ROPSHELL 
ropshell> use ddf064f316216d8e1714372b732797a4 (download)
name         : justpwnit (x86_64/ELF)
base address : 0x401010
total gadgets: 416

ropshell> suggest
call
    > 0x0040147a : call rbx
    > 0x00408329 : call rdi
    > 0x00401205 : call [rax + 0x28c48348]; pop rbx; pop rbp; ret
    > 0x00401447 : call [rbx]
    > 0x004050a6 : call [rcx]
jmp
    > 0x0040109f : jmp rax
    > 0x0040446d : jmp rdx
    > 0x004053bd : jmp rbp
    > 0x00407993 : jmp [rbx + 0x40]
    > 0x00401af4 : jmp [rdx]
load mem
    > 0x00406c2e : mov rax, [rsi + 8]; mov [rax], rsi; ret
    > 0x00406c2f : mov eax, [rsi + 8]; mov [rax], rsi; ret
    > 0x004083f5 : mov rax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
    > 0x004083f6 : mov eax, [rbp + 0x50]; mov edx, 1; pop rbp; jmp rax
    > 0x00401cd8 : mov rax, [rdx + 8]; lea rcx, [rax + 8]; mov [rdx + 8], rcx; movsxd rax, [rax]; mov [rdi], rax; ret
load reg
    > 0x0040142b : pop rbx; ret
    > 0x00403d23 : pop rdx; ret
    > 0x004019a3 : pop rsi; ret
    > 0x00401b0d : pop rdi; ret
    > 0x00401123 : pop rbp; ret
pop pop ret
    > 0x004015e3 : pop r12; ret
    > 0x004016e9 : pop r12; pop r13; ret
    > 0x0040199e : pop r12; pop r13; pop r14; ret
    > 0x00401b06 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00407183 : pop rax; pop rbx; pop rbp; pop r12; pop r13; ret
sp lifting
    > 0x00403bf6 : add rsp, 0x18; ret
    > 0x00403bf6 : add rsp, 0x18; ret
    > 0x004038d0 : add rsp, 0x48; ret
stack pivoting
    > 0x0040123b : leave ; ret
syscall
    > 0x00403888 : syscall ; ret
write mem
    > 0x00404678 : add [rsi + 0x74], ebx; or [rax - 1], cl; ret

© 2014 - 2019 - Powered by ROPEME | Contact