ROPSHELL 
ropshell> use a90a0dd472e75a0e34cd6a4b0627a9b1 (download)
name         : main (x86_64/ELF)
base address : 0x401180
total gadgets: 6282

ropshell> suggest "stack pivoting"
> 0x0042735a : xchg eax, esp; ret
> 0x00406ace : lea esp, [rax - 0x7600000a]; ret
> 0x0047ad79 : mov rsp, rcx; pop rcx; jmp rcx
> 0x0047ad7a : mov esp, ecx; pop rcx; jmp rcx
> 0x004481c5 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x004481c6 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0046a48d : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0046a48e : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00409115 : xchg edx, esp; add [rax], al; add [rcx - 0x7d], cl; ret
> 0x00466d11 : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x18; jmp r11
> 0x00466d12 : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x18; jmp r11
> 0x0040b956 : xchg ebp, esp; add [rax], al; add [rsi - 1], bh; call [r14 + 0x18]
> 0x0040cb9f : xchg esp, ecx; add [rax], eax; add [rsi - 1], bh; mov rdi, rbx; call [rax + 0x18]
> 0x00445a2a : xchg ecx, esp; add [rax], al; add [rcx + rcx*4 - 0x16], cl; mov rsi, r12; mov rdi, rbx; call [r14 + 0x38]
> 0x0047b4b1 : lea esp, [rbx + rax + 8]; mov [rsp + 0x18], r9; mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0040195e : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact