ROPSHELL 
ropshell> use 0d8349b94bfb02ba6e57abdfe8be0aed (download)
name         : ch34 (x86_64/RAW)
base address : 0x0
total gadgets: 9349

ropshell> suggest
call
    > 0x00001011 : call rax
    > 0x000027b9 : call rbx
    > 0x0000520b : call rcx
    > 0x0001096a : call rdx
    > 0x0003a8ff : call rsi
jmp
    > 0x00012974 : push rsp; ret
    > 0x00000fa7 : jmp rax
    > 0x0006a25f : jmp rbx
    > 0x000243f4 : jmp rcx
    > 0x00000fe7 : jmp rdx
load mem
    > 0x00067a5b : mov eax, [rdx]; ret
    > 0x000ad766 : mov edi, [rdx]; ret
    > 0x000588e2 : mov eax, [rsi]; pop rbx; ret
    > 0x0000ec20 : mov rax, [rdi + 0x68]; ret
    > 0x0000ec21 : mov eax, [rdi + 0x68]; ret
load reg
    > 0x0004d2b4 : pop rax; ret
    > 0x000084c2 : pop rbx; ret
    > 0x000b81a7 : pop rcx; ret
    > 0x00037205 : pop rdx; ret
    > 0x000017e7 : pop rsi; ret
pop pop ret
    > 0x00037204 : pop r10; ret
    > 0x00001a2d : pop r12; pop r13; ret
    > 0x000017e2 : pop r12; pop r13; pop r14; ret
    > 0x000016cc : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00000656 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00016270 : add rsp, 0x18; ret
    > 0x00016270 : add rsp, 0x18; ret
    > 0x0005ef5a : add rsp, 0x28; ret
    > 0x0006a6b2 : add rsp, 0x30; ret
    > 0x0006b3f5 : add rsp, 0x48; ret
stack pivoting
    > 0x0008f800 : mov rsp, rcx; ret
    > 0x0000037f : xchg eax, esp; ret
    > 0x0008f801 : mov esp, ecx; ret
    > 0x0006bb28 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x0005f3ff : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x0005b525 : syscall ; ret
write mem
    > 0x000bf42a : add [rbx], eax; ret
    > 0x00078b2d : add [rcx], edi; ret
    > 0x000b84e0 : add [rdx], ecx; ret
    > 0x0001b05b : adc [rax + 0x39], ecx; ret
    > 0x00032ed3 : add [rbp + 0x39], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact