ROPSHELL 
ropshell> use ee570d67dee756672c70a13e2e2099dd (download)
name         : poc-64 (x86_64/ELF)
base address : 0x4003b0
total gadgets: 7845

ropshell> suggest
call
    > 0x00400ada : call rax
    > 0x00436a15 : call rbx
    > 0x00411409 : call rcx
    > 0x00406f9e : call rdx
    > 0x00436d95 : call rsi
jmp
    > 0x00400a15 : jmp rax
    > 0x00464702 : jmp rbx
    > 0x00421a84 : jmp rcx
    > 0x004156ba : jmp rdx
    > 0x0044ed2b : jmp rbp
load mem
    > 0x0040a4b0 : movzx eax, [rdx]; ret
    > 0x00461caa : mov eax, [rsi]; ret
    > 0x004876c7 : mov rax, [rsi + 0x10]; ret
    > 0x0040e850 : mov rax, [rdi + 0x68]; ret
    > 0x004876c8 : mov eax, [rsi + 0x10]; ret
load reg
    > 0x0043318c : pop rax; ret
    > 0x00400f25 : pop rbx; ret
    > 0x00434df5 : pop rdx; ret
    > 0x004016c7 : pop rsi; ret
    > 0x004005c5 : pop rdi; ret
pop pop ret
    > 0x00434df4 : pop r10; ret
    > 0x00401b5b : pop r12; pop r13; ret
    > 0x004016c2 : pop r12; pop r13; pop r14; ret
    > 0x004005be : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00401d64 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004554b9 : add rsp, 0x100; ret
    > 0x004554b9 : add rsp, 0x100; ret
    > 0x00432e9f : add rsp, 0x28; ret
    > 0x00441e25 : add rsp, 0x38; ret
    > 0x00433189 : add rsp, 0x58; ret
stack pivoting
    > 0x0048715d : mov rsp, rcx; ret
    > 0x00472b88 : xchg eax, esp; ret
    > 0x0048715e : mov esp, ecx; ret
    > 0x00433c77 : mov esp, edx; call rbp
    > 0x00466748 : mov rsp, r8; mov rbp, r9; jmp rdx
syscall
    > 0x00400ae9 : syscall ; ret
write mem
    > 0x0041a11c : add [rax], r8; ret
    > 0x0041a888 : adc [rbx], eax; ret
    > 0x0042de21 : add [rax + 0x28d4802], ecx; ret
    > 0x00428b76 : adc [rcx + 7], rdi; ret
    > 0x00428b77 : adc [rcx + 7], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact