ROPSHELL 
ropshell> use 93719b7d673d5d852286c53060fcf654 (download)
name         : GoCrackMe2 (x86_64/ELF)
base address : 0x401000
total gadgets: 4286

ropshell> suggest
call
    > 0x00407a0e : call rax
    > 0x00422251 : call rbx
    > 0x00405dd1 : call rcx
    > 0x00434691 : call rdx
    > 0x004049c4 : call rsi
jmp
    > 0x0040b5c7 : push rsp; ret
    > 0x00455ad0 : jmp rax
    > 0x00462d3e : jmp rbx
    > 0x00463c48 : jmp rdi
    > 0x00459bec : jmp [rax]
load mem
    > 0x004871ed : mov rax, [rcx]; ret
    > 0x004871ee : mov eax, [rcx]; ret
    > 0x00435405 : mov rbx, [rcx + 0x10]; ret
    > 0x00435406 : mov ebx, [rcx + 0x10]; ret
    > 0x00407a0b : mov rax, [rdx]; call rax
load reg
    > 0x004385e1 : pop rbx; ret
    > 0x00401031 : pop rbp; ret
    > 0x00404291 : pop rax; pop rbp; ret
    > 0x0047380f : pop rdx; adc [rax - 1], cl; ret
    > 0x00448a65 : pop rsp; or cl, [rax]; ret
pop pop ret
    > 0x00401031 : pop rbp; ret
    > 0x00404291 : pop rax; pop rbp; ret
sp lifting
    > 0x004670c7 : add rsp, 0x30; ret
    > 0x004670c7 : add rsp, 0x30; ret
stack pivoting
    > 0x00406349 : xchg eax, esp; ret
    > 0x004674e0 : mov rsp, rbx; pop rbp; ret
    > 0x004674e1 : mov esp, ebx; pop rbp; ret
    > 0x0046585a : mov rsp, rsi; mov [rsp + 0x20], eax; pop rbp; ret
    > 0x0046585b : mov esp, esi; mov [rsp + 0x20], eax; pop rbp; ret
syscall
    > 0x004670e9 : syscall ; ret
write mem
    > 0x0042f1d9 : add [rax + 0x110], rbx; ret
    > 0x0042f1da : add [rax + 0x110], ebx; ret
    > 0x0042a7f5 : add [rax + 0x39], ecx; ret
    > 0x004600e4 : adc [rbx + 8], eax; ret
    > 0x0042f1bd : add [rdx + 0x118], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact