ROPSHELL 
ropshell> use c009024babc809bd36b06a8021d3d09f (download)
name         : vuln (x86_64/ELF)
base address : 0x401010
total gadgets: 594

ropshell> suggest
call
    > 0x004014b8 : call rbx
    > 0x00409d29 : call rdi
    > 0x00401470 : call [rbx]
    > 0x00406154 : call [rcx]
    > 0x0040a033 : call [rdi + 0x48]
jmp
    > 0x0040109f : jmp rax
    > 0x00401879 : jmp rdx
    > 0x004053d7 : jmp rsi
    > 0x004014c0 : jmp [rsi + 0x2e]
load mem
    > 0x00401892 : mov rax, [rcx]; mov [rdi], rax; ret
    > 0x00401893 : mov eax, [rcx]; mov [rdi], rax; ret
    > 0x00409cca : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret
    > 0x00409e5a : mov rax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
    > 0x00409e5b : mov eax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
load reg
    > 0x004011a9 : pop rbx; ret
    > 0x00404947 : pop rsi; ret
    > 0x004022fd : pop rdi; ret
    > 0x00401123 : pop rbp; ret
    > 0x00404779 : pop rsp; ret
pop pop ret
    > 0x00404778 : pop r12; ret
    > 0x004016a1 : pop r12; pop r13; ret
    > 0x00404942 : pop r12; pop r13; pop r14; ret
    > 0x004022f6 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004022f5 : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x004013b5 : add rsp, 0x158; ret
    > 0x004013b5 : add rsp, 0x158; ret
    > 0x00404437 : add rsp, 0x28; ret
stack pivoting
    > 0x004011f5 : xchg eax, esp; nop cs:[rax + rax]; ret
    > 0x00409926 : leave ; ret
syscall
    > 0x004045ce : syscall ; ret
write mem
    > 0x00409473 : add [r8], rax; add dh, dh; ret
    > 0x004043d3 : add [rax + 2], edi; sbb eax, -1; ret
    > 0x0040428e : add [r8], eax; mov rdx, [rbx]; mov rax, fs:[0]; mov [rax + 0x28], rdx; pop rbx; ret
    > 0x00401868 : adc [rdi + 0x4d], esi; lea rcx, [rip + 0x97d6]; movsxd rdx, [rcx + rsi*4]; add rdx, rcx; jmp rdx

© 2014 - 2019 - Powered by ROPEME | Contact