ROPSHELL 
ropshell> use 057a85a42c76303e5fd10234e92bbe7c (download)
name         : nounours (x86_64/RAW)
base address : 0x0
total gadgets: 10789

ropshell> suggest "load reg"
> 0x00054e8c : pop rax; ret
> 0x000017ff : pop rbx; ret
> 0x00008f59 : pop rcx; ret
> 0x000573d5 : pop rdx; ret
> 0x000017dc : pop rsi; ret
> 0x00000766 : pop rdi; ret
> 0x00000b78 : pop rbp; ret
> 0x00000664 : pop rsp; ret
> 0x000573d4 : pop r10; ret
> 0x00000663 : pop r12; ret
> 0x0000149c : pop r13; ret
> 0x000017db : pop r14; ret
> 0x00000765 : pop r15; ret
> 0x000a34c9 : mov rax, [rsp]; add rsp, 0x38; ret
> 0x000a34ca : mov eax, [rsp]; add rsp, 0x38; ret
> 0x0007e70a : mov edi, [rsp]; call rbp
> 0x0008bc88 : mov rdx, [rsp + 0x10]; call rdx
> 0x000a790e : mov rdi, [rsp + 0x10]; call r14
> 0x0008bc89 : mov edx, [rsp + 0x10]; call rdx
> 0x00062bad : mov rsi, [rsp + 0x10]; mov rdi, rbp; call r12
> 0x00062bae : mov esi, [rsp + 0x10]; mov rdi, rbp; call r12
> 0x0008b5d6 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0008b5d7 : mov ecx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0002193a : pop r8; add [rax], al; add [rax], al; mov [rbx + 0x50], 0; pop rbx; ret
> 0x0001dd2e : mov r8, [rsp + 0x20]; lea rsi, [rdi + 0x58]; mov rdi, rax; call [rax + 8]
> 0x00060933 : mov r9, [rsp + 0x20]; mov rsi, [rsp + 0x38]; mov rdi, [rsp + 0x30]; call r14
> 0x0008b5cc : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0008b5cd : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0008b5c7 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact