ROPSHELL 
ropshell> use fd635dde8a2c5df766008b4cc7a113ec (download)
name         : p3 (x86_64/ELF)
base address : 0x4003c0
total gadgets: 13008

ropshell> suggest
call
    > 0x0040062c : call rax
    > 0x0040f175 : call rbx
    > 0x004700b2 : call rdx
    > 0x0040408b : call rsi
    > 0x00443ff9 : call rdi
jmp
    > 0x004c921e : push rsp; ret
    > 0x00400667 : jmp rax
    > 0x004cff1f : jmp rbx
    > 0x004017c4 : jmp rcx
    > 0x004006a7 : jmp rdx
load mem
    > 0x0040ecb0 : mov rax, [rsi]; ret
    > 0x0043e9a0 : mov rax, [rdi]; ret
    > 0x004ce220 : mov eax, [rdx]; ret
    > 0x0040ecb1 : mov eax, [rsi]; ret
    > 0x0043e9a1 : mov eax, [rdi]; ret
load reg
    > 0x00400f09 : pop rax; ret
    > 0x00400a13 : pop rbx; ret
    > 0x004a20d5 : pop rdx; ret
    > 0x00402f42 : pop rsi; ret
    > 0x00401b1c : pop rdi; ret
pop pop ret
    > 0x004a20d4 : pop r10; ret
    > 0x00401992 : pop r12; pop r13; ret
    > 0x00402f3d : pop r12; pop r13; pop r14; ret
    > 0x00401b15 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00416593 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0041a7a5 : add rsp, 0x108; ret
    > 0x0041a7a5 : add rsp, 0x108; ret
    > 0x0046d691 : add rsp, 0x20; ret
    > 0x004d037a : add rsp, 0x30; ret
    > 0x00403c4a : add rsp, 0x48; ret
stack pivoting
    > 0x00455d22 : mov rsp, rcx; ret
    > 0x0040d225 : xchg eax, esp; ret
    > 0x00455d23 : mov esp, ecx; ret
    > 0x004d0958 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x004d0959 : mov esp, eax; mov rbp, r9; jmp rdx
syscall
    > 0x0049eea5 : syscall ; ret
write mem
    > 0x004009ac : add [rsi], ecx; pop rbp; ret
    > 0x0042f3ef : add [rax + 0x39], ecx; ret
    > 0x004034b3 : add [rdi + 0x10], rsi; ret
    > 0x004034b4 : add [rdi + 0x10], esi; ret
    > 0x004611ac : add [rbp + 0x38], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact