ROPSHELL 
ropshell> use 5beee896058eaac70641603639b76fd8 (download)
name         : libc.so (x86_64/ELF)
base address : 0x16500
total gadgets: 5842

ropshell> suggest
call
    > 0x0003fe5a : call rax
    > 0x0003e324 : call rbx
    > 0x0001cff2 : call rcx
    > 0x000576f8 : call rdx
    > 0x000305fd : call rdi
jmp
    > 0x0001b42f : jmp rax
    > 0x00026979 : jmp rcx
    > 0x000262aa : jmp rdx
    > 0x0002679f : jmp rsi
    > 0x00020930 : jmp rdi
load mem
    > 0x0001f990 : mov eax, [rdi]; ret
    > 0x00059b50 : mov rax, [rdi + 0x60]; ret
    > 0x00059b51 : mov eax, [rdi + 0x60]; ret
    > 0x00028b40 : mov rax, [rdx]; add rax, 0x10; ret
    > 0x0005abf0 : mov rdi, [rdx]; jmp rax
load reg
    > 0x00017df7 : pop rax; ret
    > 0x000171c6 : pop rbx; ret
    > 0x00017e8e : pop rcx; ret
    > 0x00029f37 : pop rdx; ret
    > 0x0001666d : pop rsi; ret
pop pop ret
    > 0x0001cdd6 : pop r12; ret
    > 0x0001c866 : pop r12; pop r13; ret
    > 0x00016668 : pop r12; pop r13; pop r14; ret
    > 0x0001686e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00025495 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0007245d : add rsp, 0x108; ret
    > 0x0007245d : add rsp, 0x108; ret
    > 0x00063148 : add rsp, 0x208; ret
    > 0x0007585a : add rsp, 0x30; ret
    > 0x00017bb0 : add rsp, 0x48; ret
stack pivoting
    > 0x0005be6c : xchg eax, esp; ret
    > 0x00073c34 : mov rsp, rdx; jmp rax
    > 0x00073c35 : mov esp, edx; jmp rax
    > 0x00057a7b : xchg esp, edi; jmp [rsi - 0x70]
    > 0x0006e030 : mov esp, esi; mov rbx, rdi; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
syscall
    > 0x00024a3a : syscall ; ret
write mem
    > 0x00071026 : add [rcx], eax; ret
    > 0x0003bae2 : add [rcx], edi; ret
    > 0x00064d22 : add [rax + 0x39], ecx; ret
    > 0x0004dcf6 : adc [rsi + 0x70], eax; ret
    > 0x00059be0 : add [rdi + 8], rsi; ret

© 2014 - 2019 - Powered by ROPEME | Contact