ROPSHELL 
ropshell> use f5649a8f4b0e911d10fe25d75a5ed54a (download)
name         : calicovision (x86_64/ELF)
base address : 0x401120
total gadgets: 19121

ropshell> suggest "load reg"
> 0x0041e7b6 : pop rax; ret
> 0x004060a7 : pop rbx; ret
> 0x00448263 : pop rcx; ret 5
> 0x0040415b : pop rdx; ret
> 0x004082b0 : pop rsi; ret
> 0x00404b2e : pop rdi; ret
> 0x004041b8 : pop rbp; ret
> 0x004045f4 : pop rsp; ret
> 0x004045f3 : pop r12; ret
> 0x004041b7 : pop r13; ret
> 0x004082af : pop r14; ret
> 0x00404b2d : pop r15; ret
> 0x005560b8 : mov rax, [rsp]; add rsp, 0x38; ret
> 0x005560b9 : mov eax, [rsp]; add rsp, 0x38; ret
> 0x0046e20f : pop r8; mov [rbx + 0x48], rax; pop rbx; ret
> 0x0047e633 : mov rcx, [rsp + 0x18]; call rax
> 0x0052ffe2 : mov rsi, [rsp + 0x18]; call rbx
> 0x0051c7a6 : mov rdi, [rsp + 0x18]; call rax
> 0x00458693 : mov r9, [rsp + 0x18]; call rax
> 0x00458694 : mov ecx, [rsp + 0x18]; call rax
> 0x0052ffe3 : mov esi, [rsp + 0x18]; call rbx
> 0x0051c7a7 : mov edi, [rsp + 0x18]; call rax
> 0x00466ae8 : mov r12, [rsp]; call [rax + 0x48]
> 0x004a60d9 : mov edx, [rsp]; mov rdi, r13; call rbp
> 0x00466ae9 : mov esp, [rsp]; call [rax + 0x48]
> 0x0041154f : mov rdx, [rsp + 0x30]; mov [rdx], rcx; add rsp, 0x20; ret
> 0x0044c8c4 : pop r9; mov [rbx + 0xe0], al; mov [rbx + 0xe1], 1; add rsp, 8; pop rbx; pop rbp; ret
> 0x0049b299 : mov r8, [rsp + 0x90]; mov rax, [rdi]; mov rcx, [rsp + 0x18]; call [rax + 0x40]
> 0x00540fcc : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00540fcd : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00540fc7 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact