ROPSHELL 
ropshell> use 4324f81f0ca64427618e09c4f146d5fa (download)
name         : TFG (x86_64/ELF)
base address : 0x40a10
total gadgets: 5242

ropshell> suggest
call
    > 0x00041963 : call rax
    > 0x0004ffa2 : call rbx
    > 0x0004247e : call rcx
    > 0x000411db : call rdx
    > 0x00084d22 : call rsi
jmp
    > 0x00040a5f : jmp rax
    > 0x000a3ebb : jmp rcx
    > 0x000a1ebd : jmp rsi
    > 0x000bf468 : push rsp; idiv ecx; dec ecx; ret
    > 0x0004105c : jmp [rbx]
load mem
    > 0x000affa1 : mov eax, [rcx]; stc ; dec ecx; ret
    > 0x0004e401 : mov rax, [rsi + 0x10]; mov [rcx + 0xbc], rax; nop ; pop rbp; ret
    > 0x0004e402 : mov eax, [rsi + 0x10]; mov [rcx + 0xbc], rax; nop ; pop rbp; ret
    > 0x000411ce : mov rdx, [rax]; mov rax, [rbp - 0x118]; mov rdi, rax; call rdx
    > 0x000411cf : mov edx, [rax]; mov rax, [rbp - 0x118]; mov rdi, rax; call rdx
load reg
    > 0x00056bce : pop rax; ret
    > 0x000c3d63 : pop rcx; ret
    > 0x000bb6ff : pop rsi; ret
    > 0x000c432d : pop rdi; ret
    > 0x00040ae4 : pop rbp; ret
pop pop ret
    > 0x00056bce : pop rax; ret
    > 0x00041267 : pop r12; pop rbp; ret
    > 0x00040b83 : pop r12; pop r13; pop rbp; ret
    > 0x00042b31 : pop r12; pop r13; pop r14; pop rbp; ret
    > 0x000585f6 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
stack pivoting
    > 0x00077b8b : xchg esp, edi; dec ecx; ret
    > 0x000778eb : mov esp, edi; dec ecx; ret
    > 0x000956dd : xchg eax, esp; cld ; dec ecx; ret
    > 0x000a9e2f : lea esp, [rdi - 7]; dec [rax - 0x77]; ret
    > 0x000574cd : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
write mem
    > 0x00043ec6 : add [rax], edx; nop ; nop ; nop ; pop rbp; ret
    > 0x0005b356 : adc [rbx], eax; add bl, ch; add ecx, [rax - 0x77]; ret
    > 0x00047663 : add [rax + rax], ecx; add cl, ch; push rdi; add eax, [rax]; add [rax - 0x77], cl; ret
    > 0x0008ccf3 : adc [rax], ebp; add [rax + 0x4855c3c9], dl; mov ebp, esp; mov [rbp - 8], rdi; mov rax, [rbp - 8]; pop rbp; ret

© 2014 - 2019 - Powered by ROPEME | Contact