ROPSHELL 
ropshell> use 3da4ed5b986de9eefe91ea23880b2716 (download)
name         : a.out (x86_64/ELF)
base address : 0x401fd0
total gadgets: 655

ropshell> suggest
call
    > 0x004027cf : call rax
    > 0x00406ba5 : call [rax + 0x18c48348]; pop rbx; pop rbp; ret
    > 0x0040251e : call [rbp + 0x48]
    > 0x0040938a : call [rsp + rbx*8]
    > 0x00409389 : call [r12 + rbx*8]
jmp
    > 0x00402021 : jmp rax
load mem
    > 0x004064ac : mov rsi, [rcx]; call rax
    > 0x004064ad : mov esi, [rcx]; call rax
    > 0x004047b4 : mov rdx, [rax]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
    > 0x004047b5 : mov edx, [rax]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
load reg
    > 0x00406294 : pop rdi; ret
    > 0x00402028 : pop rbp; ret
    > 0x004093a2 : pop r15; ret
    > 0x004023a9 : pop rbx; pop rbp; ret
    > 0x004093a1 : pop rsi; pop r15; ret
pop pop ret
    > 0x004093a2 : pop r15; ret
    > 0x00403871 : pop r12; pop rbp; ret
    > 0x00403116 : pop r12; pop r13; pop rbp; ret
    > 0x0040939c : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040939b : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
stack pivoting
    > 0x0040386c : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x0040386d : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x0040719c : xchg eax, esp; add al, bpl; or [rax], rax; add cl, cl; ret
    > 0x0040255b : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact