ROPSHELL 
ropshell> use 057a85a42c76303e5fd10234e92bbe7c (download)
name         : nounours (x86_64/RAW)
base address : 0x0
total gadgets: 10789

ropshell> suggest
call
    > 0x00000470 : call rax
    > 0x00000a0d : call rbx
    > 0x00026908 : call rcx
    > 0x00019fa7 : call rdx
    > 0x00026885 : call rsi
jmp
    > 0x000779f8 : push rsp; ret
    > 0x00000b71 : jmp rax
    > 0x00089ee1 : jmp rbx
    > 0x00032d74 : jmp rcx
    > 0x00018b55 : jmp rdx
load mem
    > 0x0008856a : mov eax, [rcx]; ret
    > 0x0001ee20 : movzx eax, [rdx]; ret
    > 0x000c2c26 : mov edi, [rdx]; ret
    > 0x000a6bd1 : mov rax, [rsi + 0x10]; ret
    > 0x00001ac4 : mov rax, [rdi + 0x2c8]; ret
load reg
    > 0x00054e8c : pop rax; ret
    > 0x000017ff : pop rbx; ret
    > 0x00008f59 : pop rcx; ret
    > 0x000573d5 : pop rdx; ret
    > 0x000017dc : pop rsi; ret
pop pop ret
    > 0x000573d4 : pop r10; ret
    > 0x0000149a : pop r12; pop r13; ret
    > 0x000017d7 : pop r12; pop r13; pop r14; ret
    > 0x0000075f : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0001509d : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x000626f9 : add rsp, 0x148; ret
    > 0x000626f9 : add rsp, 0x148; ret
    > 0x0000316e : add rsp, 0x28; ret
    > 0x00063391 : add rsp, 0x38; ret
    > 0x0008b828 : add rsp, 0x48; ret
stack pivoting
    > 0x000a61b6 : mov rsp, rcx; ret
    > 0x0000fbff : xchg eax, esp; ret
    > 0x000a61b7 : mov esp, ecx; ret
    > 0x00055e67 : mov esp, edx; call rbp
    > 0x0008bda8 : mov rsp, r8; mov rbp, r9; jmp rdx
syscall
    > 0x0007fa05 : syscall ; ret
write mem
    > 0x000517d8 : adc [rbx], eax; ret
    > 0x000c6fce : add [rdx], eax; ret
    > 0x0004d341 : add [rax + 0x28d4802], ecx; ret
    > 0x0003f376 : adc [rcx + 7], rdi; ret
    > 0x0003f377 : adc [rcx + 7], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact