Universalrop Save

$ time python test_amd64.py 
Gadgets used:
0x1000104: pop r13; pop r14; ret 
0x1000500: mov rax, r13; ret 
0x1000700: pop rdx; jmp rax
0x1000a00: pop rsi; ret 
0x1000102: pop r12; pop r13; pop r14; ret 
0x1000500: mov rax, r13; ret 
0x1000200: mov rdi, rax; pop rbx; ret 
Ropchain:
00000000  04 01 00 01  00 00 00 00  00 0a 00 01  00 00 00 00  │····│····│····│····│
00000010  52 44 49 3d  41 52 47 11  00 05 00 01  00 00 00 00  │RDI=│ARG·│····│····│
00000020  00 07 00 01  00 00 00 00  52 44 58 3d  41 52 47 33  │····│····│RDX=│ARG3│
00000030  52 53 49 3d  41 52 47 32  02 01 00 01  00 00 00 00  │RSI=│ARG2│····│····│
00000040  02 05 08 14  01 00 03 00  52 44 49 3d  41 52 47 31  │····│····│RDI=│ARG1│
00000050  52 44 49 3c  41 52 47 11  00 05 00 01  00 00 00 00  │RDI<│ARG·│····│····│
00000060  00 02 00 01  00 00 00 00  52 49 50 3d  46 55 4e 43  │····│····│RIP=│FUNC│
00000070  52 49 50 3d  46 55 4e 43                            │RIP=│FUNC││
00000078
 
real    1m25.203s
user    1m24.408s
sys 0m0.784s

$ time python test_arm.py
Gadgets used:
0x1000: pop {r1, r2, r7, pc}
0x1010: mov r0, r2; pop {r7, pc}
0x1000: pop {r1, r2, r7, pc}
0x1020: mov r3, r0; bx r7
0x1010: mov r0, r2; pop {r7, pc}
0x1000: pop {r1, r2, r7, pc}
Ropchain:
00000000  00 10 00 00  41 52 47 32  41 52 47 34  11 00 00 00  │····│ARG2│ARG4│····│
00000010  10 10 00 00  11 00 00 00  00 10 00 00  41 52 47 32  │····│····│····│ARG2│
00000020  41 52 47 31  10 10 00 00  20 10 00 00  41 52 47 32  │ARG1│····│ ···│ARG2│
00000030  00 10 00 00  41 52 47 32  41 52 47 33  00 00 00 00  │····│ARG2│ARG3│····│
00000040  46 55 4e 43                                         │FUNC││
00000044
 
real    0m13.315s
user    0m12.632s
sys 0m0.632s