What exactly is immediate gadget in ROP - security exploit technique in Return Oriented Programming?
I am reading some theory about ROPs and for Immediate Gadget is only written, that we have a pointer to the code sequence:
pop %ebx ; ret
Instruction
pop %ebx
will load the next dword into %ebx.
But I do not get it why would this be useful? If you are loading something from some library you are trying to get some useful gadgets and why is there "Immediate"?
As you are in control of values on stack when this gadget gets executed, you can use it to store arbitrary value into the ebx register.
All you need to do that is to write the desired value to the correct place on the stack and have this gadget ran.
So this gadget allows you to perform operations equivalent to the "load immediate" movl instruction:
movl $1, %ebx
with arbitrary immediate values (the $1 above is just an example).
Disclaimer: I am not an exploit writer so please do validate my thoughts