ROPSHELL 
ropshell> use 485b0c731872cf1980d31d79313d258b (download)
name         : vuln (x86_64/ELF)
base address : 0x4004d0
total gadgets: 8776

ropshell> suggest
call
    > 0x00401287 : call rax
    > 0x0040093d : call rbx
    > 0x0041d7a3 : call rcx
    > 0x0040ea17 : call rdx
    > 0x0044f951 : call rsi
jmp
    > 0x00451974 : push rsp; ret
    > 0x00400aa1 : jmp rax
    > 0x0047700a : jmp rbx
    > 0x00423202 : jmp rcx
    > 0x0040d3b5 : jmp rdx
load mem
    > 0x00413a10 : movzx eax, [rdx]; ret
    > 0x0048ec71 : mov rax, [rsi + 0x10]; ret
    > 0x00419480 : mov rax, [rdi + 0x68]; ret
    > 0x0047f28c : mov eax, [rdx + 4]; ret
    > 0x0048ec72 : mov eax, [rsi + 0x10]; ret
load reg
    > 0x004163f4 : pop rax; ret
    > 0x00400ed8 : pop rbx; ret
    > 0x0044cc26 : pop rdx; ret
    > 0x00410ca3 : pop rsi; ret
    > 0x00400696 : pop rdi; ret
pop pop ret
    > 0x0044cc25 : pop r10; ret
    > 0x0040dbe9 : pop r12; pop r13; ret
    > 0x00410c9e : pop r12; pop r13; pop r14; ret
    > 0x0040068f : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004026ee : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040dd2d : add rsp, 0x118; ret
    > 0x0040dd2d : add rsp, 0x118; ret
    > 0x0044a429 : add rsp, 0x28; ret
    > 0x00449e7d : add rsp, 0x38; ret
    > 0x0044a659 : add rsp, 0x58; ret
stack pivoting
    > 0x0048e256 : mov rsp, rcx; ret
    > 0x00467512 : xchg eax, esp; ret
    > 0x0048e257 : mov esp, ecx; ret
    > 0x0044b4f7 : mov esp, edx; call rbp
    > 0x0044bad0 : mov esp, esi; call r15
syscall
    > 0x00449e35 : syscall ; ret
write mem
    > 0x00447f38 : adc [rbx], eax; ret
    > 0x00444a81 : add [rax + 0x28d4802], ecx; ret
    > 0x00439636 : adc [rcx + 7], rdi; ret
    > 0x00439637 : adc [rcx + 7], edi; ret
    > 0x00447bbe : adc [rsi + 3], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact