ROPSHELL 
ropshell> use 7ae014282f748386b31fc3387421d6bc (download)
name         : auth.cgi (x86_64/ELF)
base address : 0x401100
total gadgets: 7014

ropshell> suggest
call
    > 0x00401d6a : call rax
    > 0x00409cab : call rbx
    > 0x0043dae8 : call rcx
    > 0x0041859f : call rdx
    > 0x0043fc67 : call rsi
jmp
    > 0x004414e8 : push rsp; ret
    > 0x0040158c : jmp rax
    > 0x00468d63 : jmp rbx
    > 0x0040217a : jmp rcx
    > 0x00404040 : jmp rdx
load mem
    > 0x00464f0a : mov eax, [rcx]; ret
    > 0x00417940 : mov rax, [rdi + 0x68]; ret
    > 0x00417941 : mov eax, [rdi + 0x68]; ret
    > 0x004202a5 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x00420aa5 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x00439de7 : pop rax; ret
    > 0x00402038 : pop rbx; ret
    > 0x0040ff72 : pop rsi; ret
    > 0x00402580 : pop rdi; ret
    > 0x00401611 : pop rbp; ret
pop pop ret
    > 0x00402987 : pop r12; ret
    > 0x00408ed1 : pop r12; pop r13; ret
    > 0x0040ff6d : pop r12; pop r13; pop r14; ret
    > 0x00402579 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00404be2 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0043b9de : add rsp, 0x1018; ret
    > 0x0043b9de : add rsp, 0x1018; ret
    > 0x00439b59 : add rsp, 0x28; ret
    > 0x00468dde : add rsp, 0x30; ret
    > 0x0046a2fb : add rsp, 0x48; ret
stack pivoting
    > 0x00401fe5 : xchg eax, esp; ret
    > 0x00476299 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0047629a : mov esp, ecx; pop rcx; jmp rcx
    > 0x0044bb08 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x0044bb09 : mov esp, eax; mov rbp, r9; jmp rdx
syscall
    > 0x004184d2 : syscall ; ret
write mem
    > 0x004580f4 : adc [rax], ecx; ret
    > 0x0042367c : adc [rcx], eax; ret
    > 0x0042544e : adc [rdi], eax; ret
    > 0x0045f8ba : adc [rbx], eax; pop rbx; ret
    > 0x00408368 : adc [rax + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact