ROPSHELL 
ropshell> use 5a015a7bc083cf266b5cf0c388345c17 (download)
name         : bfs-eko18.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 555

ropshell> suggest
call
    > 0x140002559 : call rax
    > 0x1400027c3 : call rbx
    > 0x14000262f : call rcx
    > 0x14000756d : call rsi
    > 0x1400046c4 : call rbp
jmp
    > 0x140008446 : jmp rax
    > 0x140007a1a : jmp [rcx]
    > 0x140007184 : jmp [rsi + 0x66]
load mem
    > 0x14000621a : mov eax, [rcx + 0x1c]; add rsp, 0x28; ret
    > 0x140006ae9 : mov rax, [rcx + 0x158];  inc [rax + 0x160]; ret
    > 0x140008a85 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
    > 0x140006497 : mov rdi, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
    > 0x140008a86 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
load reg
    > 0x14000114b : pop rax; ret
    > 0x1400022c1 : pop rbx; ret
    > 0x1400079bd : pop rsi; ret
    > 0x140002609 : pop rdi; ret
    > 0x140002986 : pop rbp; ret
pop pop ret
    > 0x1400032aa : pop r12; ret
    > 0x1400089f2 : pop r12; pop rbp; ret
    > 0x140004082 : pop r12; pop rdi; pop rbp; ret
    > 0x140003d2e : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x14000761d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x140001d6f : add rsp, 0x1088; ret
    > 0x140001d6f : add rsp, 0x1088; ret
    > 0x140001459 : add rsp, 0x268; ret
    > 0x14000119c : add rsp, 0x38; ret
    > 0x140001724 : add rsp, 0x48; ret
stack pivoting
    > 0x140007add : xchg eax, esp; ret
    > 0x14000649b : mov rsp, r11; pop rbp; ret
    > 0x14000649c : mov esp, ebx; pop rbp; ret
    > 0x1400089e8 : lea rsp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
    > 0x1400089e9 : lea esp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
write mem
    > 0x140002a53 : adc [rax + 0xf], ecx; ret
    > 0x14000416f : adc [rdi + 6], esi; mov eax, 0xd; ret

© 2014 - 2019 - Powered by ROPEME | Contact