ROPSHELL 
ropshell> use cec1138c17426f9cbc55a984f3f57397 (download)
name         : rop_me_baby.exe (x86_64/PE)
base address : 0x401000
total gadgets: 8472

ropshell> suggest
call
    > 0x00401245 : call rax
    > 0x0041035c : call rbx
    > 0x004167a1 : call rcx
    > 0x00422e01 : call rdx
    > 0x0041788b : call rsi
jmp
    > 0x00401a95 : jmp rax
    > 0x0046d7fc : jmp rcx
    > 0x004049b9 : jmp rdx
    > 0x00459e5a : jmp r8
    > 0x004aa0ef : push rsp; or [rax], cl; ret
load mem
    > 0x0040c6d0 : mov rax, [rcx]; ret
    > 0x00418d20 : mov rax, [rdx]; ret
    > 0x00418d1b : mov rax, [r10]; ret
    > 0x0040c6d1 : mov eax, [rcx]; ret
    > 0x00418d1c : mov eax, [rdx]; ret
load reg
    > 0x0040b53f : pop rax; ret
    > 0x00401d52 : pop rbx; ret
    > 0x0040c620 : pop rcx; ret
    > 0x00401ccb : pop rsi; ret
    > 0x00401fdc : pop rdi; ret
pop pop ret
    > 0x0040352a : pop r12; ret
    > 0x004013fb : pop r12; pop r13; ret
    > 0x00409f8b : pop r12; pop r13; pop r14; ret
    > 0x00404240 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040ae01 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00401098 : add rsp, 0x28; ret
    > 0x00401098 : add rsp, 0x28; ret
    > 0x00401174 : add rsp, 0x38; ret
    > 0x0040d026 : add rsp, 0x48; ret
    > 0x0040b53c : add rsp, 0x58; ret
stack pivoting
    > 0x00415cda : xchg eax, esp; ret
    > 0x00411f6a : mov rsp, rbp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x00411f6b : mov esp, ebp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x00485b41 : lea esp, [rsp + 0x38]; mov rdx, rsi; mov rcx, r12; call rax
    > 0x00450b29 : movsxd rsp, ecx; mov rcx, rsi; mov r8, r12; mov rdx, [rbp - 0x48]; call [rax + 0x60]
write mem
    > 0x0046c250 : add [rbx], eax; ret
    > 0x004168d9 : add [rcx], edi; ret
    > 0x0046c293 : add [rdx], eax; ret
    > 0x0042a793 : add [rax + 0x39], ecx; ret
    > 0x00482f80 : add [rcx + 0x10], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact