ROPSHELL 
ropshell> use 5b897f909e3492631c41c92499895ba9 (download)
name         : auth.cgi (x86_64/RAW)
base address : 0x0
total gadgets: 8184

ropshell> suggest "stack pivoting"
> 0x000017f5 : xchg eax, esp; ret
> 0x00075a99 : mov rsp, rcx; pop rcx; jmp rcx
> 0x0009dbb9 : xchg esp, edi; call rax
> 0x00075a9a : mov esp, ecx; pop rcx; jmp rcx
> 0x0004a4c8 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0004a4c9 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x000685d7 : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x00060670 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000685d8 : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x00060671 : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00054071 : mov esp, edx; add al, 0; jmp [rax + rdx*8]
> 0x0000a8cc : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x000094b5 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x00021e65 : xchg ebx, esp; add [rax], al; add [rdi], cl; adc [rsi + rdx - 0x10], cl; movups xmm[rdi], xmm0; movups xmm[rdi + rdx - 0x10], xmm1; ret
> 0x00076141 : lea esp, [rbx + rax + 8]; mov [rsp + 0x18], r9; mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0000175d : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact