ROPSHELL 
ropshell> use 692b2ef206691ef96e7318a6d842e182 (download)
name         : i_am_not_backdoor.bin (x86_64/ELF)
base address : 0x401100
total gadgets: 6829

ropshell> suggest "stack pivoting"
> 0x00401da5 : xchg eax, esp; ret
> 0x00474f49 : mov rsp, rcx; pop rcx; jmp rcx
> 0x00474f4a : mov esp, ecx; pop rcx; jmp rcx
> 0x00462998 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00462999 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x00461197 : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x004590df : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00461198 : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x004590e0 : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0040b2d8 : push rsp; mov ch, 0; add [rcx + 0x415d5be8], cl; pop rsp; ret
> 0x0044f87f : xchg esp, eax; add [rax], eax; add [rbx - 0x7bf08f1e], al; ret
> 0x00409f65 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x0044ca94 : xchg edi, esp; add [rax], al; add [rcx + rcx*4 - 2], al; mov rdi, r14; call [rbx + 0x18]
> 0x0041b525 : xchg ebx, esp; add [rax], al; add [rdi], cl; adc [rsi + rdx - 0x10], cl; movups xmm[rdi], xmm0; movups xmm[rdi + rdx - 0x10], xmm1; ret
> 0x0044bb75 : xchg esi, esp; add [rax], al; add [rcx + rcx*4 - 0x1e], cl; mov rsi, rbp; mov rdi, rbx; call [r13 + 0x38]
> 0x004756b1 : lea esp, [rbx + rax + 8]; mov [rsp + 0x18], r9; mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x004018da : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact