ROPSHELL 
ropshell> use f368514b12955a07b9e3748f75661050 (download)
name         : exploit2.bin (x86_64/ELF)
base address : 0x4011b0
total gadgets: 7260

ropshell> suggest
call
    > 0x0040270e : call rax
    > 0x00450106 : call rbx
    > 0x0049cca6 : call rcx
    > 0x004101fb : call rdx
    > 0x0045845e : call rsi
jmp
    > 0x00425b79 : push rsp; ret
    > 0x00401c28 : jmp rax
    > 0x00408e7d : jmp rbx
    > 0x004029a7 : jmp rcx
    > 0x0040eb31 : jmp rdx
load mem
    > 0x00498d72 : mov eax, [rcx]; ret
    > 0x00421cb4 : mov rax, [rdi + 0x68]; ret
    > 0x00421cb5 : mov eax, [rdi + 0x68]; ret
    > 0x0042c6c3 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x00432df3 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x00451fd7 : pop rax; ret
    > 0x004020cb : pop rbx; ret
    > 0x004017ef : pop rdx; ret
    > 0x0040f30e : pop rsi; ret
    > 0x004018e2 : pop rdi; ret
pop pop ret
    > 0x004031df : pop r12; ret
    > 0x00419d86 : pop r12; pop r13; ret
    > 0x0040f309 : pop r12; pop r13; pop r14; ret
    > 0x004018db : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00403604 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040f551 : add rsp, 0x118; ret
    > 0x0040f551 : add rsp, 0x118; ret
    > 0x004512dd : add rsp, 0x28; ret
    > 0x0048fb82 : add rsp, 0x38; ret
    > 0x00451fd4 : add rsp, 0x58; ret
stack pivoting
    > 0x00404da1 : xchg eax, esp; ret
    > 0x004aec54 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x004aec55 : mov esp, ecx; pop rcx; jmp rcx
    > 0x0049ce2b : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x0049ce2c : mov esp, eax; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0041f5c4 : syscall ; ret
write mem
    > 0x0044e7bc : adc [rbx], eax; ret
    > 0x0047be2b : add [rcx], eax; ret
    > 0x00496ae6 : adc [rax + 0x39], ecx; ret
    > 0x00452ef5 : add [rbx + 0x94901e0], eax; ret
    > 0x0043f6ba : adc [rcx + 7], rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact