ROPSHELL 
ropshell> use 09b4f7d234859cf6dd55bd4a4275d152 (download)
name         : binex_vuln_custom (x86_64/ELF)
base address : 0x6050
total gadgets: 4134

ropshell> suggest "load reg"
> 0x00008cf3 : pop rax; ret
> 0x0000707e : pop rbx; ret
> 0x00006860 : pop rcx; ret
> 0x000060d5 : pop rsi; ret
> 0x000061a1 : pop rdi; ret
> 0x000066bc : pop rbp; ret
> 0x000060d4 : pop r14; ret
> 0x000061a0 : pop r15; ret
> 0x00006376 : pop rsp; pop r14; pop r15; ret
> 0x00006375 : pop r12; pop r14; pop r15; ret
> 0x000092c4 : pop r13; pop r14; pop r15; ret
> 0x0001e6de : mov rax, [rsp]; pop rcx; ret
> 0x0001e6df : mov eax, [rsp]; pop rcx; ret
> 0x0002bbd7 : mov rdx, [rsp + 0x30]; call rbx
> 0x00031d24 : mov rsi, [rsp + 0x30]; call rbp
> 0x0002bbd8 : mov edx, [rsp + 0x30]; call rbx
> 0x00031d25 : mov esi, [rsp + 0x30]; call rbp
> 0x00019f20 : mov edi, [rsp + 0x14]; call r12
> 0x00028fec : mov rcx, [rsp + 0xc8]; xor r8d, r8d; call r14
> 0x0001f7f3 : mov rdi, [rsp + 0x70]; call [r13 + 0x28]
> 0x00028fed : mov ecx, [rsp + 0xc8]; xor r8d, r8d; call r14
> 0x0003c558 : pop rdx; add [rax], r8b; mov edx, 1; call [rax + 0x18]
> 0x00015c33 : mov rbx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp
> 0x00015c34 : mov ebx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp
> 0x00019f01 : movzx r8, [rsp + r12 + 0x10]; movsxd rax, [rbp + rax*4]; add rax, rbp; jmp rax
> 0x00015c2f : mov r15, [rsp]; mov rbx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp
> 0x0002bbcd : mov rbp, [rsp + 0x38]; mov rdi, rbp; xor esi, esi; mov rdx, [rsp + 0x30]; call rbx
> 0x0002bbce : mov ebp, [rsp + 0x38]; mov rdi, rbp; xor esi, esi; mov rdx, [rsp + 0x30]; call rbx
> 0x000217fe : mov r13, [rsp + 8]; mov rbx, [rsp + 0x10]; mov rdi, r12; mov rsi, r13; mov rdx, rbx; call r14

© 2014 - 2019 - Powered by ROPEME | Contact