ROPSHELL 
ropshell> use c3f448dc2ba6e5d477e9ebd1449b2cbd (download)
name         : calcm (x86_64/ELF)
base address : 0x9530
total gadgets: 7374

ropshell> suggest
call
    > 0x0000a7a5 : call rax
    > 0x00060166 : call rbx
    > 0x0000a721 : call rcx
    > 0x00018b0b : call rdx
    > 0x00068c1e : call rsi
jmp
    > 0x00023f3e : push rsp; ret
    > 0x00009f89 : jmp rax
    > 0x00011aad : jmp rbx
    > 0x0000b3b7 : jmp rcx
    > 0x00017761 : jmp rdx
load mem
    > 0x000a89f2 : mov eax, [rcx]; ret
    > 0x000315e4 : mov rax, [rdi + 0x68]; ret
    > 0x000315e5 : mov eax, [rdi + 0x68]; ret
    > 0x0003c1d3 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x00042903 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x000628c7 : pop rax; ret
    > 0x0000aadb : pop rbx; ret
    > 0x00009b6f : pop rdx; ret
    > 0x00017f3e : pop rsi; ret
    > 0x00009c6a : pop rdi; ret
pop pop ret
    > 0x0000bbef : pop r12; ret
    > 0x00022171 : pop r12; pop r13; ret
    > 0x00017f39 : pop r12; pop r13; pop r14; ret
    > 0x00009c63 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0000bffc : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x000180a1 : add rsp, 0x118; ret
    > 0x000180a1 : add rsp, 0x118; ret
    > 0x00061c0d : add rsp, 0x28; ret
    > 0x00086347 : add rsp, 0x38; ret
    > 0x000628c4 : add rsp, 0x58; ret
stack pivoting
    > 0x0000d9d1 : xchg eax, esp; ret
    > 0x000b8884 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x000b8885 : mov esp, ecx; pop rcx; jmp rcx
    > 0x000aca9b : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x000aca9c : mov esp, eax; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0002eef4 : syscall ; ret
write mem
    > 0x0005e80c : adc [rbx], eax; ret
    > 0x0008cdbb : add [rcx], eax; ret
    > 0x000a6766 : adc [rax + 0x39], ecx; ret
    > 0x000637e5 : add [rbx + 0x94901e0], eax; ret
    > 0x0004f1ca : adc [rcx + 7], rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact