ROPSHELL 
ropshell> use 986cedc30c8b1f07eefbecfb0aceaf87 (download)
name         : libsystem_c.dylib (x86_64/RAW)
base address : 0x0
total gadgets: 9158

ropshell> suggest
call
    > 0x00003813 : call rax
    > 0x00007e1c : call rbx
    > 0x00007b39 : call rcx
    > 0x0000522b : call rdx
    > 0x0000ccc3 : call rsi
jmp
    > 0x000d1502 : push rsp; ret
    > 0x000035c6 : jmp rax
    > 0x0001c0ef : jmp rbx
    > 0x000052d8 : jmp rcx
    > 0x0002f60f : jmp rdx
load mem
    > 0x000f35a3 : movzx eax, [rcx]; pop rbp; ret
    > 0x0003065b : mov rax, [rdi + 0x38]; pop rbp; ret
    > 0x0003065c : mov eax, [rdi + 0x38]; pop rbp; ret
    > 0x0010cc63 : mov eax, [rbp + 8]; pop rbp; ret
    > 0x00105170 : mov eax, [rbx]; add [rcx - 0x7c0e7608], cl; ret
load reg
    > 0x00020371 : pop rcx; ret
    > 0x000da174 : pop rdx; ret
    > 0x000e14c6 : pop rsi; ret 5
    > 0x000b353f : pop rdi; ret
    > 0x00002660 : pop rbp; ret
pop pop ret
    > 0x00002660 : pop rbp; ret
    > 0x00002b82 : pop r14; pop rbp; ret
    > 0x00002d05 : pop r14; pop r15; pop rbp; ret
    > 0x0000593f : pop r12; pop r14; pop r15; pop rbp; ret
    > 0x00002d01 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
stack pivoting
    > 0x0001029f : xchg eax, esp; ret
    > 0x000c709c : xchg esp, eax; ret 7
    > 0x0000265d : mov rsp, rbp; pop rbp; ret
    > 0x0000265e : mov esp, ebp; pop rbp; ret
    > 0x00027b1f : lea esp, [rsi - 0x76b7fffb]; fucompi st(0); ret
syscall
    > 0x000ecb8b : syscall ; add [rbx + 0x5d5e14c4], al; ret
write mem
    > 0x0009b5eb : adc [rbx], ecx; ret
    > 0x000ea5f1 : adc [rcx], edi; ret
    > 0x001532f3 : add [rdx], esi; ret
    > 0x000969c3 : add [rdx], edi; ret
    > 0x00060364 : add [rax + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact