ROPSHELL 
ropshell> use 98f55f5f439bd905c2c5c17d3b25ded0 (download)
name         : speedrun-001 (x86_64/ELF)
base address : 0x4004d0
total gadgets: 8677

ropshell> suggest
call
    > 0x004011a7 : call rax
    > 0x0040092d : call rbx
    > 0x0041ca13 : call rcx
    > 0x0040e917 : call rdx
    > 0x0044eb31 : call rsi
jmp
    > 0x00450ae4 : push rsp; ret
    > 0x00400a91 : jmp rax
    > 0x00480101 : jmp rbx
    > 0x00422472 : jmp rcx
    > 0x0040d2c5 : jmp rdx
load mem
    > 0x00412c80 : movzx eax, [rdx]; ret
    > 0x0048e151 : mov rax, [rsi + 0x10]; ret
    > 0x004186f0 : mov rax, [rdi + 0x68]; ret
    > 0x0047e76c : mov eax, [rdx + 4]; ret
    > 0x0048e152 : mov eax, [rsi + 0x10]; ret
load reg
    > 0x00415664 : pop rax; ret
    > 0x00400df8 : pop rbx; ret
    > 0x0044be16 : pop rdx; ret
    > 0x004101f3 : pop rsi; ret
    > 0x00400686 : pop rdi; ret
pop pop ret
    > 0x0044be15 : pop r10; ret
    > 0x0040daf9 : pop r12; pop r13; ret
    > 0x004101ee : pop r12; pop r13; pop r14; ret
    > 0x0040067f : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040260e : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040dc3d : add rsp, 0x118; ret
    > 0x0040dc3d : add rsp, 0x118; ret
    > 0x00449629 : add rsp, 0x28; ret
    > 0x00475950 : add rsp, 0x38; ret
    > 0x00449859 : add rsp, 0x58; ret
stack pivoting
    > 0x0048d736 : mov rsp, rcx; ret
    > 0x004666a2 : xchg eax, esp; ret
    > 0x0048d737 : mov esp, ecx; ret
    > 0x0044a6f7 : mov esp, edx; call rbp
    > 0x0044acd0 : mov esp, esi; call r15
syscall
    > 0x00474e65 : syscall ; ret
write mem
    > 0x004471a8 : adc [rbx], eax; ret
    > 0x00443cf1 : add [rax + 0x28d4802], ecx; ret
    > 0x004388a6 : adc [rcx + 7], rdi; ret
    > 0x004388a7 : adc [rcx + 7], edi; ret
    > 0x00446e2e : adc [rsi + 3], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact