ROPSHELL 
ropshell> use 715d946fcf4f8cf484a023fef071d2ad (download)
name         : bof4 (x86_64/ELF)
base address : 0x401010
total gadgets: 410

ropshell> suggest
call
    > 0x0040146c : call rbx
    > 0x00404c87 : call rdi
    > 0x00401428 : call [rbx]
    > 0x00404e57 : call [rdi + 0x48]
    > 0x00403c15 : call [rbp + 0x48]
jmp
    > 0x0040109f : jmp rax
    > 0x0040306e : jmp rsi
    > 0x00401474 : jmp [rsi + 0x2e]
load mem
    > 0x00401782 : mov rax, [rcx]; mov [rdi], rax; ret
    > 0x00401783 : mov eax, [rcx]; mov [rdi], rax; ret
    > 0x00404daa : mov rax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
    > 0x00404dab : mov eax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
    > 0x00404151 : mov rax, [rbx]; mov rdx, fs:[0]; mov [rdx + 0x28], rax; pop rbx; ret
load reg
    > 0x00403e99 : pop rbx; ret
    > 0x004015ae : pop rsi; ret
    > 0x0040220e : pop rdi; ret
    > 0x00401123 : pop rbp; ret
    > 0x0040464d : pop rsp; ret
pop pop ret
    > 0x0040464c : pop r12; ret
    > 0x00401a00 : pop r12; pop r13; ret
    > 0x004015a9 : pop r12; pop r13; pop r14; ret
    > 0x00402207 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00402206 : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x0040136d : add rsp, 0x158; ret
    > 0x0040136d : add rsp, 0x158; ret
    > 0x0040439b : add rsp, 0x28; ret
stack pivoting
    > 0x004011bd : leave ; ret
syscall
    > 0x00404546 : syscall ; ret

© 2014 - 2019 - Powered by ROPEME | Contact