ROPSHELL 
ropshell> use acaa75aeac37f8dd789104d3fa40137a (download)
name         : libc_64.so (x86_64/ELF)
base address : 0x1f570
total gadgets: 17368

ropshell> suggest "stack pivoting"
> 0x00030d51 : xchg eax, esp; ret
> 0x00039551 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00039552 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000350a9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000350aa : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00102b54 : mov esp, edx; mov rbp, rax; call rax
> 0x000214a8 : xchg esp, esi; add al, [rax]; add [rax - 0x7d], cl; ret
> 0x0006e48d : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00049b68 : movsxd rsp, edx; mov rdx, r12; call [rax + 0x38]
> 0x0006e48e : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0007e5f8 : mov esp, esi; xor edi, edi; mov r13, rdx; call [r15]
> 0x00037103 : lea esp, [rsi + rax]; mov rbx, rax; mov rdi, r12; call r15
> 0x0012b9fd : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rcx; mov r8, [rax + 0x18]; jmp r8
> 0x0013934f : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00134adc : lea esp, [rax - 1]; mov rax, [rbx + 0x70]; mov [rbx + 0x48], r12d; bswap r12d; call [rax + 0x18]
> 0x00041733 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact