ROPSHELL 
ropshell> use 9b8f02224b6497f2fd72ebf18d1949a3 (download)
name         : libc-2.31.so (x86_64/ELF)
base address : 0x25320
total gadgets: 17670

ropshell> suggest "stack pivoting"
> 0x0004ae86 : xchg eax, esp; ret
> 0x0007f544 : mov esp, eax; mov rax, r12; pop r12; ret
> 0x0003ba38 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x000c9aeb : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x000aae0f : lea esp, [rbx + 0x145fff7]; dec [rax - 0x7d]; ret
> 0x000c9aec : lea esp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x0007f551 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret
> 0x000674fc : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x0009362a : xchg ebp, esp; add [rax], al; add [rax + 0x29], cl; ret
> 0x0003d124 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x0012457d : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x0012175d : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, r8; mov rax, [rax + 0x18]; jmp rax
> 0x00123fdc : lea esp, [rax + 0x23b0]; xor esi, esi; mov [rax + 0x23b0], 1; mov rax, [rax + 0x23b8]; mov rdi, r12; call [rax + 0x28]
> 0x0004d570 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact