ROPSHELL 
ropshell> use 31a8f77a2292eeafa644390253bd6898 (download)
name         : utox (x86_64/ELF)
base address : 0x16e80
total gadgets: 2989

ropshell> suggest
call
    > 0x000185d1 : call rax
    > 0x0002010b : call rcx
    > 0x0003e134 : call rdx
    > 0x000412a4 : call rsi
    > 0x000421c2 : call rsp
jmp
    > 0x00017c0f : jmp rax
    > 0x000316e4 : jmp rbx
    > 0x00021973 : jmp rdx
    > 0x0005148e : jmp rdi
    > 0x0003d49d : jmp rsp
load mem
    > 0x000408eb : mov rdx, [rax + 8]; mov rax, [rax]; ret
    > 0x000185cd : mov rdi, [rbx + 0x28]; call rax
    > 0x000408ec : mov edx, [rax + 8]; mov rax, [rax]; ret
    > 0x000185ce : mov edi, [rbx + 0x28]; call rax
    > 0x0004232c : mov rdi, [r13]; call [r15]
load reg
    > 0x0004a08e : pop rax; ret
    > 0x0004a68d : pop rcx; ret
    > 0x0004973f : pop rsi; ret
    > 0x00017aa2 : pop rbp; ret
    > 0x00017f72 : pop rsp; ret
pop pop ret
    > 0x0004a08e : pop rax; ret
    > 0x000186a6 : pop r12; pop rbp; ret
    > 0x00017e61 : pop r12; pop r13; pop rbp; ret
    > 0x00018ba4 : pop r12; pop r13; pop r14; pop rbp; ret
    > 0x00017a9a : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
stack pivoting
    > 0x0002e000 : xchg eax, esp; ret
    > 0x0002325e : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x0002325f : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x000363da : push rdx; pop rsp; sldt [rbx + 0x2d7f06f8]; mov eax, 1; pop rbp; ret
    > 0x00047378 : mov esp, eax; mov rdi, rax; call [r14]
syscall
    > 0x0007b43a : syscall ; add [rbp + rcx*4 + 0x25], cl; ret 2
write mem
    > 0x000183a9 : add [rax + 0x39], ecx; ret
    > 0x0003ed92 : adc [rdi + 0x50], eax; ret
    > 0x000509db : add [rbp + 0x39], eax; ret
    > 0x0004977a : adc [rcx + 0x50], eax; mov eax, edi; ret
    > 0x00029382 : add [rbx + 0x48], eax; pop rbx; pop r12; pop rbp; ret

© 2014 - 2019 - Powered by ROPEME | Contact