ROPSHELL 
ropshell> use 76cd3cc05bfdd87982ce2dea5f26a6cf (download)
name         : ld-linux-x86-64.so.2 (x86_64/ELF)
base address : 0xac0
total gadgets: 1197

ropshell> suggest
call
    > 0x00001e7c : call rax
    > 0x0001777d : call rbx
    > 0x00010562 : call rcx
    > 0x0000421a : call rdx
    > 0x000105fc : call rbp
jmp
    > 0x000022ff : jmp rax
    > 0x000173e2 : jmp rbx
    > 0x00001dcf : jmp rdx
    > 0x0000f6ed : jmp rbp
    > 0x00000c75 : jmp rsp
load mem
    > 0x00011a64 : mov eax, [rsi + 4]; ret
    > 0x0001cf33 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x0001d773 : movzx edx, [rsi]; sub eax, edx; ret
    > 0x00019033 : mov rdi, [r12]; call rax
    > 0x0001cf18 : movzx eax, [rdi + rdx]; sub eax, ecx; ret
load reg
    > 0x00000c09 : pop rbx; ret
    > 0x00004363 : pop rcx; ret 0
    > 0x000106ca : pop rsi; ret
    > 0x00002112 : pop rdi; ret
    > 0x000013a7 : pop rbp; ret
pop pop ret
    > 0x00000e5a : pop r12; ret
    > 0x000013a4 : pop r12; pop r13; ret
    > 0x000106c5 : pop r12; pop r13; pop r14; ret
    > 0x0000210b : pop r12; pop r13; pop r14; pop r15; ret
    > 0x000016d6 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0001ad4e : add rsp, 0x98; ret
    > 0x000191eb : add rsp, 0x48; jmp [rax]
    > 0x00019179 : add rsp, 0x50; jmp [rax]
stack pivoting
    > 0x00000c71 : mov rsp, r13; jmp r12
    > 0x00000c72 : mov esp, ebp; jmp r12
    > 0x000055d8 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x000055d9 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x0001b663 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0001b5c5 : syscall ; ret

© 2014 - 2019 - Powered by ROPEME | Contact