From f05ef5630ef6ebfea0fb3e2ee6828f170ae2114d Mon Sep 17 00:00:00 2001
From: bannedit <bannedit@metasploit.com>
Date: Wed, 15 May 2013 22:08:50 -0400
Subject: [PATCH] Fix a backwards disasm bug which stomps on the depth option

---
 rop.rb | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/rop.rb b/rop.rb
index 15f3453..6d24a40 100644
--- a/rop.rb
+++ b/rop.rb
@@ -197,14 +197,13 @@ class RopCollect < RopBase
 	def process_gadgets(rets, num)
 		ret = {}
 		gadgets = []
-		tmp = []
 		rets.each do |ea|
 			insn = @disassembler.disassemble_instruction(ea)
 			next if not insn
 
 			xtra = insn.bin_length
 
-			1.upto(num) do |x|
+			num.step(0, -1) do |x|
 				addr = ea - x
 
 				# get the disassembled instruction at this address
@@ -229,11 +228,6 @@ class RopCollect < RopBase
 					addr = addr + di.bin_length
 				end
 
-				if not tmp.include?(ea)
-					tmp << ea
-				else
-					next
-				end
 				# otherwise, we create a new tailchunk and add it to the list
 				ret = {:file => @file, :address => ("0x%08x" % (ea - x)), :raw => buf, :disasm => dasm}
 				gadgets << ret