ROPSHELL 
ropshell> use 0c94776bb29517cb62dd2256a5cd8c34 (download)
name         : baby_stack-7b078c99bb96de6e5efc2b3da485a9ae8a66fd702b7139baf072ec32175076d8 (x86_64/RAW)
base address : 0x0
total gadgets: 12229

ropshell> suggest
call
    > 0x00053334 : call rax
    > 0x00001cb2 : call rbx
    > 0x00033b8a : call rcx
    > 0x00159654 : call rdx
    > 0x00053509 : call rdi
jmp
    > 0x00006b89 : jmp rax
    > 0x000534a7 : jmp rbx
    > 0x0018fa7d : jmp rcx
    > 0x0014aa48 : jmp rsi
    > 0x0003db7d : jmp rdi
load mem
    > 0x00054ec3 : mov rbx, [rdx]; jmp rbx
    > 0x000965ff : mov rbp, [rbx]; add rsp, 0x30; ret
    > 0x00054ec4 : mov ebx, [rdx]; jmp rbx
    > 0x00096600 : mov ebp, [rbx]; add rsp, 0x30; ret
    > 0x00056825 : mov rax, [rsi]; mov [rdi], rax; ret
load reg
    > 0x000016ea : pop rax; ret
    > 0x001586b8 : pop rcx; ret
    > 0x0006defd : pop rsi; ret
    > 0x0003730f : pop rbp; ret
    > 0x0000726b : pop rsp; ret
pop pop ret
    > 0x000016ea : pop rax; ret
    > 0x000645c4 : pop rbx; pop rax; call rbx
sp lifting
    > 0x00054939 : add rsp, 0x1000000; ret
    > 0x00054939 : add rsp, 0x1000000; ret
    > 0x00054a19 : add rsp, 0x2000000; ret
    > 0x000025f3 : add rsp, 0x30; ret
    > 0x00054af9 : add rsp, 0x4000000; ret
stack pivoting
    > 0x00002006 : xchg eax, esp; ret
    > 0x00054f87 : mov rsp, rsi; mov [rsp + 0x18], eax; ret
    > 0x00054f88 : mov esp, esi; mov [rsp + 0x18], eax; ret
    > 0x0005359e : mov rsp, rbx; mov rdx, rdi; mov rdi, [rdi]; call rdi
    > 0x0005359f : mov esp, ebx; mov rdx, rdi; mov rdi, [rdi]; call rdi
syscall
    > 0x00056889 : syscall ; ret
write mem
    > 0x001cfadd : adc [rbx], eax; ret
    > 0x001caf4d : add [rdx], eax; ret
    > 0x00146313 : add [rsi], eax; ret
    > 0x001f7629 : adc [rax + 0x22], ebx; ret
    > 0x001f7618 : adc [rax + 0x22], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact