ROPSHELL 
ropshell> use e7c8fcbd0a3f87fa008b20e8e36534e7 (download)
name         : static (x86_64/ELF)
base address : 0x401100
total gadgets: 6443

ropshell> suggest
call
    > 0x00401ce2 : call rax
    > 0x0042733b : call rbx
    > 0x00431eff : call rcx
    > 0x00404adf : call rdx
    > 0x004299e1 : call rsi
jmp
    > 0x0043eaa4 : push rsp; ret
    > 0x004016dc : jmp rax
    > 0x004329e3 : jmp rbx
    > 0x00403a3a : jmp rcx
    > 0x00401b7f : jmp rdx
load mem
    > 0x0042f59a : mov eax, [rcx]; ret
    > 0x00450b20 : mov rax, [rdi + 0x68]; ret
    > 0x00450b21 : mov eax, [rdi + 0x68]; ret
    > 0x004209d3 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x0041cfe5 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x0041069c : pop rax; ret
    > 0x0040166f : pop rbx; ret
    > 0x004062d8 : pop rsi; ret
    > 0x00401fe0 : pop rdi; ret
    > 0x00401761 : pop rbp; ret
pop pop ret
    > 0x004023e7 : pop r12; ret
    > 0x00405cc7 : pop r12; pop r13; ret
    > 0x004062d3 : pop r12; pop r13; pop r14; ret
    > 0x00401fd9 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00414448 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00410cde : add rsp, 0x1018; ret
    > 0x00410cde : add rsp, 0x1018; ret
    > 0x004104a6 : add rsp, 0x28; ret
    > 0x00432a5e : add rsp, 0x30; ret
    > 0x0045e88b : add rsp, 0x48; ret
stack pivoting
    > 0x004018c5 : xchg eax, esp; ret
    > 0x0046d109 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0046d10a : mov esp, ecx; pop rcx; jmp rcx
    > 0x00443eb8 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x00443eb9 : mov esp, eax; mov rbp, r9; jmp rdx
syscall
    > 0x00404a12 : syscall ; ret
write mem
    > 0x00461944 : adc [rax], ecx; ret
    > 0x0040d63c : adc [rcx], eax; ret
    > 0x0040f40e : adc [rdi], eax; ret
    > 0x00429f5a : adc [rbx], eax; pop rbx; ret
    > 0x004432a8 : adc [rax + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact