ROPSHELL 
ropshell> use 6d58daff3c7c496b236010345b9bc9d6 (download)
name         : think-twice (x86_64/ELF)
base address : 0x4004f0
total gadgets: 8882

ropshell> suggest "stack pivoting"
> 0x004a7eb6 : mov rsp, rcx; ret
> 0x004677c2 : xchg eax, esp; ret
> 0x004a7eb7 : mov esp, ecx; ret
> 0x0044b5e7 : mov esp, edx; call rbp
> 0x0044bbc0 : mov esp, esi; call r15
> 0x0048bb99 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0041bb44 : xchg edi, esp; add al, [rax]; add dh, dh; ret
> 0x0048bb9a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x0040fd94 : lea rsp, [rbp - 0x20]; pop rbx; pop r12; pop r13; pop r14; pop rbp; ret
> 0x0040fd95 : lea esp, [rbp - 0x20]; pop rbx; pop r12; pop r13; pop r14; pop rbp; ret
> 0x004a1511 : mov esp, ebx; mov rbx, rax; nop cs:[rax + rax]; call [r12]
> 0x0040eba3 : lea esp, [rbx + rax*8 + 8]; nop [rax + rax]; call [rbx]
> 0x00400bbb : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact