ROPSHELL 
ropshell> use 745867ef2b2df7d134497ba76f74dc59 (download)
name         : test (x86_64/ELF)
base address : 0x4011a0
total gadgets: 7125

ropshell> suggest
call
    > 0x0040286e : call rax
    > 0x0044827b : call rbx
    > 0x004219bd : call rcx
    > 0x0041003b : call rdx
    > 0x0044fb1e : call rsi
jmp
    > 0x0041d919 : push rsp; ret
    > 0x00401c58 : jmp rax
    > 0x00408fdd : jmp rbx
    > 0x00402b07 : jmp rcx
    > 0x0040ec91 : jmp rdx
load mem
    > 0x0047b282 : mov eax, [rcx]; ret
    > 0x00419a54 : mov rax, [rdi + 0x68]; ret
    > 0x00419a55 : mov eax, [rdi + 0x68]; ret
    > 0x004242f3 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x0042aa33 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x00449777 : pop rax; ret
    > 0x0040222b : pop rbx; ret
    > 0x0044e382 : pop rcx; ret 4
    > 0x0040181f : pop rdx; ret
    > 0x0040f46e : pop rsi; ret
pop pop ret
    > 0x0040333f : pop r12; ret
    > 0x00411966 : pop r12; pop r13; ret
    > 0x0040f469 : pop r12; pop r13; pop r14; ret
    > 0x0040190b : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00403764 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040f5d1 : add rsp, 0x118; ret
    > 0x0040f5d1 : add rsp, 0x118; ret
    > 0x00448aad : add rsp, 0x28; ret
    > 0x00471fb2 : add rsp, 0x38; ret
    > 0x00449774 : add rsp, 0x58; ret
stack pivoting
    > 0x00404f01 : xchg eax, esp; ret
    > 0x00490d44 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x00490d45 : mov esp, ecx; pop rcx; jmp rcx
    > 0x0047f33b : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x0047f33c : mov esp, eax; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x00417364 : syscall ; ret
write mem
    > 0x004463fc : adc [rbx], eax; ret
    > 0x004664fb : add [rcx], eax; ret
    > 0x00478ff6 : adc [rax + 0x39], ecx; ret
    > 0x0044a695 : add [rbx + 0x94901e0], eax; ret
    > 0x004372fa : adc [rcx + 7], rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact