ROPSHELL 
ropshell> use 8495d453d5b3d09a9b38750c50289555 (download)
name         : libc_ (x86_64/ELF)
base address : 0x1f9c0
total gadgets: 18589

ropshell> suggest "stack pivoting"
> 0x00027550 : xchg eax, esp; ret
> 0x00103054 : mov esp, edx; call rbp
> 0x00039bb1 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00039bb2 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00035659 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0006e55e : push rsi; adc al, -5; dec [rcx + 0x415d5be8]; pop rsp; ret
> 0x0003565a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00102374 : xchg edi, esp; add [rax], al; add [rax - 0x7d], cl; ret
> 0x0006e2ad : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0006e2ae : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00037675 : lea esp, [rsi + rbx]; mov rdi, r12; call r15
> 0x0012d1ed : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x000bba75 : mov esp, esi; and r12, rbp; and r12d, 1; add r12, rax; mov [rsp + 0xa8], r12; call r15
> 0x0013b67f : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00153d05 : xchg esp, ebp; add eax, [rax]; movsxd rdx, [r11 + rdx*4]; lea rdx, [r11 + rdx]; jmp rdx
> 0x0014e089 : push rbx; pop rsp; add al, [rax]; mov ecx, [rdx + rcx*4]; mov eax, [rdx + rax*4]; sub eax, ecx; ret
> 0x000424d5 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact