ROPSHELL 
ropshell> use fd635dde8a2c5df766008b4cc7a113ec (download)
name         : p3 (x86_64/ELF)
base address : 0x4003c0
total gadgets: 13008

ropshell> suggest "stack pivoting"
> 0x00455d22 : mov rsp, rcx; ret
> 0x0040d225 : xchg eax, esp; ret
> 0x00455d23 : mov esp, ecx; ret
> 0x004d0958 : mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004d0959 : mov esp, eax; mov rbp, r9; jmp rdx
> 0x004d0373 : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x004d0374 : mov esp, ebx; mov rbx, [rsp]; add rsp, 0x30; ret
> 0x00437606 : mov esp, edx; call [rax + 0x30]
> 0x00412d97 : xchg esp, esp; add [rax], al; add [rax - 0x71f0d005], al; ret
> 0x00412d97 : xchg esp, esp; add [rax], al; add [rax - 0x71f0d005], al; ret
> 0x004b97d8 : movsxd rsp, esp; mov rdx, r12; call [rax + 0x38]
> 0x00452897 : push rbx; sbb [rax - 0x75], cl; pop rsp; and al, 8; add rsp, 0x28; ret
> 0x00435d53 : mov esp, esi; mov rbp, rdx; call [rax + 0x30]
> 0x0045710b : lea esp, [rbp - 1]; mov rdx, [rsp]; mov rdi, rbx; mov rsi, [r15 + r12*8 + 0x10]; call rbp
> 0x00400748 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact