ROPSHELL 
ropshell> use d3324ae0d485f347b2803f685f3a8ac8 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x243c0
total gadgets: 17042

ropshell> suggest "stack pivoting"
> 0x0005935f : mov rsp, rdx; ret
> 0x00040867 : xchg eax, esp; ret
> 0x00059360 : mov esp, edx; ret
> 0x00074cf2 : lea rsp, [r10 - 8]; ret
> 0x00074cf3 : lea esp, [rdx - 8]; ret
> 0x0004a325 : lea esp, [rdi - 0x16000002]; ret
> 0x00073201 : mov esp, edi; jmp rcx
> 0x0014d6fd : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00073731 : mov esp, esi; mov edx, 1; jmp rcx
> 0x0014d6fe : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0003dc59 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0003dc5a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x000a7de3 : mov esp, ebx; clc ; jmp [rsi + 0xf]
> 0x0010def2 : mov esp, ecx; push rbx; mov rbx, rdi; mov rdi, rcx; call rsi
> 0x00155831 : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x0015b0b8 : lea esp, [rax - 1]; mov rax, [r15 + 0xd0]; mov [r15 + 0xa8], r12d; call [rax + 0x18]
> 0x00026cf6 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact