ROPSHELL 
ropshell> use 9d882b10e070e3cbb52a0a4224ae5165 (download)
name         : ico (x86_64/ELF)
base address : 0x401070
total gadgets: 15660

ropshell> suggest
call
    > 0x004021da : call rax
    > 0x00401c0d : call rbx
    > 0x004c0ff5 : call rcx
    > 0x00404882 : call rdx
    > 0x0041091e : call rdi
jmp
    > 0x004011bf : push rsp; ret
    > 0x0040108f : jmp rax
    > 0x00433ded : jmp rdx
    > 0x00465fbd : jmp rsp
    > 0x004b53a7 : jmp r10
load mem
    > 0x004a0a80 : mov rax, [rdx]; ret
    > 0x00402b38 : mov rax, [rdi]; ret
    > 0x004a0a81 : mov eax, [rdx]; ret
    > 0x00402b39 : mov eax, [rdi]; ret
    > 0x004861ed : mov rax, [rdx + 0x10]; ret
load reg
    > 0x004133f3 : pop rax; ret
    > 0x0040127d : pop rbx; ret
    > 0x004211c2 : pop rdx; ret
    > 0x004212be : pop rsi; ret 0x13
    > 0x004be19d : pop rdi; ret
pop pop ret
    > 0x00482251 : pop r12; ret
    > 0x0040249b : pop r12; pop rbx; ret
    > 0x00402499 : pop r13; pop r12; pop rbx; ret
    > 0x0040257b : pop r14; pop r13; pop r12; pop rbx; ret
    > 0x00403664 : pop r15; pop r14; pop r13; pop r12; pop rbx; ret
stack pivoting
    > 0x0040b537 : xchg eax, esp; ret
    > 0x004015f8 : mov rsp, rbp; pop rbp; ret
    > 0x004015f9 : mov esp, ebp; pop rbp; ret
    > 0x00402b0b : lea rsp, [rsp + 0x108]; ret
    > 0x00402b0c : lea esp, [rsp + 0x108]; ret
syscall
    > 0x00401777 : syscall ; ret
write mem
    > 0x004c9294 : adc [rcx], edi; ret
    > 0x0046972f : adc [rdx], ecx; ret
    > 0x004448b3 : adc [rbx], eax; pop rbx; ret
    > 0x0043c92b : adc [rax + 0x63], ecx; ret
    > 0x004e3e7a : add [rax + 0x127c], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact