ROPSHELL 
ropshell> use 98f55f5f439bd905c2c5c17d3b25ded0 (download)
name         : speedrun-001 (x86_64/ELF)
base address : 0x4004d0
total gadgets: 8677

ropshell> suggest "stack pivoting"
> 0x0048d736 : mov rsp, rcx; ret
> 0x004666a2 : xchg eax, esp; ret
> 0x0048d737 : mov esp, ecx; ret
> 0x0044a6f7 : mov esp, edx; call rbp
> 0x0044acd0 : mov esp, esi; call r15
> 0x00482779 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0041adf4 : xchg edi, esp; add al, [rax]; add dh, dh; ret
> 0x0048277a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x0040f954 : lea rsp, [rbp - 0x20]; pop rbx; pop r12; pop r13; pop r14; pop rbp; ret
> 0x0040f955 : lea esp, [rbp - 0x20]; pop rbx; pop r12; pop r13; pop r14; pop rbp; ret
> 0x0046a839 : push rbx; pop rsp; stc ; inc [rbx + rcx*4 - 0x63]; idiv edi; dec [rax - 0x77]; ret
> 0x00486ce1 : mov esp, ebx; mov rbx, rax; nop cs:[rax + rax]; call [r12]
> 0x0040eac3 : lea esp, [rbx + rax*8 + 8]; nop [rax + rax]; call [rbx]
> 0x00400bac : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact