ROPSHELL 
ropshell> use 28fa2f105e29732b5259c5e194005f88 (download)
name         : musee_pub (x86_64/ELF)
base address : 0x401100
total gadgets: 6759

ropshell> suggest
call
    > 0x00402626 : call rax
    > 0x0042de2a : call rbx
    > 0x00405b3f : call rcx
    > 0x0044326a : call rdx
    > 0x00483379 : call rsi
jmp
    > 0x0042f06b : push rsp; ret
    > 0x00401a7c : jmp rax
    > 0x00436b0d : jmp rbx
    > 0x0040ad1f : jmp rcx
    > 0x004024b6 : jmp rdx
load mem
    > 0x00434aea : mov eax, [rcx]; ret
    > 0x004375bc : movsx eax, [rsi]; neg eax; ret
    > 0x0041ac24 : mov rax, [rdi + 0x68]; ret
    > 0x0041ac25 : mov eax, [rdi + 0x68]; ret
    > 0x00466748 : mov eax, [rdx]; pop r12; pop rbp; ret
load reg
    > 0x00436d7c : pop rax; ret
    > 0x00455967 : pop rbx; ret
    > 0x00432ace : pop rsi; ret
    > 0x00494e91 : pop rdi; ret
    > 0x0040118b : pop rbp; ret
pop pop ret
    > 0x0049b3be : pop r12; ret
    > 0x0049a1ae : pop r12; pop r13; ret
    > 0x004977e8 : pop r12; pop r13; pop r14; ret
    > 0x00494e8a : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004029d6 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004974dd : add rsp, 0x18; ret
    > 0x004974dd : add rsp, 0x18; ret
    > 0x0049a6be : add rsp, 0x28; ret
    > 0x00496e0a : add rsp, 0x38; ret
stack pivoting
    > 0x0045215f : xchg eax, esp; ret
    > 0x0049ab8f : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0049ab90 : mov esp, ecx; pop rcx; jmp rcx
    > 0x00467685 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x00467686 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x0041b816 : syscall ; ret
write mem
    > 0x0042678c : adc [rcx], eax; ret
    > 0x00428712 : adc [rdi], eax; ret
    > 0x004195ab : add [rax + 0x39], ecx; ret
    > 0x00426d2f : adc [rax + 0x30], edi; ret
    > 0x00427734 : adc [rax + 0x20], ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact