ROPSHELL 
ropshell> use 7ae5fa298772964cf408d1fac5dc4180 (download)
name         : libc-2.29.so.6 (x86_64/ELF)
base address : 0x25320
total gadgets: 17444

ropshell> suggest "stack pivoting"
> 0x0002a29b : xchg eax, esp; ret
> 0x000dfa48 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000dfa49 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00043c79 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00043c7a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00118671 : mov esp, edx; xor esi, esi; call rbp
> 0x0014bf09 : mov esp, esp; call [rax + 0x18]
> 0x00071cdb : lea esp, [rax + 0xffffffa]; test [rdi], ch; ret
> 0x0007a889 : xchg edx, esp; and [rax], eax; add [rax - 0x7d], cl; ret
> 0x00027d37 : push rbp; pop rsp; adc eax, [rax]; mov rdi, rbx; call r12
> 0x0007cdbe : mov esp, edi; sar r12, 2; mov rdx, r12; call [rax + 0x38]
> 0x00045492 : lea esp, [rsi + rax]; mov r13, rax; mov rdi, r12; call rbx
> 0x00047391 : lea esp, [rbx + rax*8 + 8]; nop [rax]; call [rbx]
> 0x00147f05 : lea esp, [rsp + 0x10]; lea rsi, [rsp + 0x18]; call [rax]
> 0x00144fad : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x0014e364 : xchg esp, edx; add [rax], al; add [rbx + 0x48102444], cl; lea edx, [rip + 0x60c4c]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x00058373 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact