ROPSHELL 
ropshell> use 38564bae2f07e6a584b435a969d9ddef (download)
name         : byenance (x86_64/ELF)
base address : 0x4011a0
total gadgets: 7585

ropshell> suggest
call
    > 0x00402928 : call rax
    > 0x0044f989 : call rbx
    > 0x00457d46 : call rcx
    > 0x004020cf : call rdx
    > 0x00459750 : call rsi
jmp
    > 0x0041f7d2 : push rsp; ret
    > 0x0040174c : jmp rax
    > 0x0045e665 : jmp rbx
    > 0x004045c6 : jmp rcx
    > 0x00402793 : jmp rdx
load mem
    > 0x004831b2 : mov eax, [rcx]; ret
    > 0x0041b114 : mov rax, [rdi + 0x68]; ret
    > 0x0041b115 : mov eax, [rdi + 0x68]; ret
    > 0x00425203 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x0042c253 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x00452907 : pop rax; ret
    > 0x00402635 : pop rbx; ret
    > 0x0043eb43 : pop rcx; ret 5
    > 0x0040a76e : pop rsi; ret
    > 0x00402214 : pop rdi; ret
pop pop ret
    > 0x00402bed : pop r12; ret
    > 0x0040c822 : pop r12; pop r13; ret
    > 0x0040a769 : pop r12; pop r13; pop r14; ret
    > 0x0040220d : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004050ed : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004661e5 : add rsp, 0x148; ret
    > 0x004661e5 : add rsp, 0x148; ret
    > 0x00451c8d : add rsp, 0x28; ret
    > 0x00467735 : add rsp, 0x38; ret
    > 0x00452904 : add rsp, 0x58; ret
stack pivoting
    > 0x004025df : xchg eax, esp; ret
    > 0x00492619 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0049261a : mov esp, ecx; pop rcx; jmp rcx
    > 0x00465fdb : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x0047dbd0 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
syscall
    > 0x0041bce6 : syscall ; ret
write mem
    > 0x00447ef5 : adc [rbx], eax; ret
    > 0x0046d0e5 : adc [rax + 0x39], ecx; ret
    > 0x0043889a : adc [rcx + 7], rdi; ret
    > 0x0043889b : adc [rcx + 7], edi; ret
    > 0x0045a9cf : adc [rdx + 0x48], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact