ROPSHELL 
ropshell> use 43f465780e27467000a85d8dee3d84b7 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x22630
total gadgets: 15179

ropshell> suggest
call
    > 0x00024081 : call rax
    > 0x0002400e : call rbx
    > 0x0009e4ae : call rcx
    > 0x00030ea3 : call rdx
    > 0x0002569e : call rsi
jmp
    > 0x000422bd : push rsp; ret
    > 0x00023eba : jmp rax
    > 0x0003aacd : jmp rbx
    > 0x00080e86 : jmp rcx
    > 0x00040781 : jmp rdx
load mem
    > 0x00085590 : mov eax, [rdx]; ret
    > 0x000de2e4 : mov eax, [rdi]; ret
    > 0x000de294 : mov rax, [rdi + 0x20]; ret
    > 0x00102a41 : mov eax, [rdx + 8]; ret
    > 0x000de295 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x00036174 : pop rax; ret
    > 0x0002fdaf : pop rbx; ret
    > 0x000dfc12 : pop rdx; ret 0x10
    > 0x0002601f : pop rsi; ret
    > 0x00023b6a : pop rdi; ret
pop pop ret
    > 0x0002f709 : pop r12; ret
    > 0x00025b9b : pop r12; pop r13; ret
    > 0x0002601a : pop r12; pop r13; pop r14; ret
    > 0x00023b63 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x000248eb : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00043021 : add rsp, 0x118; ret
    > 0x00043021 : add rsp, 0x118; ret
    > 0x00047445 : add rsp, 0x28; ret
    > 0x0005b877 : add rsp, 0x38; ret
    > 0x00122b9b : add rsp, 0x40; ret
stack pivoting
    > 0x0005b4d0 : mov rsp, rdx; ret
    > 0x000304ea : xchg eax, esp; ret
    > 0x0005b4d1 : mov esp, edx; ret
    > 0x0008e194 : mov esp, eax; mov rax, r12; pop r12; ret
    > 0x000e14a6 : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
syscall
    > 0x000630a9 : syscall ; ret
write mem
    > 0x000bbddc : adc [rbx], eax; ret
    > 0x0007b325 : add [rcx], eax; ret
    > 0x000f0b0b : add [rcx], edi; ret
    > 0x001509fc : adc [rdx], ebx; ret
    > 0x0014d2a4 : adc [rdx], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact