In order to do ROP, you need to chain together gadgets of code segments which means you need to be able to see the source code/binary. This doesn't reveal any information about the call stack nor the available libraries to chain together ROP. And that's if stack canaries haven't screwed things up already.
In order to do ROP, you need to chain together gadgets of code segments which means you need to be able to see the source code/binary. This doesn't reveal any information about the call stack nor the available libraries to chain together ROP. And that's if stack canaries haven't screwed things up already.