ROPSHELL 
ropshell> use 359c637cf2313e06cd9224604ec748f6 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x26400
total gadgets: 16202

ropshell> suggest "stack pivoting"
> 0x0003fcee : xchg eax, esp; ret
> 0x00151709 : push rbp; dec [rcx + 0x415d5bd8]; pop rsp; ret
> 0x0003d3a8 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x000d4666 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00152261 : xchg esp, edi; jmp [rsi + 0x2e]
> 0x0003d3a9 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x000d4667 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0008bbef : xchg esp, eax; add [rax], eax; add [rbx - 0x7bf08f1e], al; ret
> 0x000417b5 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x00109173 : mov esp, ecx; or al, 0; neg eax; mov fs:[rdx], eax; mov rax, -1; ret
> 0x00140765 : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x0005ef20 : lea esp, [rax + 0x48fffff9]; mov ecx, [rbp - 0x668]; add rax, rsi; jmp rax
> 0x0013dedc : push rax; pop rsp; lea rsi, [rax + 0x48]; mov rax, [rdi + 8]; jmp [rax + 0x18]
> 0x0007a464 : xchg edi, esp; add [rax], al; add [rcx + rcx*4 - 2], al; mov rdi, r14; call [rbx + 0x18]
> 0x00075e65 : xchg esi, esp; add [rax], al; add [rcx + rcx*4 - 0x1e], cl; mov rsi, rbp; mov rdi, rbx; call [r13 + 0x38]
> 0x0004f4f9 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact