ROPSHELL 
ropshell> use b96c7fbfdfc1065aefdcbea3bd91196e (download)
name         : libc-2.21.so (x86_64/ELF)
base address : 0x1f4f0
total gadgets: 16722

ropshell> suggest
call
    > 0x0002084e : call rax
    > 0x000244e5 : call rbx
    > 0x00020040 : call rcx
    > 0x0002e903 : call rdx
    > 0x00021d43 : call rsi
jmp
    > 0x00032e69 : push rsp; ret
    > 0x00020ad1 : jmp rax
    > 0x0002ab1a : jmp rcx
    > 0x00020cfd : jmp rdx
    > 0x00031888 : jmp rsi
load mem
    > 0x0006b27c : mov eax, [rdx]; ret
    > 0x000b4890 : mov eax, [rdi]; ret
    > 0x00116d92 : mov rax, [rdi + 0x18]; ret
    > 0x000d4e51 : mov eax, [rdx + 8]; ret
    > 0x000d1a9e : mov eax, [rsi + 0x14]; ret
load reg
    > 0x000366d8 : pop rax; ret
    > 0x00020be7 : pop rbx; ret
    > 0x000f4f05 : pop rdx; ret
    > 0x00022c05 : pop rsi; ret
    > 0x00021272 : pop rdi; ret
pop pop ret
    > 0x000f4f04 : pop r10; ret
    > 0x0001fbea : pop r12; pop r13; ret
    > 0x00022c00 : pop r12; pop r13; pop r14; ret
    > 0x0002126b : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0001f6ae : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0008331e : add rsp, 0x100; ret
    > 0x0008331e : add rsp, 0x100; ret
    > 0x00036731 : add rsp, 0x28; ret
    > 0x000b5586 : add rsp, 0x38; ret
    > 0x000e6677 : add rsp, 0x408; ret
stack pivoting
    > 0x0002f21b : xchg eax, esp; ret
    > 0x00033588 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x00035851 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x00033589 : mov esp, eax; mov rbp, r9; jmp rdx
    > 0x00035852 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x000b9095 : syscall ; ret
write mem
    > 0x000c7781 : add [rcx], edi; ret
    > 0x00032b74 : adc [rdi], ecx; ret
    > 0x00145131 : add [rax + 0x28d4802], ecx; ret
    > 0x000c1223 : add [rax + 1], edi; ret
    > 0x000fd718 : add [rbx + 0x460f09fb], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact