ROPSHELL 
ropshell> use 4c2d2746bb12863c464ebafac7e93bd5 (download)
name         : paycalc (x86_64/ELF)
base address : 0x4003b0
total gadgets: 8712

ropshell> suggest "stack pivoting"
> 0x00496550 : mov rsp, rcx; ret
> 0x00413953 : xchg eax, esp; ret
> 0x00496551 : mov esp, ecx; ret
> 0x00472878 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046614f : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00472879 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x00466150 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x004713fb : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x004713fc : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x0046a8fc : mov esp, esi; call [rbx + 0x40]
> 0x004575f0 : movsxd rsp, edx; mov rdx, r12; call [rax + 0x38]
> 0x0040eb33 : mov esp, edx; push rbp; mov rbp, rsi; push rbx; mov rax, [rdi + 0xd8]; mov rbx, rdi; call [rax + 0x60]
> 0x004010e9 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact