ROPSHELL 
ropshell> use aeba656383c3f8dde0efcad170dfd369 (download)
name         : twoplustwo (x86_64/ELF)
base address : 0x3750
total gadgets: 3008

ropshell> suggest
call
    > 0x0000bd88 : call rax
    > 0x0002e6db : call rbx
    > 0x00064065 : call rcx
    > 0x00003928 : call rdx
    > 0x0002f937 : call rsi
jmp
    > 0x000037a4 : jmp rax
    > 0x000631fb : jmp rcx
    > 0x00063908 : push rsp; cld ; stc ; dec ecx; ret
    > 0x0000588c : jmp [rax]
    > 0x00012971 : jmp [rbx]
load mem
    > 0x0001282d : mov eax, [rdx + rax]; pop rbp; ret
    > 0x00005172 : mov rdx, [rax]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
    > 0x00005173 : mov edx, [rax]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
    > 0x000309d2 : mov rdx, [rax + 8]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
    > 0x000309d3 : mov edx, [rax + 8]; mov rax, [rbp - 8]; mov [rax], rdx; nop ; pop rbp; ret
load reg
    > 0x0006a3d3 : pop rdi; ret
    > 0x000037b0 : pop rbp; ret
    > 0x00014ab6 : pop rsp; ret 1
    > 0x0006a3d2 : pop r15; ret
    > 0x0001dd20 : pop rax; fmul st(1); ret
pop pop ret
    > 0x0006a3d2 : pop r15; ret
    > 0x00005033 : pop r12; pop rbp; ret
    > 0x0000515b : pop r12; pop r13; pop rbp; ret
    > 0x0006a3cc : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0006a3cb : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
stack pivoting
    > 0x0003dfd8 : xchg eax, esp; idiv bh; dec ecx; ret
    > 0x000038ca : leave ; ret
write mem
    > 0x0002fd0b : add [rbx + 0x7e03f47d], eax; ret
    > 0x0001da9c : add [rcx + 0x5df87df7], ebx; ret
    > 0x00031acf : add [rax + 0xb8], edx; add cl, cl; ret
    > 0x0002a500 : add [rcx], eax; add [rax + 0x39], cl; ret
    > 0x00050326 : add [rax], edx; cld ; jmp [rsi + 0x48]

© 2014 - 2019 - Powered by ROPEME | Contact