In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for bypassing kernel and user address separation mitigations such as SMEP (Supervisor Mode Execution Protection) on recent Intel CPUs.

The goal of this tutorial is to demonstrate how a kernel ROP chain can be constructed to elevate user privileges

Check you rop exploit on victim using js before executing it

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64/ARM binaries. It is open-source and has been tested on several OS: Debian / Windows 8.1 / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible and supports Intel syntax. Standalone executables can also be directly downloaded.