ROPSHELL 
ropshell> use fa88665ceec4e37c0780811970d95c70 (download)
name         : chal (x86_64/ELF)
base address : 0x1034540
total gadgets: 2932

ropshell> suggest
call
    > 0x01047b9e : call rax
    > 0x0106f175 : call rbx
    > 0x0106fab6 : call rdx
    > 0x010a1026 : call rdi
    > 0x01035f61 : call [rax]
jmp
    > 0x010c5341 : push rsp; ret
    > 0x01036696 : jmp rax
    > 0x0105b4d6 : jmp rbx
    > 0x0105a78e : jmp rcx
    > 0x01074d74 : jmp rdi
load mem
    > 0x010d3e84 : mov rax, [rdi]; pop rbp; ret
    > 0x010d3e74 : mov eax, [rdi]; pop rbp; ret
    > 0x0108021e : mov rdi, [rcx]; call rax
    > 0x0108021f : mov edi, [rcx]; call rax
    > 0x01037827 : mov ecx, [rsi]; mov [rdi], ecx; pop rbp; ret
load reg
    > 0x010c5cc4 : pop rax; ret
    > 0x0103c673 : pop rcx; ret
    > 0x010cf9ec : pop rdx; ret
    > 0x01034b89 : pop rbp; ret
    > 0x010c9035 : pop rsp; ret
pop pop ret
    > 0x010cd92f : pop r13; ret
    > 0x0104a152 : pop r14; pop rbp; ret
    > 0x01050fbd : pop r14; pop r15; pop rbp; ret
    > 0x01050fbb : pop r12; pop r14; pop r15; pop rbp; ret
    > 0x010738a8 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
stack pivoting
    > 0x0109f584 : xchg rax, rsp; stc ; jmp [rsi - 0x75]
    > 0x010ca500 : xchg eax, esp; cmc ; jmp [rsi + 0xf]
    > 0x010cc998 : leave ; pop rbp; ret
syscall
    > 0x01067787 : syscall ; ret
write mem
    > 0x010c8616 : add [rcx], eax; pop rbp; ret
    > 0x010b93a1 : add [rdx + 0x12], edi; pop rbp; ret
    > 0x0103c6e1 : add [rdi], ecx; test [rdi - 0x17000000], ebx; ret 0
    > 0x010be71a : add [rcx + 0x48d12833], esi; shr eax, cl; pop rbp; ret
    > 0x010c0263 : add [rax + rax], edi; setae al; or al, cl; movzx eax, al; pop rbp; ret

© 2014 - 2019 - Powered by ROPEME | Contact