ROPSHELL 
ropshell> use 64437dd30d82c9f4a201a2a1a730ba1a (download)
name         : sad (x86_64/ELF)
base address : 0x4010e0
total gadgets: 6729

ropshell> suggest
call
    > 0x004026f1 : call rax
    > 0x0043e3bb : call rbx
    > 0x00408297 : call rcx
    > 0x0040886b : call rdx
    > 0x00444e78 : call rsi
jmp
    > 0x004154ac : push rsp; ret
    > 0x00401b99 : jmp rax
    > 0x004073c1 : jmp rbx
    > 0x004028e4 : jmp rcx
    > 0x0041921b : jmp rdx
load mem
    > 0x0046ab92 : mov eax, [rcx]; ret
    > 0x0046d3fd : movsx eax, [rsi]; neg eax; ret
    > 0x00411374 : mov rax, [rdi + 0x68]; ret
    > 0x00411375 : mov eax, [rdi + 0x68]; ret
    > 0x0041a5c3 : movzx eax, [rdi]; sub eax, ecx; ret
load reg
    > 0x0043f8d7 : pop rax; ret
    > 0x00402000 : pop rbx; ret
    > 0x004073e3 : pop rcx; ret 7
    > 0x0040177f : pop rdx; ret
    > 0x00407aae : pop rsi; ret
pop pop ret
    > 0x0040299a : pop r12; ret
    > 0x00408bed : pop r12; pop r13; ret
    > 0x00407aa9 : pop r12; pop r13; pop r14; ret
    > 0x00401873 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040342d : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00407d6b : add rsp, 0x118; ret
    > 0x00407d6b : add rsp, 0x118; ret
    > 0x0043ec3d : add rsp, 0x28; ret
    > 0x004625f9 : add rsp, 0x38; ret
    > 0x0046de15 : add rsp, 0x48; ret
stack pivoting
    > 0x004411b0 : xchg eax, esp; ret 6
    > 0x0047ebb9 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0047ebba : mov esp, ecx; pop rcx; jmp rcx
    > 0x0046e57b : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x0046e57c : mov esp, eax; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0040eda4 : syscall ; ret
write mem
    > 0x0043c6bc : adc [rbx], eax; ret
    > 0x0045f569 : adc [rax + 0x39], ecx; ret
    > 0x00448906 : add [rbx + 0x394907e0], eax; ret
    > 0x0042d5ba : adc [rcx + 7], rdi; ret
    > 0x00473522 : add [rcx + 0x5c], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact