ROPSHELL 
ropshell> use c5483b8a6c0a4f2b91331f6f8bc3b39a (download)
name         : starcraft (x86_64/ELF)
base address : 0x21f0
total gadgets: 292

ropshell> suggest
call
    > 0x0000222c : call rax
    > 0x000024b3 : call rcx
    > 0x00002375 : call rdx
    > 0x00004aa3 : call [rbp + 0x48]
    > 0x0000229c : call [rsp + rax*8]
jmp
    > 0x000022e2 : jmp rax
load mem
    > 0x00003056 : mov rdx, [rax]; mov rax, [rbp - 0x18]; mov rdi, rax; call rdx
    > 0x00003057 : mov edx, [rax]; mov rax, [rbp - 0x18]; mov rdi, rax; call rdx
    > 0x00004b0d : mov eax, [rdx + rax]; movsxd rdx, eax; lea rax, [rip + 0x9da]; add rax, rdx; jmp rax
    > 0x0000264e : mov rcx, [rax]; lea rdx, [rbp - 0x60]; mov rax, [rbp - 0x88]; mov rsi, rdx; mov rdi, rax; call rcx
    > 0x0000264f : mov ecx, [rax]; lea rdx, [rbp - 0x60]; mov rax, [rbp - 0x88]; mov rsi, rdx; mov rdi, rax; call rcx
load reg
    > 0x000022b5 : pop rbp; ret
    > 0x00002697 : pop rbx; pop rbp; ret
    > 0x000022b4 : pop rsp; pop rbp; ret
    > 0x000022b3 : pop r12; pop rbp; ret
    > 0x00004e6f : mov r15, [rsp + 0x30]; add rsp, 0x38; ret
pop pop ret
    > 0x000022b5 : pop rbp; ret
    > 0x000022b3 : pop r12; pop rbp; ret
    > 0x000022b2 : pop rbx; pop r12; pop rbp; ret
sp lifting
    > 0x00004e74 : add rsp, 0x38; ret
    > 0x00004e74 : add rsp, 0x38; ret
stack pivoting
    > 0x000026e0 : leave ; ret
write mem
    > 0x00002285 : add [rax + 0x39], ecx; fdiv [rbx + 0x20]; nop [rax + rax]; add rax, 1; mov [rip + 0x204e45], rax; call [r12 + rax*8]

© 2014 - 2019 - Powered by ROPEME | Contact