ROPSHELL 
ropshell> use 0d8349b94bfb02ba6e57abdfe8be0aed (download)
name         : ch34 (x86_64/ELF)
base address : 0x400360
total gadgets: 8157

ropshell> suggest "load reg"
> 0x0044d2b4 : pop rax; ret
> 0x004084c2 : pop rbx; ret
> 0x00437205 : pop rdx; ret
> 0x004017e7 : pop rsi; ret
> 0x004016d3 : pop rdi; ret
> 0x004003cf : pop rbp; ret
> 0x00400494 : pop rsp; ret
> 0x00437204 : pop r10; ret
> 0x00400493 : pop r12; ret
> 0x00401a2f : pop r13; ret
> 0x004017e6 : pop r14; ret
> 0x004016d2 : pop r15; ret
> 0x0046a6ae : mov rbx, [rsp]; add rsp, 0x30; ret
> 0x00414f1a : mov rsi, [rsp]; jmp rax
> 0x0046a6af : mov ebx, [rsp]; add rsp, 0x30; ret
> 0x00414f1b : mov esi, [rsp]; jmp rax
> 0x0048f555 : mov rax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x0048f556 : mov eax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x00406e3d : mov edi, [rsp]; call r13
> 0x00441d9f : mov rdi, [rsp + 0x10]; call r12
> 0x0046702c : mov r9, [rsp + 0x30]; call r9
> 0x0046702d : mov ecx, [rsp + 0x30]; call r9
> 0x00483ee8 : mov rdx, [rsp + 0x10]; mov rax, rdx; add rsp, 0x28; ret
> 0x00483ee9 : mov edx, [rsp + 0x10]; mov rax, rdx; add rsp, 0x28; ret
> 0x0046b9c6 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0040d493 : pop r8; add [rax], al; add [rax], al; mov [rbx + 0x50], 0; pop rbx; ret
> 0x0046b9bc : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0046b9b7 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact