ROPSHELL 
ropshell> use 986cedc30c8b1f07eefbecfb0aceaf87 (download)
name         : libsystem_c.dylib (x86_64/RAW)
base address : 0x0
total gadgets: 9158

ropshell> suggest "stack pivoting"
> 0x0001029f : xchg eax, esp; ret
> 0x000c709c : xchg esp, eax; ret 7
> 0x0000265d : mov rsp, rbp; pop rbp; ret
> 0x0000265e : mov esp, ebp; pop rbp; ret
> 0x00027b1f : lea esp, [rsi - 0x76b7fffb]; fucompi st(0); ret
> 0x000066fd : push rsi; pop rsp; xor eax, eax; pop rbp; ret
> 0x00028a11 : lea rsp, [rbp - 0x10]; pop rbx; pop r14; pop rbp; ret
> 0x00028a12 : lea esp, [rbp - 0x10]; pop rbx; pop r14; pop rbp; ret
> 0x0005fb84 : mov esp, edx; call [rbp - 0x30]
> 0x00130c0b : mov esp, esp; and eax, [rcx]; add [rcx - 0x93c7621], cl; ret
> 0x00060bb5 : mov esp, eax; mov rdi, r15; mov rsi, r14; call rbx
> 0x000d8077 : lea esp, [rdi + rdi*8 - 1]; jmp [rsi + 0xf]
> 0x0007bbe6 : lea esp, [rbx + rdi*8 - 1]; call [rax]
> 0x00060fb3 : mov esp, ecx; mov rdi, r14; mov rsi, rbx; call [rbp - 0x48]
> 0x00067758 : mov esp, edi; mov rdi, r15; mov rsi, [rbp - 0x30]; mov rdx, rbx; mov r13, r10; call [r15 + 0x10]
> 0x000b8ddd : xchg esp, ebx; add [rax], eax; add [rsi + 2], bh; mov ecx, [rbp - 0x118]; mov eax, [rcx + rax*4 + 0x447]; add eax, ecx; jmp rax
> 0x0003cab6 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact