ROPSHELL 
ropshell> use e6fd50af1a7bf70228eb67c5f325570c (download)
name         : libc-2.32-11.mga8.x86_64_2.so (x86_64/ELF)
base address : 0x26330
total gadgets: 18180

ropshell> suggest "stack pivoting"
> 0x000492d6 : xchg eax, esp; ret
> 0x0007b264 : mov esp, eax; mov rax, r12; pop r12; ret
> 0x000c399d : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x000fc5aa : mov esp, edi; jmp [rsi + 0xf]
> 0x000c399e : lea esp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret
> 0x0003b2c9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0008b1d3 : mov esp, ebx; or al, [rax]; cmovne rax, rdx; ret
> 0x0007b271 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret
> 0x000c595c : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00064cec : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x0008f28a : xchg ebp, esp; add [rax], al; add [rax + 0x29], cl; ret
> 0x0003c604 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x000f92ed : xchg edi, esp; or eax, [rax]; add [rdx + rax*2], 1; ret
> 0x0011cb05 : mov esp, esp; lea rsi, [rsp + 8]; call [rax]
> 0x0011a43d : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, r8; mov rax, [rax + 0x18]; jmp rax
> 0x0011c5cc : lea esp, [rax + 0x23b0]; xor esi, esi; mov [rax + 0x23b0], 1; mov rax, [rax + 0x23b8]; mov rdi, r12; call [rax + 0x28]
> 0x0004b8f7 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact