ROPSHELL 
ropshell> use c0d63d5f295f8cea9f6a969f30d87c1a (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x26650
total gadgets: 15278

ropshell> suggest "stack pivoting"
> 0x00059700 : mov rsp, rdx; ret
> 0x00034f4a : xchg eax, esp; ret
> 0x00059701 : mov esp, edx; ret
> 0x0008a6c4 : mov esp, eax; mov rax, r12; pop r12; ret
> 0x000dd133 : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x000dd134 : lea esp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x00041687 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0008a6d1 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret
> 0x000d3a66 : xchg ebp, esp; sar bh, cl; jmp [rsi - 0x7f]
> 0x000719f0 : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x00143de5 : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x00042cc4 : lea esp, [rcx + rax]; mov r13, rax; mov rdi, r12; call rbx
> 0x00141331 : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, r8; mov rax, [rax + 0x18]; jmp rax
> 0x0015c7b7 : lea esp, [rsi + 8]; add [rdi + rax*8], ah; add es:[rax], al; add [rax - 1], bh; ret
> 0x00143800 : lea esp, [rax + 0x23b0]; xor esi, esi; mov [rax + 0x23b0], 1; mov rax, [rax + 0x23b8]; mov rdi, r12; call [rax + 0x28]
> 0x0005591c : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact