ROPSHELL 
ropshell> use 6d58daff3c7c496b236010345b9bc9d6 (download)
name         : think-twice (x86_64/ELF)
base address : 0x4004f0
total gadgets: 8882

ropshell> suggest "load reg"
> 0x0044a71c : pop rax; ret
> 0x00400ed8 : pop rbx; ret
> 0x0044cd06 : pop rdx; ret
> 0x00410933 : pop rsi; ret
> 0x004006a6 : pop rdi; ret
> 0x00400ab8 : pop rbp; ret
> 0x00401e93 : pop rsp; ret
> 0x0044cd05 : pop r10; ret
> 0x00405ee4 : pop r12; ret
> 0x0040dbdb : pop r13; ret
> 0x00410932 : pop r14; ret
> 0x004006a5 : pop r15; ret
> 0x00439a42 : pop rcx; jmp [rdx - 0x2f]
> 0x004a51c9 : mov rax, [rsp]; add rsp, 0x38; ret
> 0x004a51ca : mov eax, [rsp]; add rsp, 0x38; ret
> 0x0047cf7a : mov edi, [rsp]; call rbp
> 0x0048ba78 : mov rdx, [rsp + 0x10]; call rdx
> 0x00421068 : mov rsi, [rsp + 0x68]; call rax
> 0x004a960d : mov rdi, [rsp + 0x10]; call r14
> 0x0048ba79 : mov edx, [rsp + 0x10]; call rdx
> 0x00421069 : mov esi, [rsp + 0x68]; call rax
> 0x0048b046 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0048b047 : mov ecx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0041736a : pop r8; add [rax], al; add [rax], al; mov [rbx + 0x50], 0; pop rbx; ret
> 0x0041260c : mov r8, [rsp + 0x18]; lea rsi, [rdi + 0x58]; mov rdi, rax; call [rax + 8]
> 0x0045652c : mov r9, [rsp + 0x20]; mov rsi, [rsp + 0x40]; mov rdi, [rsp + 0x38]; call r14
> 0x0048b03c : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0048b03d : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0045bfe2 : mov r13, [rsp + 0x10]; add r13, [rsp + 8]; lea rbx, [rax + r15]; mov rdx, r12; mov rsi, r14; mov rdi, r13; call rbp
> 0x0045bfe3 : mov ebp, [rsp + 0x10]; add r13, [rsp + 8]; lea rbx, [rax + r15]; mov rdx, r12; mov rsi, r14; mov rdi, r13; call rbp
> 0x0048b037 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact