ROPSHELL 
ropshell> use cae48a0bf63e64a0d48d6e0adb05cf6f (download)
name         : power_greed (x86_64/ELF)
base address : 0x401180
total gadgets: 6294

ropshell> suggest
call
    > 0x00402946 : call rax
    > 0x0042282b : call rbx
    > 0x00412f6e : call rcx
    > 0x0043868c : call rdx
    > 0x004631f9 : call rsi
jmp
    > 0x00422dbb : push rsp; ret
    > 0x0040193c : jmp rax
    > 0x0046839d : jmp rbx
    > 0x0041e314 : jmp rcx
    > 0x004071ed : jmp rdx
load mem
    > 0x00428b82 : mov eax, [rcx]; ret
    > 0x00412284 : mov rax, [rdi + 0x68]; ret
    > 0x00412285 : mov eax, [rdi + 0x68]; ret
    > 0x00449459 : mov eax, [rdx]; pop r12; pop rbp; ret
    > 0x0041a9c5 : movzx eax, [rdi]; sub eax, ecx; ret
load reg
    > 0x0042adab : pop rax; ret
    > 0x0046ca97 : pop rbx; ret
    > 0x00418eba : pop rdx; ret 6
    > 0x00401899 : pop rbp; ret
    > 0x00406d10 : pop rsp; ret
pop pop ret
    > 0x0042adab : pop rax; ret
    > 0x00401897 : pop r12; pop rbp; ret
    > 0x0040308b : pop r12; pop r13; pop rbp; ret
    > 0x0040bffd : pop r12; pop r13; pop r14; pop rbp; ret
    > 0x00402bd1 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00468398 : add rsp, 0x18; jmp r11
    > 0x00468398 : add rsp, 0x18; jmp r11
stack pivoting
    > 0x0042a2da : xchg eax, esp; ret
    > 0x004085be : lea esp, [rax - 0x7600000a]; ret
    > 0x0047c819 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0047c81a : mov esp, ecx; pop rcx; jmp rcx
    > 0x0044a635 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x00412e96 : syscall ; ret
write mem
    > 0x004489c8 : adc [rax], ecx; ret
    > 0x0041de0c : adc [rcx], eax; ret
    > 0x0041fc52 : adc [rdi], eax; ret
    > 0x0041085b : add [rax + 0x39], ecx; ret
    > 0x0041e3af : adc [rax + 0x30], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact