ROPSHELL 
ropshell> use d7bc3ce3b6b7ac53ba2918a97d806418 (download)
name         : bash (x86_64/ELF)
base address : 0x30c20
total gadgets: 6064

ropshell> suggest
call
    > 0x000315d5 : call rax
    > 0x00059615 : call rbx
    > 0x00030e07 : call rcx
    > 0x000489b9 : call rdx
    > 0x0003288d : call rsi
jmp
    > 0x0005d8e8 : push rsp; ret
    > 0x00031a82 : jmp rax
    > 0x000a4553 : jmp rbx
    > 0x000fda6d : jmp rcx
    > 0x00081c2d : jmp rdx
load mem
    > 0x000e4a2f : mov rax, [rcx + 8]; ret
    > 0x000e4a30 : mov eax, [rcx + 8]; ret
    > 0x0009f485 : mov eax, [rdx + 0xc]; ret
    > 0x0007f35b : mov eax, [rdi + 0xc]; ret
    > 0x0005228c : mov rax, [rbx + 0x20]; pop rbx; ret
load reg
    > 0x000cbbd8 : pop rax; ret
    > 0x000337a0 : pop rbx; ret
    > 0x0003510f : pop rsi; ret
    > 0x0003383b : pop rdi; ret
    > 0x00032fc3 : pop rbp; ret
pop pop ret
    > 0x00033372 : pop r12; ret
    > 0x00033e8a : pop r12; pop r13; ret
    > 0x0003510a : pop r12; pop r13; pop r14; ret
    > 0x00033834 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00072d25 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00046518 : add rsp, 0x18; ret
    > 0x00046518 : add rsp, 0x18; ret
    > 0x00042d97 : add rsp, 0x28; ret
    > 0x000cc144 : add rsp, 0x38; ret
    > 0x000cbbd5 : add rsp, 0x58; ret
stack pivoting
    > 0x0003adb0 : xchg eax, esp; ret
    > 0x0006b376 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
    > 0x00058178 : mov esp, ebx; mov rax, r12; pop rbx; pop rbp; pop r12; ret
    > 0x0004636a : mov esp, ebp; mov rax, r12; pop rbp; pop r12; pop r13; ret
    > 0x000d693f : lea esp, [rax + 1]; mov rax, r12; pop r12; ret
write mem
    > 0x000fb4fb : add [rcx], edi; ret
    > 0x0003550b : add [rax + 0x63], r9; ret
    > 0x000e899c : add [rax + 0x39], ecx; ret
    > 0x000605b6 : add [rdx], edi; cmovle eax, edx; ret
    > 0x000aacaf : add [rdi], ecx; xchg eax, esp; ret

© 2014 - 2019 - Powered by ROPEME | Contact