ROPSHELL 
ropshell> use 6edf309082f48bd688b0ea5e6cacd6d6 (download)
name         : ld-2.31-0ubuntu9.so.2 (x86_64/ELF)
base address : 0x1100
total gadgets: 1599

ropshell> suggest
call
    > 0x000022b0 : call rax
    > 0x000182f1 : call rbx
    > 0x00005e37 : call rcx
    > 0x00005105 : call rdx
    > 0x00011869 : call rsi
jmp
    > 0x000026e9 : jmp rax
    > 0x000182c5 : jmp rbx
    > 0x00003fcd : jmp rcx
    > 0x00002e10 : jmp rdx
    > 0x00001145 : jmp rsp
load mem
    > 0x00012c32 : mov eax, [rcx]; ret
    > 0x000209a3 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x00022824 : movzx edx, [rsi]; sub eax, edx; ret
    > 0x0001ab22 : mov rdi, [rbp]; call rax
    > 0x00023325 : movzx ecx, [rsi]; mov [rdi], cl; ret
load reg
    > 0x000011b4 : pop rbx; ret
    > 0x000097c8 : pop rsi; ret
    > 0x00002518 : pop rdi; ret
    > 0x00001888 : pop rbp; ret
    > 0x0000143a : pop rsp; ret
pop pop ret
    > 0x00001439 : pop r12; ret
    > 0x0000670f : pop r12; pop r13; ret
    > 0x000097c3 : pop r12; pop r13; pop r14; ret
    > 0x00002511 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00001880 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0001e772 : add rsp, 0x98; ret
    > 0x0001acff : add rsp, 0x48; jmp [rax]
    > 0x0001ac7d : add rsp, 0x58; jmp [rax]
stack pivoting
    > 0x00004058 : xchg eax, esp; ret
    > 0x0001ad4c : mov rsp, rbp; pop rbp; ret
    > 0x0001ad4d : mov esp, ebp; pop rbp; ret
    > 0x00001141 : mov rsp, r13; jmp r12
    > 0x0000904f : lea esp, [rdx + 0x39480001]; ret
syscall
    > 0x0001f249 : syscall ; ret
write mem
    > 0x000234ce : adc [rbx], eax; ret
    > 0x0000e306 : adc [rax + 0x39], ecx; ret
    > 0x0001c53b : adc [rcx], eax; add bh, dh; ret 0
    > 0x0001e907 : adc [rbx + 0x38], eax; pop rbx; ret
    > 0x0002330c : adc [rdi], eax; movups xmm[rdi + rdx - 0x10], xmm1; ret

© 2014 - 2019 - Powered by ROPEME | Contact