ROPSHELL 
ropshell> use df39eff853dd31eec9cf2e34b653ab46 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x267c0
total gadgets: 15319

ropshell> suggest "stack pivoting"
> 0x0005b680 : mov rsp, rdx; ret
> 0x000453ee : xchg eax, esp; ret
> 0x0005b681 : mov esp, edx; ret
> 0x000e9212 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000e9213 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00042797 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00042798 : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00162c9f : lea esp, [rdx - 3]; jmp [rsi + 0x2e]
> 0x00099abf : xchg esp, eax; add [rax], eax; add [rbx - 0x7bf08f1e], al; ret
> 0x00046a4e : mov esp, edi; mov rax, [rsp]; add r15, r14; call rax
> 0x00163ec5 : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x000473f5 : lea esp, [rcx + rdi]; mov r14, rdi; mov rdi, r12; call rbx
> 0x00161440 : push rax; pop rsp; lea rsi, [rax + 0x48]; mov rax, [rdi + 8]; jmp [rax + 0x18]
> 0x00081e09 : xchg edx, esp; add [rax], al; add [rcx + rcx*4 - 0x1e], cl; mov rsi, rbp; mov rdi, rbx; call [r13 + 0x38]
> 0x0008f13d : xchg esp, esi; add [rax], al; add [rcx + rcx*4 - 6], cl; mov rsi, r13; mov rdi, rbx; call [rax + 0x78]
> 0x00157e58 : lea esp, [rsp + 0x58]; mov [rsp + 0x10], r8; xor edx, edx; mov rsi, rbp; mov rcx, r12; mov rdi, r14; call rbx
> 0x00057577 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact