ROPSHELL 
ropshell> use cac294ad0dceaacfb968152e4edffc2f (download)
name         : libc (x86_64/ELF)
base address : 0x22700
total gadgets: 14959

ropshell> suggest
call
    > 0x0002350e : call rax
    > 0x0003335c : call rbx
    > 0x000235ee : call rcx
    > 0x0008cfaf : call rdx
    > 0x00024500 : call rsi
jmp
    > 0x00030df4 : push rsp; ret
    > 0x000238c7 : jmp rax
    > 0x00030d8e : jmp rcx
    > 0x0003960e : jmp rdx
    > 0x00079cfe : jmp rsi
load mem
    > 0x0007d900 : mov eax, [rdx]; ret
    > 0x000de894 : mov eax, [rdi]; ret
    > 0x0008ad64 : mov rax, [rdi + 0x68]; ret
    > 0x00101d81 : mov eax, [rdx + 8]; ret
    > 0x0014b534 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x0003fa43 : pop rax; ret
    > 0x0002f1d1 : pop rbx; ret
    > 0x00099a83 : pop rcx; ret
    > 0x00166262 : pop rdx; ret
    > 0x000251be : pop rsi; ret
pop pop ret
    > 0x0002eb30 : pop r12; ret
    > 0x00037616 : pop r12; pop r13; ret
    > 0x0011960f : pop r11; pop rbp; pop r12; ret
    > 0x00023b5e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0011606c : pop r11; pop rbp; pop r12; pop r13; pop r14; ret
sp lifting
    > 0x00119e6b : add rsp, 0x1018; ret
    > 0x00119e6b : add rsp, 0x1018; ret
    > 0x001428ec : add rsp, 0x218; ret
    > 0x00054bf4 : add rsp, 0x38; ret
    > 0x00122a3b : add rsp, 0x40; ret
stack pivoting
    > 0x00054990 : mov rsp, rdx; ret
    > 0x0003e72e : xchg eax, esp; ret
    > 0x00054991 : mov esp, edx; ret
    > 0x00070490 : mov esp, ecx; jmp rdx
    > 0x00070409 : mov esp, esi; jmp rdx
syscall
    > 0x0008cc36 : syscall ; ret
write mem
    > 0x0007f088 : adc [rax], ecx; ret
    > 0x000add0c : adc [rcx], eax; ret
    > 0x00068534 : add [rcx], edi; ret
    > 0x0003ad3c : adc [rdx], ecx; ret
    > 0x000976cf : add [rdi], rax; ret

© 2014 - 2019 - Powered by ROPEME | Contact