ROPSHELL 
ropshell> use 1df4ce32afb2f7897a554b9cbe432382 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x263c0
total gadgets: 16124

ropshell> suggest
call
    > 0x000276c8 : call rax
    > 0x0002cf6e : call rbx
    > 0x000277aa : call rcx
    > 0x0008570f : call rdx
    > 0x00028577 : call rsi
jmp
    > 0x00033654 : push rsp; ret
    > 0x000279d3 : jmp rax
    > 0x00082365 : jmp rbx
    > 0x000335e8 : jmp rcx
    > 0x0003c33e : jmp rdx
load mem
    > 0x00076bdc : mov eax, [rdx]; ret
    > 0x000cf560 : mov eax, [rdi]; ret
    > 0x000835e0 : mov rax, [rdi + 0x68]; ret
    > 0x000ee101 : mov eax, [rdx + 8]; ret
    > 0x00130d60 : mov eax, [rdi + 0x20]; ret
load reg
    > 0x0003f587 : pop rax; ret
    > 0x00031e2d : pop rbx; ret
    > 0x00036bbb : pop rcx; ret
    > 0x000fd6bd : pop rdx; ret
    > 0x00029419 : pop rsi; ret
pop pop ret
    > 0x000278e9 : pop r12; ret
    > 0x00029cae : pop r12; pop r13; ret
    > 0x0010318f : pop r11; pop rbp; pop r12; ret
    > 0x00027c5e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x001004ac : pop r11; pop rbp; pop r12; pop r13; pop r14; ret
sp lifting
    > 0x001039ce : add rsp, 0x1018; ret
    > 0x001039ce : add rsp, 0x1018; ret
    > 0x001298a8 : add rsp, 0x218; ret
    > 0x00051efd : add rsp, 0x38; ret
    > 0x0010c867 : add rsp, 0x40; ret
stack pivoting
    > 0x0003ec2e : xchg eax, esp; ret
    > 0x0003c338 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x000d204a : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x000ddc6f : xchg esp, esi; jmp [rsi + 0x66]
    > 0x0014fb73 : xchg esp, edi; jmp [rsi + 0x2e]
syscall
    > 0x000853b2 : syscall ; ret
write mem
    > 0x00078544 : adc [rax], ecx; ret
    > 0x000a227c : adc [rcx], eax; ret
    > 0x00086885 : add [rcx], edi; ret
    > 0x0003b63c : adc [rdx], ecx; ret
    > 0x0008f26b : add [rdi], rax; ret

© 2014 - 2019 - Powered by ROPEME | Contact