ROPSHELL 
ropshell> use d72f6df37ec295e7657a38d2c76ebc01 (download)
name         : static (x86_64/ELF)
base address : 0x4011c0
total gadgets: 7746

ropshell> suggest
call
    > 0x00401ca8 : call rax
    > 0x0040e64f : call rbx
    > 0x0044bdb6 : call rcx
    > 0x00414bbf : call rdx
    > 0x0044f06a : call rsi
jmp
    > 0x00418d72 : push rsp; ret
    > 0x0040171c : jmp rax
    > 0x0047e1eb : jmp rbx
    > 0x004257d3 : jmp rcx
    > 0x00403e5b : jmp rdx
load mem
    > 0x00479f52 : mov eax, [rcx]; ret
    > 0x00413ea4 : mov rax, [rdi + 0x68]; ret
    > 0x00413ea5 : mov eax, [rdi + 0x68]; ret
    > 0x0041bf84 : mov eax, [rdx]; add bh, dh; ret 0
    > 0x0041e4d3 : movzx eax, [rdi]; sub eax, ecx; ret
load reg
    > 0x00448127 : pop rax; ret
    > 0x00401950 : pop rbx; ret
    > 0x00409f4e : pop rsi; ret
    > 0x00401f1f : pop rdi; ret
    > 0x004017a1 : pop rbp; ret
pop pop ret
    > 0x0040237d : pop r12; ret
    > 0x0040c1e6 : pop r12; pop r13; ret
    > 0x00409f49 : pop r12; pop r13; pop r14; ret
    > 0x00401f18 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004049bd : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0044998b : add rsp, 0x1018; ret
    > 0x0044998b : add rsp, 0x1018; ret
    > 0x004474cd : add rsp, 0x28; ret
    > 0x0047e2d4 : add rsp, 0x30; ret
    > 0x00448124 : add rsp, 0x58; ret
stack pivoting
    > 0x004018f7 : xchg eax, esp; ret
    > 0x00493859 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0049385a : mov esp, ecx; pop rcx; jmp rcx
    > 0x0047e2cd : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
    > 0x0045c0bb : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x00414af6 : syscall ; ret
write mem
    > 0x0046ab78 : adc [rax], ecx; ret
    > 0x0043f8cc : adc [rcx], eax; ret
    > 0x00440cf2 : adc [rdi], eax; ret
    > 0x00473b1e : adc [rbx], eax; pop rbx; ret
    > 0x00463427 : adc [rax + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact