ROPSHELL 
ropshell> use 16e6bfc0927d0c21e24320fdca0c21c2 (download)
name         : libc.so (x86_64/ELF)
base address : 0x28700
total gadgets: 16822

ropshell> suggest
call
    > 0x00029d8e : call rax
    > 0x0002aa9d : call rbx
    > 0x00029e66 : call rcx
    > 0x00036c06 : call rdx
    > 0x0002b8ba : call rsi
jmp
    > 0x0004181d : push rsp; ret
    > 0x0002a147 : jmp rax
    > 0x000379d4 : jmp rcx
    > 0x0003fc7a : jmp rdx
    > 0x0003d3cf : jmp rsi
load mem
    > 0x00081e40 : mov eax, [rdx]; ret
    > 0x000e66e4 : mov eax, [rdi]; ret
    > 0x0008f4e4 : mov rax, [rdi + 0x68]; ret
    > 0x001092f1 : mov eax, [rdx + 8]; ret
    > 0x00152054 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x00045eb0 : pop rax; ret
    > 0x00035dd1 : pop rbx; ret
    > 0x0008c6bb : pop rcx; ret
    > 0x0002be51 : pop rsi; ret
    > 0x0002a3e5 : pop rdi; ret
pop pop ret
    > 0x00035731 : pop r12; ret
    > 0x00041c48 : pop r12; pop r13; ret
    > 0x0002be4c : pop r12; pop r13; pop r14; ret
    > 0x0002a3de : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0011df1c : pop r11; pop rbp; pop r12; pop r13; pop r14; ret
sp lifting
    > 0x00121c3b : add rsp, 0x1018; ret
    > 0x00121c3b : add rsp, 0x1018; ret
    > 0x00149c7c : add rsp, 0x218; ret
    > 0x0005a49e : add rsp, 0x38; ret
    > 0x00129dcb : add rsp, 0x40; ret
stack pivoting
    > 0x0005a170 : mov rsp, rdx; ret
    > 0x0003653a : xchg eax, esp; ret
    > 0x000ed61f : xchg esp, ebp; ret
    > 0x0005a171 : mov esp, edx; ret
    > 0x0008a281 : mov esp, eax; mov rax, r12; pop r12; ret
syscall
    > 0x00091396 : syscall ; ret
write mem
    > 0x000835c8 : adc [rax], ecx; ret
    > 0x000c4b8c : adc [rcx], eax; ret
    > 0x001663fb : adc [rcx], ebx; ret
    > 0x00165afb : adc [rcx], edx; ret
    > 0x00092acf : add [rcx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact