ROPSHELL 
ropshell> use 0fc6cdf0eeac48713362b652112ad079 (download)
name         : ch97 (x86_64/ELF)
base address : 0x4004d0
total gadgets: 8686

ropshell> suggest
call
    > 0x00401167 : call rax
    > 0x0040094d : call rbx
    > 0x0041c673 : call rcx
    > 0x0040e7c7 : call rdx
    > 0x0044dd71 : call rsi
jmp
    > 0x0044fd94 : push rsp; ret
    > 0x00400ab1 : jmp rax
    > 0x0047fdc1 : jmp rbx
    > 0x00422082 : jmp rcx
    > 0x0040d175 : jmp rdx
load mem
    > 0x00412800 : movzx eax, [rdx]; ret
    > 0x0048dd71 : mov rax, [rsi + 0x10]; ret
    > 0x00418280 : mov rax, [rdi + 0x68]; ret
    > 0x0047e42c : mov eax, [rdx + 4]; ret
    > 0x0048dd72 : mov eax, [rsi + 0x10]; ret
load reg
    > 0x004005af : pop rax; ret
    > 0x00400db8 : pop rbx; ret
    > 0x0044b1b6 : pop rdx; ret
    > 0x0040ffe3 : pop rsi; ret
    > 0x004006a6 : pop rdi; ret
pop pop ret
    > 0x0044b1b5 : pop r10; ret
    > 0x0040d9a9 : pop r12; pop r13; ret
    > 0x0040ffde : pop r12; pop r13; pop r14; ret
    > 0x0040069f : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004025dd : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040daed : add rsp, 0x118; ret
    > 0x0040daed : add rsp, 0x118; ret
    > 0x00448999 : add rsp, 0x28; ret
    > 0x004754f0 : add rsp, 0x38; ret
    > 0x00448bc9 : add rsp, 0x58; ret
stack pivoting
    > 0x0048d356 : mov rsp, rcx; ret
    > 0x00465d22 : xchg eax, esp; ret
    > 0x0048d357 : mov esp, ecx; ret
    > 0x00449a87 : mov esp, edx; call rbp
    > 0x0044a060 : mov esp, esi; call r15
syscall
    > 0x00474a05 : syscall ; ret
write mem
    > 0x00446548 : adc [rbx], eax; ret
    > 0x00443091 : add [rax + 0x28d4802], ecx; ret
    > 0x00437c46 : adc [rcx + 7], rdi; ret
    > 0x00437c47 : adc [rcx + 7], edi; ret
    > 0x004461ce : adc [rsi + 3], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact