ROPSHELL 
ropshell> use e7c8fcbd0a3f87fa008b20e8e36534e7 (download)
name         : static (x86_64/ELF)
base address : 0x401100
total gadgets: 6443

ropshell> suggest "stack pivoting"
> 0x004018c5 : xchg eax, esp; ret
> 0x0046d109 : mov rsp, rcx; pop rcx; jmp rcx
> 0x0046d10a : mov esp, ecx; pop rcx; jmp rcx
> 0x00443eb8 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00443eb9 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x00432a57 : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x0042b510 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00432a58 : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x0042b511 : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0044485d : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x0040d465 : xchg ebx, esp; add [rax], al; add [rdi], cl; adc [rsi + rdx - 0x10], cl; movups xmm[rdi], xmm0; movups xmm[rdi + rdx - 0x10], xmm1; ret
> 0x0046d871 : lea esp, [rbx + rax + 8]; mov [rsp + 0x18], r9; mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x00401807 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact