ROPSHELL 
ropshell> use d3324ae0d485f347b2803f685f3a8ac8 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x243c0
total gadgets: 17042

ropshell> suggest
call
    > 0x00027790 : call rax
    > 0x0002d216 : call rbx
    > 0x00061816 : call rcx
    > 0x00035217 : call rdx
    > 0x00027740 : call rsi
jmp
    > 0x00054ecb : push rsp; ret
    > 0x000278d0 : jmp rax
    > 0x00190388 : jmp rbx
    > 0x00066b9f : jmp rcx
    > 0x0003b228 : jmp rdx
load mem
    > 0x00083000 : mov eax, [rdx]; ret
    > 0x000e3394 : mov eax, [rdi]; ret
    > 0x00090964 : mov rax, [rdi + 0x68]; ret
    > 0x0009e358 : mov eax, [rdx + 0x630]; ret
    > 0x0013a844 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x000d40f7 : pop rax; ret
    > 0x00053394 : pop rbx; ret
    > 0x00142a53 : pop rcx; ret
    > 0x00053187 : pop rsi; ret
    > 0x0010194a : pop rdi; ret
pop pop ret
    > 0x00102bb6 : pop r12; ret
    > 0x00053184 : pop r12; pop r14; ret
    > 0x00102d96 : pop r12; pop r13; pop r14; ret
    > 0x00101943 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00116f9c : pop r11; pop r12; pop r13; pop r14; pop rbp; ret
sp lifting
    > 0x00100e8f : add rsp, 0x18; ret
    > 0x00100e8f : add rsp, 0x18; ret
    > 0x001029b0 : add rsp, 0x28; ret
    > 0x0011c94a : add rsp, 0x38; ret
    > 0x0011c9ab : add rsp, 0x40; ret
stack pivoting
    > 0x0005935f : mov rsp, rdx; ret
    > 0x00040867 : xchg eax, esp; ret
    > 0x00059360 : mov esp, edx; ret
    > 0x00074cf2 : lea rsp, [r10 - 8]; ret
    > 0x00074cf3 : lea esp, [rdx - 8]; ret
syscall
    > 0x000928c6 : syscall ; ret
    > 0x0008aa2b : int 0x80; cmp esi, 2; cmove eax, ecx; mov [rdi], eax; mov eax, edx; ret
write mem
    > 0x000b210c : adc [rcx], eax; ret
    > 0x00093fca : add [rcx], edi; ret
    > 0x0010e6e6 : add [rsi], ecx; ret
    > 0x0009cf4f : add [rdi], rax; ret
    > 0x0007d160 : adc [rdi], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact