ROPSHELL 
ropshell> use 692b2ef206691ef96e7318a6d842e182 (download)
name         : i_am_not_backdoor.bin (x86_64/ELF)
base address : 0x401100
total gadgets: 6829

ropshell> suggest
call
    > 0x004021b2 : call rax
    > 0x00409f6b : call rbx
    > 0x0043f5f6 : call rcx
    > 0x0041129f : call rdx
    > 0x00434ff7 : call rsi
jmp
    > 0x004402ee : push rsp; ret
    > 0x0040179c : jmp rax
    > 0x00461123 : jmp rbx
    > 0x004089b6 : jmp rcx
    > 0x0041bc76 : jmp rdx
load mem
    > 0x0045d25a : mov eax, [rcx]; ret
    > 0x00461be8 : movsx eax, [rsi]; neg eax; ret
    > 0x004105f0 : mov rax, [rdi + 0x68]; ret
    > 0x004105f1 : mov eax, [rdi + 0x68]; ret
    > 0x00427193 : movzx eax, [rdi]; sub eax, ecx; ret
load reg
    > 0x0042f8e7 : pop rax; ret
    > 0x00401df8 : pop rbx; ret
    > 0x00449ee3 : pop rcx; ret
    > 0x004018e4 : pop rdx; ret
    > 0x004097f2 : pop rsi; ret
pop pop ret
    > 0x00402867 : pop r12; ret
    > 0x004082bd : pop r12; pop r13; ret
    > 0x004097ed : pop r12; pop r13; pop r14; ret
    > 0x004024b1 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00404af2 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004300fe : add rsp, 0x1018; ret
    > 0x004300fe : add rsp, 0x1018; ret
    > 0x0042f876 : add rsp, 0x28; ret
    > 0x0046119e : add rsp, 0x30; ret
    > 0x0046270b : add rsp, 0x48; ret
stack pivoting
    > 0x00401da5 : xchg eax, esp; ret
    > 0x00474f49 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x00474f4a : mov esp, ecx; pop rcx; jmp rcx
    > 0x00462998 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x00462999 : mov esp, eax; mov rbp, r9; jmp rdx
syscall
    > 0x004111d2 : syscall ; ret
write mem
    > 0x0044c674 : adc [rax], ecx; ret
    > 0x0041b6fc : adc [rcx], eax; ret
    > 0x0041d4ce : adc [rdi], eax; ret
    > 0x00457b1a : adc [rbx], eax; pop rbx; ret
    > 0x0040f0bb : add [rax + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact