ROPSHELL 
ropshell> use b86ec517ee44b2d6c03096e0518c72a1 (download)
name         : libc.so.6 (x86_64/RAW)
base address : 0x0
total gadgets: 20145

ropshell> suggest "stack pivoting"
> 0x0003a2a7 : xchg eax, esp; ret
> 0x0016df4d : xchg esp, edi; jmp rdx
> 0x0016dffd : mov esp, edi; jmp rsp
> 0x00034f58 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0003725d : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00034f59 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x0003725e : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00069454 : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00051040 : movsxd rsp, edx; mov rdx, r12; call [rax + 0x38]
> 0x00069455 : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000aaa9f : mov esp, esi; mov rsi, rdx; mov rdi, r12; push rbp; push rbx; sub rsp, 8; call r13
> 0x001097dd : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x00114e6f : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00076383 : mov esp, edx; push rbp; mov rbp, rsi; push rbx; mov rax, [rdi + 0xd8]; mov rbx, rdi; call [rax + 0x60]
> 0x0003ea02 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact