ROPSHELL 
ropshell> use 5f4f99671c3a200f7789dbb5307b04bb (download)
name         : libc-2.29.so (x86_64/ELF)
base address : 0x25320
total gadgets: 17477

ropshell> suggest "load reg"
> 0x0003cff8 : pop rax; ret
> 0x0002fb33 : pop rbx; ret
> 0x000e9bbe : pop rcx; ret
> 0x00107545 : pop rdx; ret
> 0x00026aa9 : pop rsi; ret
> 0x0002658e : pop rdi; ret
> 0x000253a6 : pop rbp; ret
> 0x00026d2b : pop rsp; ret
> 0x00107544 : pop r10; ret
> 0x00026d2a : pop r12; ret
> 0x00028749 : pop r13; ret
> 0x00026aa8 : pop r14; ret
> 0x0002658d : pop r15; ret
> 0x0003a9f6 : pop r8; movups xmm[rdi + 0x68], xmm0; ret
> 0x000e9c0b : mov rax, [rsp]; add rsp, 0x28; ret
> 0x000c7bb8 : mov eax, [rsp]; add rsp, 0x18; ret
> 0x0011fb8f : mov rcx, [rsp + 8]; call rcx
> 0x00090d80 : mov rdx, [rsp + 0x10]; mov [rax], rdx; ret
> 0x000a5fea : mov rsi, [rsp + 0x10]; call rbx
> 0x0002d3ea : mov rdi, [rsp + 0x28]; call r14
> 0x0011fb90 : mov ecx, [rsp + 8]; call rcx
> 0x00090d81 : mov edx, [rsp + 0x10]; mov [rax], rdx; ret
> 0x000a5feb : mov esi, [rsp + 0x10]; call rbx
> 0x0002d3eb : mov edi, [rsp + 0x28]; call r14
> 0x000b1abb : mov r9, [rsp + 0x18]; mov rdi, [rax]; call r15
> 0x0003b48c : mov rbx, [rsp]; mov rsi, r13; mov rdi, r15; mov rdx, r12; call rbp
> 0x0003b48d : mov ebx, [rsp]; mov rsi, r13; mov rdi, r15; mov rdx, r12; call rbp
> 0x000e8810 : mov r11, [rsp + 0x30]; mov r10d, [rsp + 0x58]; movsxd rax, [rdx + rbx*4]; add rax, rdx; jmp rax
> 0x001279e4 : mov r15, [rsp + 0x50]; mov rdi, [rax]; mov rsi, r15; mov rax, [rdi + 0x38]; call [rax + 8]
> 0x0002ef26 : mov r8, [rsp + 0x48]; mov rcx, [rsp + 0x18]; mov rsi, [rsp + 0x40]; mov rdi, [rsp + 0x38]; call r15
> 0x0011fc2f : mov r14, [rsp + 0x10]; mov rsi, r13; rol ax, 8; mov rdi, r14; mov [rsp + 0x192], ax; mov rax, [rsp + 0x30]; call rax

© 2014 - 2019 - Powered by ROPEME | Contact