ROPSHELL 
ropshell> use 18fc0e186ea02334f6f19f29d0a727ad (download)
name         : libc-2.28.so (x86_64/ELF)
base address : 0x22320
total gadgets: 17035

ropshell> suggest "stack pivoting"
> 0x0008684d : xchg eax, esp; ret
> 0x00037638 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x000c5138 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00037639 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x000c5139 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0004afd5 : xchg esp, eax; idiv edi; jmp [rsi + 0xf]
> 0x00042e6d : xchg esp, ecx; idiv edi; jmp [rsi + 0xf]
> 0x000f5621 : mov esp, edx; xor esi, esi; call rbp
> 0x00124849 : mov esp, esp; call [rax + 0x18]
> 0x00038b84 : lea esp, [rdi + rax]; mov rdi, r12; call rbx
> 0x0005b7cf : mov esp, edi; sar r12, 2; mov rdx, r12; call [rax + 0x38]
> 0x00039f81 : lea esp, [rbx + rax*8 + 8]; nop [rax]; call [rbx]
> 0x0011e12d : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x0013a815 : xchg esp, edi; add al, 0; movsxd rdx, [r11 + rdx*4]; lea rdx, [r11 + rdx]; jmp rdx
> 0x00127222 : lea esp, [rax - 1]; mov rax, [rbx + 0x70]; mov [rbx + 0x48], r12d; bswap r12d; call [rax + 0x18]
> 0x00049483 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact