ROPSHELL 
ropshell> use b0097c8a9284b03b412ff171c3d3c9cc (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x1f8b0
total gadgets: 17576

ropshell> suggest "stack pivoting"
> 0x0004728e : xchg eax, esp; ret
> 0x000398d1 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0007f0d4 : xchg edi, esp; add al, 0; add dh, dh; ret
> 0x000398d2 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000352f9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000352fa : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00102934 : mov esp, edx; mov rbp, rax; call rax
> 0x000c919f : lea esp, [rdi + rax - 0x2776b800]; call rax
> 0x0006d12d : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0006d12e : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000e1d95 : mov esp, esi; mov [rsp + 0x40], rdi; add rax, rdx; jmp rax
> 0x0014c34f : lea esp, [rdx + rax - 0x7efb7500]; mov edx, [rcx + rdx*4]; sub eax, edx; ret
> 0x00037313 : lea esp, [rsi + rax]; mov rbx, rax; mov rdi, r12; call r15
> 0x0004a900 : movsxd rsp, edx; mov rdx, r12; mov rax, [rdi + 0xd8]; call [rax + 0x38]
> 0x0012b88d : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x00139b4f : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00156a05 : xchg esp, ebp; add eax, [rax]; movsxd rdx, [r11 + rdx*4]; lea rdx, [r11 + rdx]; jmp rdx
> 0x0013530c : lea esp, [rax - 1]; mov rax, [rbx + 0x70]; mov [rbx + 0x48], r12d; bswap r12d; call [rax + 0x18]
> 0x00136249 : mov esp, edi; mov r15, r13; mov rdi, [r12]; lea rsi, [rax + 0x18]; mov r13, rax; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x00042361 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact