ROPSHELL 
ropshell> use 6afcde298e20c45f79b44cc23f7bb017 (download)
name         : paycalc (x86_64/ELF)
base address : 0x4003b0
total gadgets: 8711

ropshell> suggest
call
    > 0x00402731 : call rax
    > 0x004061cd : call rbx
    > 0x0040a8a3 : call rcx
    > 0x004116fa : call rdx
    > 0x00441a4f : call rsi
jmp
    > 0x00413704 : push rsp; ret
    > 0x004026c7 : jmp rax
    > 0x00470faf : jmp rbx
    > 0x004254c4 : jmp rcx
    > 0x00402707 : jmp rdx
load mem
    > 0x0046e7ab : mov eax, [rdx]; ret
    > 0x0045f632 : mov eax, [rsi]; pop rbx; ret
    > 0x0040f9b0 : mov rax, [rdi + 0x68]; ret
    > 0x0040f9b1 : mov eax, [rdi + 0x68]; ret
    > 0x00496d6b : mov rax, [rdx]; add rsp, 8; ret
load reg
    > 0x004721d8 : pop rax; ret
    > 0x00400e86 : pop rbx; ret
    > 0x0043e345 : pop rdx; ret
    > 0x004040df : pop rsi; ret
    > 0x00400645 : pop rdi; ret
pop pop ret
    > 0x0043e344 : pop r10; ret
    > 0x0040101c : pop r12; pop r13; ret
    > 0x004040da : pop r12; pop r13; pop r14; ret
    > 0x0040063e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004017c2 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00417000 : add rsp, 0x18; ret
    > 0x00417000 : add rsp, 0x18; ret
    > 0x00465caa : add rsp, 0x28; ret
    > 0x00471402 : add rsp, 0x30; ret
    > 0x00472145 : add rsp, 0x48; ret
stack pivoting
    > 0x00496550 : mov rsp, rcx; ret
    > 0x004014eb : xchg eax, esp; ret
    > 0x00496551 : mov esp, ecx; ret
    > 0x00472878 : mov rsp, r8; mov rbp, r9; jmp rdx
    > 0x0046614f : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x00462275 : syscall ; ret
write mem
    > 0x0047f87d : add [rcx], edi; ret
    > 0x0041c02b : adc [rax + 0x39], ecx; ret
    > 0x0043a013 : add [rbp + 0x39], ecx; ret
    > 0x0042fd24 : add [rdx + 0x48028801], ecx; mov eax, edi; ret
    > 0x00455a61 : add [rcx], ebx; jmp [rsi - 0x3f]

© 2014 - 2019 - Powered by ROPEME | Contact