ROPSHELL 
ropshell> use 50390b2ae8aaa73c47745040f54e602f (download)
name         : libc-2.27.so (x86_64/ELF)
base address : 0x212d0
total gadgets: 16893

ropshell> suggest "stack pivoting"
> 0x00046c5e : xchg eax, esp; ret
> 0x0011d1a7 : mov esp, edx; call rbp
> 0x0011d780 : mov esp, esi; call r15
> 0x000e2fd8 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000e2fd9 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0003eca9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0003ecaa : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x0014e9ef : lea esp, [rdx - 2]; jmp [rsi + 0x2e]
> 0x0014eada : lea esp, [rsp + 0x10]; call [rax]
> 0x000430fb : lea esp, [rbx + rax*8 + 8]; nop ; call [rbx]
> 0x0014b9cd : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x0016da35 : xchg esp, esi; add al, 0; movsxd rdx, [r11 + rdx*4]; lea rdx, [r11 + rdx]; jmp rdx
> 0x000f90d7 : xchg esp, edx; sldt [rax]; lea rdi, [rip + 0xb809d]; movsxd rax, [rdi + rax*4]; add rax, rdi; jmp rax
> 0x00054803 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact