ROPSHELL 
ropshell> use d371da546786965fe0ee40147ffef716 (download)
name         : libc-2.31.so (x86_64/ELF)
base address : 0x25630
total gadgets: 15248

ropshell> suggest
call
    > 0x000270b1 : call rax
    > 0x0002703e : call rbx
    > 0x000a162e : call rcx
    > 0x00033ea3 : call rdx
    > 0x00028c1e : call rsi
jmp
    > 0x0004543d : push rsp; ret
    > 0x00026e91 : jmp rax
    > 0x0003dc4d : jmp rbx
    > 0x00084006 : jmp rcx
    > 0x00043901 : jmp rdx
load mem
    > 0x00088710 : mov eax, [rdx]; ret
    > 0x000e1464 : mov eax, [rdi]; ret
    > 0x000e1414 : mov rax, [rdi + 0x20]; ret
    > 0x00105bc1 : mov eax, [rdx + 8]; ret
    > 0x000e1415 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x0004a550 : pop rax; ret
    > 0x000331ff : pop rbx; ret
    > 0x0009f822 : pop rcx; ret
    > 0x00027529 : pop rsi; ret
    > 0x00026b72 : pop rdi; ret
pop pop ret
    > 0x00032b59 : pop r12; ret
    > 0x0002911b : pop r12; pop r13; ret
    > 0x0002959a : pop r12; pop r13; pop r14; ret
    > 0x00026b6b : pop r12; pop r13; pop r14; pop r15; ret
    > 0x000276e2 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x000461a1 : add rsp, 0x118; ret
    > 0x000461a1 : add rsp, 0x118; ret
    > 0x0004a5c5 : add rsp, 0x28; ret
    > 0x0005e9f7 : add rsp, 0x38; ret
    > 0x00125a0b : add rsp, 0x40; ret
stack pivoting
    > 0x0005e650 : mov rsp, rdx; ret
    > 0x000334ea : xchg eax, esp; ret
    > 0x0005e651 : mov esp, edx; ret
    > 0x00091314 : mov esp, eax; mov rax, r12; pop r12; ret
    > 0x000e4626 : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
syscall
    > 0x00066229 : syscall ; ret
write mem
    > 0x000bef4c : adc [rbx], eax; ret
    > 0x0007e4a5 : add [rcx], eax; ret
    > 0x000f3c8b : add [rcx], edi; ret
    > 0x0015377c : adc [rdx], ebx; ret
    > 0x00150004 : adc [rdx], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact