ROPSHELL 
ropshell> use f688b13e6d1f5845fd77eae4cf2cd040 (download)
name         : libc.so_x64 (x86_64/ELF)
base address : 0x28400
total gadgets: 16296

ropshell> suggest
call
    > 0x00029ca6 : call rax
    > 0x0002f8ce : call rbx
    > 0x00037b2b : call rcx
    > 0x00038091 : call rdx
    > 0x00029d3d : call rsi
jmp
    > 0x000360ee : push rsp; ret
    > 0x00029ec3 : jmp rax
    > 0x000c1b7d : jmp rbx
    > 0x000360c6 : jmp rcx
    > 0x0003d522 : jmp rdx
load mem
    > 0x0008168c : mov eax, [rdx]; ret
    > 0x000dc7b0 : mov eax, [rdi]; ret
    > 0x0008e170 : mov rax, [rdi + 0x68]; ret
    > 0x00139511 : mov eax, [rdx + 8]; ret
    > 0x00130230 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x00043c23 : pop rax; ret
    > 0x0002a9bf : pop rbx; ret
    > 0x001231f2 : pop rdx; ret 0xc
    > 0x0002baa9 : pop rsi; ret
    > 0x0002a145 : pop rdi; ret
pop pop ret
    > 0x000285d7 : pop r12; ret
    > 0x0003c732 : pop r12; pop r13; ret
    > 0x0010634f : pop r11; pop rbp; pop r12; ret
    > 0x0002a13e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0002a335 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0010796c : add rsp, 0x1018; ret
    > 0x0010796c : add rsp, 0x1018; ret
    > 0x00128998 : add rsp, 0x218; ret
    > 0x00044206 : add rsp, 0x38; ret
    > 0x00113d17 : add rsp, 0x40; ret
stack pivoting
    > 0x00042506 : xchg eax, esp; ret
    > 0x0003fb88 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x0010d424 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x001543a1 : xchg esp, edi; jmp [rsi + 0x66]
    > 0x0003fb89 : mov esp, eax; mov rbp, r9; jmp rdx
syscall
    > 0x0008fef2 : syscall ; ret
    > 0x00088907 : int 0x80; cmp esi, 2; cmove eax, ecx; mov [rdi], eax; mov eax, edx; ret
write mem
    > 0x000ae0fc : adc [rcx], eax; ret
    > 0x0005e1cd : add [rcx], edi; ret
    > 0x001009bf : add [rcx], ebp; ret
    > 0x0003f56c : adc [rdx], ecx; ret
    > 0x00099c8b : add [rdi], rax; ret

© 2014 - 2019 - Powered by ROPEME | Contact