ROPSHELL 
ropshell> use fadb3e5e0f0200befcf977d0cccdf983 (download)
name         : pwn (x86_64/ELF)
base address : 0x400390
total gadgets: 8930

ropshell> suggest
call
    > 0x00400b81 : call rax
    > 0x0040c27d : call rbx
    > 0x0040eb9a : call rcx
    > 0x00407f6b : call rdx
    > 0x00408841 : call rsi
jmp
    > 0x004258ca : push rsp; ret
    > 0x00400b05 : jmp rax
    > 0x00480be1 : jmp rbx
    > 0x00406fc7 : jmp rcx
    > 0x0040370f : jmp rdx
load mem
    > 0x00419c80 : mov eax, [rdx]; ret
    > 0x0046ddf7 : mov eax, [rsi]; pop rbx; ret
    > 0x004203a0 : mov rax, [rdi + 0x68]; ret
    > 0x0047ddbc : mov eax, [rsi + 4]; ret
    > 0x004203a1 : mov eax, [rdi + 0x68]; ret
load reg
    > 0x00423f7f : pop rax; ret 0x2c
    > 0x00400e9b : pop rbx; ret
    > 0x0042142b : pop rcx; ret
    > 0x0044c476 : pop rdx; ret
    > 0x004014a4 : pop rsi; ret
pop pop ret
    > 0x0044c475 : pop r10; ret
    > 0x00406727 : pop r12; pop r13; ret
    > 0x0040149f : pop r12; pop r13; pop r14; ret
    > 0x00401f03 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040b743 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00401825 : add rsp, 0x18; ret
    > 0x00401825 : add rsp, 0x18; ret
    > 0x00491bd0 : add rsp, 0x28; ret
    > 0x00482375 : add rsp, 0x38; ret
    > 0x00402f28 : add rsp, 0x48; ret
stack pivoting
    > 0x004a636d : mov rsp, rcx; ret
    > 0x004018eb : xchg eax, esp; ret
    > 0x004a636e : mov esp, ecx; ret
    > 0x0047515c : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x00422924 : xchg edi, esp; add al, 0; add dh, dh; ret
syscall
    > 0x00471115 : syscall ; ret
write mem
    > 0x0042f741 : add [rax], edi; ret
    > 0x00444971 : add [rax + 0x28d4802], ecx; ret
    > 0x0043f6c6 : adc [rcx + 7], rdi; ret
    > 0x0043f6c7 : adc [rcx + 7], edi; ret
    > 0x00447a5e : adc [rsi + 3], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact