ROPSHELL 
ropshell> use f5649a8f4b0e911d10fe25d75a5ed54a (download)
name         : calicovision (x86_64/ELF)
base address : 0x401120
total gadgets: 19121

ropshell> suggest "stack pivoting"
> 0x004a4314 : mov rsp, rcx; ret
> 0x0042a0ee : xchg eax, esp; ret
> 0x004a4315 : mov esp, ecx; ret
> 0x0054e184 : mov esp, eax; mov rax, r12; pop r12; ret
> 0x0051cab8 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046ccd6 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0046ccd7 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00443feb : mov esp, edx; call [rax + 0x30]
> 0x0042df46 : mov esp, edi; call [rax + 0x18]
> 0x0054e191 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret
> 0x00430268 : mov esp, esp; call [rax + 0x10]
> 0x0051e0fd : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38]
> 0x004da22a : xchg ebp, esp; add [rax], al; add [rax + 0x29], cl; ret
> 0x00453572 : mov esp, esi; mov esi, 0xa; call [rax + 0x50]
> 0x0051ceb4 : lea esp, [rcx + rax]; mov rdi, r12; call rbx
> 0x004303d8 : lea esp, [rsp + 0x10]; call [rax + 0x10]
> 0x0041e0e9 : push rbp; sub [rax - 0x77], cl; xor [r13 + 0x41], r11b; pop rsp; pop r13; ret
> 0x0048428e : lea esp, [rsi*4]; mov rdi, r13; lea rbp, [r14 + 1]; lea r15, [rbx + r12]; mov esi, [r15]; call [rax + 0x60]
> 0x004a4157 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact