ROPSHELL 
ropshell> use dad000449a084adae9c3ae902ac03ed0 (download)
name         : bash (x86_64/ELF)
base address : 0x2fe20
total gadgets: 6684

ropshell> suggest
call
    > 0x00032000 : call rax
    > 0x00065408 : call rbx
    > 0x0004f12e : call rcx
    > 0x0007f136 : call rdx
    > 0x0005eb2f : call rsi
jmp
    > 0x00081ea3 : push rsp; ret
    > 0x00030541 : jmp rax
    > 0x000dbc05 : jmp rbx
    > 0x0003dcbd : jmp rcx
    > 0x00034897 : jmp rdx
load mem
    > 0x000d183e : mov rax, [rsi + 8]; ret
    > 0x0009aa5e : mov eax, [rdx + 0xc]; ret
    > 0x000d183f : mov eax, [rsi + 8]; ret
    > 0x0007afd7 : mov eax, [rdi + 0xc]; ret
    > 0x000aaaad : mov rdi, [rax]; call rdx
load reg
    > 0x000bd2b5 : pop rax; ret
    > 0x00031d58 : pop rbx; ret
    > 0x0005a1eb : pop rcx; ret 0xd
    > 0x000366ba : pop rsi; ret
    > 0x00031c5d : pop rdi; ret
pop pop ret
    > 0x000c5762 : pop r11; ret
    > 0x00031a79 : pop r12; pop r13; ret
    > 0x000366b5 : pop r12; pop r13; pop r14; ret
    > 0x00031c56 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0006acb5 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00040254 : add rsp, 0x18; ret
    > 0x00040254 : add rsp, 0x18; ret
    > 0x0003ec57 : add rsp, 0x28; ret
    > 0x000bdb5e : add rsp, 0x38; ret
    > 0x000bd2b2 : add rsp, 0x58; ret
stack pivoting
    > 0x00032124 : xchg eax, esp; ret
    > 0x0006aaa8 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
    > 0x0006aaa9 : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
    > 0x0009a38b : leave ; ret
write mem
    > 0x000dd543 : add [rcx], edi; ret
    > 0x000bddcd : adc [rdi], eax; ret
    > 0x000d9ebb : add [rax + 0x39], ecx; ret
    > 0x00046a68 : adc [rdi + 0x18], eax; ret
    > 0x000c6def : adc [rdi + 0x78], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact