ROPSHELL 
ropshell> use 75bb692f5cd51ba4143a42fc4948b025 (download)
name         : readme_revenge (x86_64/ELF)
base address : 0x400300
total gadgets: 7758

ropshell> suggest
call
    > 0x00400c82 : call rax
    > 0x0043724e : call rbx
    > 0x004124e7 : call rcx
    > 0x00407026 : call rdx
    > 0x00412488 : call rsi
jmp
    > 0x00400951 : jmp rax
    > 0x0046dc22 : jmp rbx
    > 0x00422264 : jmp rcx
    > 0x00405b25 : jmp rdx
    > 0x00440a5f : jmp rsi
load mem
    > 0x0046afda : mov eax, [rcx]; ret
    > 0x0040a800 : movzx eax, [rdx]; ret
    > 0x0048a731 : mov rax, [rsi + 0x10]; ret
    > 0x0040ed30 : mov rax, [rdi + 0x68]; ret
    > 0x0048a732 : mov eax, [rsi + 0x10]; ret
load reg
    > 0x0043364c : pop rax; ret
    > 0x00400da1 : pop rbx; ret
    > 0x00435435 : pop rdx; ret
    > 0x004059d6 : pop rsi; ret
    > 0x00400525 : pop rdi; ret
pop pop ret
    > 0x00435434 : pop r10; ret
    > 0x00400481 : pop r12; pop r13; ret
    > 0x004059d1 : pop r12; pop r13; pop r14; ret
    > 0x0040051e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00401c2d : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0045e0e9 : add rsp, 0x100; ret
    > 0x0045e0e9 : add rsp, 0x100; ret
    > 0x0043335a : add rsp, 0x28; ret
    > 0x00442ab1 : add rsp, 0x38; ret
    > 0x00433649 : add rsp, 0x58; ret
stack pivoting
    > 0x00489d16 : mov rsp, rcx; ret
    > 0x00489d17 : mov esp, ecx; ret
    > 0x0046aca4 : xchg esp, edi; inc [rbp - 0x76cc8740]; ret
    > 0x00434117 : mov esp, edx; call rbp
    > 0x0046fcd8 : mov rsp, r8; mov rbp, r9; jmp rdx
syscall
    > 0x0045fa15 : syscall ; ret
write mem
    > 0x0041a8dc : add [rax], r8; ret
    > 0x0041b058 : adc [rbx], eax; ret
    > 0x0042e601 : add [rax + 0x28d4802], ecx; ret
    > 0x00429356 : adc [rcx + 7], rdi; ret
    > 0x00429357 : adc [rcx + 7], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact