ROPSHELL 
ropshell> use 5b897f909e3492631c41c92499895ba9 (download)
name         : auth.cgi (x86_64/RAW)
base address : 0x0
total gadgets: 8184

ropshell> suggest
call
    > 0x00001010 : call rax
    > 0x000094bb : call rbx
    > 0x0003c4a8 : call rcx
    > 0x00017daf : call rdx
    > 0x0003e627 : call rsi
jmp
    > 0x00049764 : push rsp; ret
    > 0x0000158c : jmp rax
    > 0x00068563 : jmp rbx
    > 0x0000198a : jmp rcx
    > 0x00003850 : jmp rdx
load mem
    > 0x0006470a : mov eax, [rcx]; ret
    > 0x00091dc6 : mov edi, [rdx]; ret
    > 0x00017150 : mov rax, [rdi + 0x68]; ret
    > 0x00017151 : mov eax, [rdi + 0x68]; ret
    > 0x0002e7b3 : movzx eax, [rdi]; sub eax, ecx; ret
load reg
    > 0x000387a7 : pop rax; ret
    > 0x00001848 : pop rbx; ret
    > 0x0000f782 : pop rsi; ret
    > 0x00001d90 : pop rdi; ret
    > 0x00001611 : pop rbp; ret
pop pop ret
    > 0x00002197 : pop r12; ret
    > 0x000086e1 : pop r12; pop r13; ret
    > 0x0000f77d : pop r12; pop r13; pop r14; ret
    > 0x00001d89 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x000043f2 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0003a39e : add rsp, 0x1018; ret
    > 0x0003a39e : add rsp, 0x1018; ret
    > 0x00038519 : add rsp, 0x28; ret
    > 0x000685de : add rsp, 0x30; ret
    > 0x00069afb : add rsp, 0x48; ret
stack pivoting
    > 0x000017f5 : xchg eax, esp; ret
    > 0x00075a99 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0009dbb9 : xchg esp, edi; call rax
    > 0x00075a9a : mov esp, ecx; pop rcx; jmp rcx
    > 0x0004a4c8 : mov rsp, r8; mov rbp, r9; jmp rdx
syscall
    > 0x00017ce2 : syscall ; ret
write mem
    > 0x00056ab4 : adc [rax], ecx; ret
    > 0x0002203c : adc [rcx], eax; ret
    > 0x0009ab97 : add [rdx], eax; ret
    > 0x00023e0e : adc [rdi], eax; ret
    > 0x0005f0ba : adc [rbx], eax; pop rbx; ret

© 2014 - 2019 - Powered by ROPEME | Contact