ROPSHELL 
ropshell> use 4c2d2746bb12863c464ebafac7e93bd5 (download)
name         : paycalc (x86_64/ELF)
base address : 0x4003b0
total gadgets: 8712

ropshell> suggest "load reg"
> 0x004721d8 : pop rax; ret
> 0x004091b2 : pop rbx; ret
> 0x0043e345 : pop rdx; ret
> 0x00401ea7 : pop rsi; ret
> 0x00401d93 : pop rdi; ret
> 0x0040041f : pop rbp; ret
> 0x004004e4 : pop rsp; ret
> 0x0043e344 : pop r10; ret
> 0x004004e3 : pop r12; ret
> 0x004020ef : pop r13; ret
> 0x00401ea6 : pop r14; ret
> 0x00401d92 : pop r15; ret
> 0x004713fe : mov rbx, [rsp]; add rsp, 0x30; ret
> 0x00415caa : mov rsi, [rsp]; jmp rax
> 0x004713ff : mov ebx, [rsp]; add rsp, 0x30; ret
> 0x00415cab : mov esi, [rsp]; jmp rax
> 0x004962a5 : mov rax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x004962a6 : mov eax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x0040751d : mov edi, [rsp]; call r13
> 0x00448eef : mov rdi, [rsp + 0x10]; call r12
> 0x0046dd7c : mov r9, [rsp + 0x30]; call r9
> 0x0046dd7d : mov ecx, [rsp + 0x30]; call r9
> 0x0048ac38 : mov rdx, [rsp + 0x10]; mov rax, rdx; add rsp, 0x28; ret
> 0x0048ac39 : mov edx, [rsp + 0x10]; mov rax, rdx; add rsp, 0x28; ret
> 0x00472716 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0040e223 : pop r8; add [rax], al; add [rax], al; mov [rbx + 0x50], 0; pop rbx; ret
> 0x0047270c : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00472707 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact