ROPSHELL 
ropshell> use b96c7fbfdfc1065aefdcbea3bd91196e (download)
name         : libc-2.21.so (x86_64/ELF)
base address : 0x1f4f0
total gadgets: 16722

ropshell> suggest "stack pivoting"
> 0x0002f21b : xchg eax, esp; ret
> 0x00033588 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00035851 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00033589 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x00035852 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000e5774 : mov esp, edx; mov rbp, rax; call rax
> 0x00067fcd : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000445d8 : movsxd rsp, edx; mov rdx, r12; call [rax + 0x38]
> 0x00067fce : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000e11db : mov esp, ecx; sub eax, [rax]; neg eax; mov fs:[rdx], eax; mov rax, -1; ret
> 0x00076f38 : mov esp, esi; xor edi, edi; mov r13, rdx; call [r14]
> 0x000a8ee1 : mov esp, edi; mov rsi, rdx; mov rdi, rbp; sub rsp, 8; call r12
> 0x001098ed : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rcx; mov r8, [rax + 0x18]; jmp r8
> 0x000789ef : xchg edx, esp; add [rax], eax; add [rbx - 0x72f7dbbc], cl; add [rcx], rax; ror [rax - 0x73], 0x54; ret
> 0x001151af : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x001119ec : lea esp, [rax - 1]; mov rax, [rbx + 0x70]; mov [rbx + 0x48], r12d; bswap r12d; call [rax + 0x18]
> 0x0003cf55 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact