Filter out gadgets containing hlt (halt) instructions

[tesuji]

> rp-lin --version
You are currently using the version 2.1 x64 built the Feb  4 2025 06:16:22 for Linux (Release) of rp++.
> rp-lin -f prob -r 5 | grep hlt
0x401070: adc eax, 0x00002F7B ; hlt ; nop word [rax+rax+0x00000000] ; endbr64 ; ret ; (1 found)
0x40106e: add bh, bh ; adc eax, 0x00002F7B ; hlt ; nop word [rax+rax+0x00000000] ; endbr64 ; ret ; (1 found)
0x401073: add byte [rax], al ; hlt ; nop word [rax+rax+0x00000000] ; endbr64 ; ret ; (1 found)
0x40106d: add dil, dil ; adc eax, 0x00002F7B ; hlt ; nop word [rax+rax+0x00000000] ; endbr64 ; ret ; (1 found)
0x401075: hlt ; nop word [rax+rax+0x00000000] ; endbr64 ; ret ; (1 found)

Quoted from https://www.felixcloutier.com/x86/hlt:

The HLT instruction is a privileged instruction. When the processor is running in protected or virtual-8086 mode, the privilege level of a program or procedure must be 0 to execute the HLT instruction.

This instruction’s operation is the same in non-64-bit modes and 64-bit mode.

Binary attached below:

chall.zip

[0vercl0k]

Hello,

Thank you for the report! I've mostly tried to stay away from applying special casing instructions as ultimately I can't really guarantee what the user will be looking for. Although yes hlt is privileged and it doesn't make sense for you if you're ropping in usermode, but the tool could be used for ropping in any privilege levels.

I'll take a look in the next few weeks but still unsure if I should filter it out; do you have any thoughts with the added context from above?

Cheers