+                      constraints: ["[rsp+0x70] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
+OneGadget::Gadget.add(build_id, 1009648,
+                      constraints: ["[rcx] == NULL || rcx == NULL", "[[rbp-0xf8]] == NULL || [rbp-0xf8] == NULL"],
+                      effect: "execve(\"/bin/sh\", rcx, [rbp-0xf8])")
+

data/lib/one_gadget/builds/libc-2.23-635101aec7213fdc442419bf65a92047a862ff32.rb

@@ -0,0 +1,46 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-i386_2.23-0ubuntu11.3_amd64/lib32/libc-2.23.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.3) stable release version 2.23, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 5.4.0 20160609.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 239644,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x28, environ)")
+OneGadget::Gadget.add(build_id, 239646,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x2c, environ)")
+OneGadget::Gadget.add(build_id, 239650,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 239657,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 239692,
+                      constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp])")
+OneGadget::Gadget.add(build_id, 239693,
+                      constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp], [esp+0x4])")
+OneGadget::Gadget.add(build_id, 389237,
+                      constraints: ["esi is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 389238,
+                      constraints: ["esi is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+

data/lib/one_gadget/builds/libc-2.23-f2f2f2af4f3e8597cca1fdff1008a834c78de42b.rb

@@ -0,0 +1,43 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-amd64_2.23-0ubuntu11.3_i386/lib64/libc-2.23.so
+# 
+# Advanced Micro Devices X86-64
+# 
+# GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11.3) stable release version 2.23, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 5.4.0 20160609.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 259286,
+                      constraints: ["rax == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 259370,
+                      constraints: ["[rsp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 753847,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, r12)")
+OneGadget::Gadget.add(build_id, 754056,
+                      constraints: ["[[rbp-0x40]] == NULL || [rbp-0x40] == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", [rbp-0x40], r12)")
+OneGadget::Gadget.add(build_id, 875271,
+                      constraints: ["[rsp+0x70] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
+OneGadget::Gadget.add(build_id, 875283,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, [rax])")
+OneGadget::Gadget.add(build_id, 890033,
+                      constraints: ["[r9] == NULL || r9 == NULL", "[rdx] == NULL || rdx == NULL"],
+                      effect: "execve(\"/bin/sh\", r9, rdx)")
+

data/lib/one_gadget/builds/libc-2.24-349119af9e223829ea24f6b7226bdff0182e73f2.rb

@@ -0,0 +1,49 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.24-3ubuntu1_amd64/lib/x86_64-linux-gnu/libc-2.24.so
+# 
+# Advanced Micro Devices X86-64
+# 
+# GNU C Library (Ubuntu GLIBC 2.24-3ubuntu1) stable release version 2.24, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 6.2.0 20161005.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 283990,
+                      constraints: ["rax == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 284074,
+                      constraints: ["[rsp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 840298,
+                      constraints: ["[r15] == NULL || r15 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", r15, r13)")
+OneGadget::Gadget.add(build_id, 840981,
+                      constraints: ["[[rbp-0x78]] == NULL || [rbp-0x78] == NULL", "[[rbp-0x50]] == NULL || [rbp-0x50] == NULL"],
+                      effect: "execve(\"/bin/sh\", [rbp-0x78], [rbp-0x50])")
+OneGadget::Gadget.add(build_id, 840985,
+                      constraints: ["[r9] == NULL || r9 == NULL", "[[rbp-0x50]] == NULL || [rbp-0x50] == NULL"],
+                      effect: "execve(\"/bin/sh\", r9, [rbp-0x50])")
+OneGadget::Gadget.add(build_id, 840989,
+                      constraints: ["[r9] == NULL || r9 == NULL", "[rdx] == NULL || rdx == NULL"],
+                      effect: "execve(\"/bin/sh\", r9, rdx)")
+OneGadget::Gadget.add(build_id, 985745,
+                      constraints: ["[rsp+0x50] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x50, environ)")
+OneGadget::Gadget.add(build_id, 985757,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, [rax])")
+OneGadget::Gadget.add(build_id, 989465,
+                      constraints: ["[rsp+0x70] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
+

data/lib/one_gadget/builds/libc-2.24-3fce81d490804af9759c70bf197380bc05a584c2.rb

@@ -0,0 +1,46 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-i386_2.24-3ubuntu1_amd64/lib32/libc-2.24.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu GLIBC 2.24-3ubuntu1) stable release version 2.24, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 6.2.0 20161005.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 239484,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x28, environ)")
+OneGadget::Gadget.add(build_id, 239486,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x2c, environ)")
+OneGadget::Gadget.add(build_id, 239490,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 239497,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 239532,
+                      constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp])")
+OneGadget::Gadget.add(build_id, 239533,
+                      constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp], [esp+0x4])")
+OneGadget::Gadget.add(build_id, 391205,
+                      constraints: ["esi is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 391206,
+                      constraints: ["esi is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+

data/lib/one_gadget/builds/libc-2.24-a51ace667ccae6a8887837efb18259a906704bed.rb

@@ -0,0 +1,46 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.24-3ubuntu1_i386/lib/i386-linux-gnu/libc-2.24.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu GLIBC 2.24-3ubuntu1) stable release version 2.24, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 6.2.0 20161005.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 241372,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x28] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x28, environ)")
+OneGadget::Gadget.add(build_id, 241374,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x2c] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x2c, environ)")
+OneGadget::Gadget.add(build_id, 241378,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 241385,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 241420,
+                      constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp])")
+OneGadget::Gadget.add(build_id, 241421,
+                      constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp], [esp+0x4])")
+OneGadget::Gadget.add(build_id, 393909,
+                      constraints: ["esi is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 393910,
+                      constraints: ["esi is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+

data/lib/one_gadget/builds/libc-2.24-deefae132c5a39ba892bc189edd91f73c1ea1f14.rb

@@ -0,0 +1,37 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6-amd64_2.24-3ubuntu1_i386/lib64/libc-2.24.so
+# 
+# Advanced Micro Devices X86-64
+# 
+# GNU C Library (Ubuntu GLIBC 2.24-3ubuntu1) stable release version 2.24, by Roland McGrath et al.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 6.2.0 20161005.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 258966,
+                      constraints: ["rax == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 259050,
+                      constraints: ["[rsp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 756632,
+                      constraints: ["[r13] == NULL || r13 == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", r13, r12)")
+OneGadget::Gadget.add(build_id, 878901,
+                      constraints: ["[rsp+0x70] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
+OneGadget::Gadget.add(build_id, 878913,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, [rax])")
+

data/lib/one_gadget/builds/libc-2.25-58c735bc7b19b0aeb395cce70cf63bd62ac75e4a.rb

@@ -28,6 +28,15 @@ OneGadget::Gadget.add(build_id, 265183,
 OneGadget::Gadget.add(build_id, 765680,
                       constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
                       effect: "execve(\"/bin/sh\", r12, r13)")
+OneGadget::Gadget.add(build_id, 765738,
+                      constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 765742,
+                      constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 765750,
+                      constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
 OneGadget::Gadget.add(build_id, 890131,
                       constraints: ["[rsp+0x80] == NULL"],
                       effect: "execve(\"/bin/sh\", rsp+0x80, environ)")

data/lib/one_gadget/builds/libc-2.26-1c39b3b3faa2a2cbb0fa0b6845b29332562262d3.rb

@@ -28,6 +28,15 @@ OneGadget::Gadget.add(build_id, 269182,
 OneGadget::Gadget.add(build_id, 799344,
                       constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
                       effect: "execve(\"/bin/sh\", r12, r13)")
+OneGadget::Gadget.add(build_id, 799402,
+                      constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 799406,
+                      constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 799414,
+                      constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
 OneGadget::Gadget.add(build_id, 921646,
                       constraints: ["[rsp+0x70] == NULL"],
                       effect: "execve(\"/bin/sh\", rsp+0x70, environ)")

data/lib/one_gadget/builds/libc-2.26-6d2b609f0c8e7b338f767b08c5ac712fac809d31.rb

@@ -28,6 +28,15 @@ OneGadget::Gadget.add(build_id, 294042,
 OneGadget::Gadget.add(build_id, 890627,
                       constraints: ["[r13] == NULL || r13 == NULL", "[rbx] == NULL || rbx == NULL"],
                       effect: "execve(\"/bin/sh\", r13, rbx)")
+OneGadget::Gadget.add(build_id, 890922,
+                      constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
+OneGadget::Gadget.add(build_id, 890926,
+                      constraints: ["writable: rbp-0x40", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
+OneGadget::Gadget.add(build_id, 890934,
+                      constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
 OneGadget::Gadget.add(build_id, 891345,
                       constraints: ["[[rbp-0xa0]] == NULL || [rbp-0xa0] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
                       effect: "execve(\"/bin/sh\", [rbp-0xa0], [rbp-0x70])")

data/lib/one_gadget/builds/libc-2.26-ddcc13122ddbfe5e5ef77d4ebe66d124ae5762c2.rb

@@ -28,6 +28,15 @@ OneGadget::Gadget.add(build_id, 294042,
 OneGadget::Gadget.add(build_id, 890723,
                       constraints: ["[r13] == NULL || r13 == NULL", "[rbx] == NULL || rbx == NULL"],
                       effect: "execve(\"/bin/sh\", r13, rbx)")
+OneGadget::Gadget.add(build_id, 891018,
+                      constraints: ["writable: rbp-0x48", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
+OneGadget::Gadget.add(build_id, 891022,
+                      constraints: ["writable: rbp-0x40", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
+OneGadget::Gadget.add(build_id, 891030,
+                      constraints: ["writable: rbp-0x50", "[rbp-0x50] == NULL || rbp-0x50 == NULL", "[rbx] == NULL || rbx == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x50, rbx)")
 OneGadget::Gadget.add(build_id, 891441,
                       constraints: ["[[rbp-0xa0]] == NULL || [rbp-0xa0] == NULL", "[[rbp-0x70]] == NULL || [rbp-0x70] == NULL"],
                       effect: "execve(\"/bin/sh\", [rbp-0xa0], [rbp-0x70])")

data/lib/one_gadget/builds/libc-2.26-fb587bc4429e7d1b0de31a3b9ee8ae78ee797eb0.rb

@@ -28,6 +28,15 @@ OneGadget::Gadget.add(build_id, 269182,
 OneGadget::Gadget.add(build_id, 799376,
                       constraints: ["[r12] == NULL || r12 == NULL", "[r13] == NULL || r13 == NULL"],
                       effect: "execve(\"/bin/sh\", r12, r13)")
+OneGadget::Gadget.add(build_id, 799434,
+                      constraints: ["writable: rbp-0x38", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 799438,
+                      constraints: ["writable: rbp-0x30", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
+OneGadget::Gadget.add(build_id, 799446,
+                      constraints: ["writable: rbp-0x40", "[rbp-0x40] == NULL || rbp-0x40 == NULL", "[r13] == NULL || r13 == NULL"],
+                      effect: "execve(\"/bin/sh\", rbp-0x40, r13)")
 OneGadget::Gadget.add(build_id, 921694,
                       constraints: ["[rsp+0x70] == NULL"],
                       effect: "execve(\"/bin/sh\", rsp+0x70, environ)")

data/lib/one_gadget/builds/libc-2.27-14cd15d2eb0bc25c89045873cf807f7533e4788d.rb

@@ -0,0 +1,47 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.27-3ubuntu1.4_i386/lib/i386-linux-gnu/libc-2.27.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu GLIBC 2.27-3ubuntu1.4) stable release version 2.27.
+# Copyright (C) 2018 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 7.5.0.
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 250291,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 250293,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x38] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x38, environ)")
+OneGadget::Gadget.add(build_id, 250297,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x3c] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x3c, environ)")
+OneGadget::Gadget.add(build_id, 250304,
+                      constraints: ["esi is the GOT address of libc", "[esp+0x40] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x40, environ)")
+OneGadget::Gadget.add(build_id, 250339,
+                      constraints: ["esi is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp]] == NULL || [esp] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp])")
+OneGadget::Gadget.add(build_id, 250340,
+                      constraints: ["esi is the GOT address of libc", "[[esp]] == NULL || [esp] == NULL", "[[esp+0x4]] == NULL || [esp+0x4] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp], [esp+0x4])")
+OneGadget::Gadget.add(build_id, 424927,
+                      constraints: ["esi is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 424928,
+                      constraints: ["esi is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+OneGadget::Gadget.add(build_id, 1277358,
+                      constraints: ["ebx is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 1277359,
+                      constraints: ["ebx is the GOT address of libc", "[esp] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp])")
+