ROPSHELL 
ropshell> use f4b11cd1870e77dc8d5cde6d8704c449 (download)
name         : step5_2 (x86_64/ELF)
base address : 0x400390
total gadgets: 8345

ropshell> suggest
call
    > 0x00400961 : call rax
    > 0x0040330d : call rbx
    > 0x00405c2a : call rcx
    > 0x0040f37e : call rdx
    > 0x004028fd : call rsi
jmp
    > 0x0041ce5a : push rsp; ret
    > 0x004008e5 : jmp rax
    > 0x0047f742 : jmp rbx
    > 0x0042164e : jmp rcx
    > 0x004226ca : jmp rdx
load mem
    > 0x00410fd0 : mov eax, [rdx]; ret
    > 0x0046cab7 : mov eax, [rsi]; pop rbx; ret
    > 0x00417930 : mov rax, [rdi + 0x68]; ret
    > 0x0047cb1c : mov eax, [rsi + 4]; ret
    > 0x00417931 : mov eax, [rdi + 0x68]; ret
load reg
    > 0x004013d5 : pop rbx; ret
    > 0x004708db : pop rcx; ret
    > 0x00443b46 : pop rdx; ret
    > 0x00401cb7 : pop rsi; ret
    > 0x00401b85 : pop rdi; ret
pop pop ret
    > 0x00443b45 : pop r10; ret
    > 0x00406086 : pop r12; pop r13; ret
    > 0x00401cb2 : pop r12; pop r13; pop r14; ret
    > 0x00401b8f : pop r12; pop r13; pop r14; pop r15; ret
    > 0x004027d3 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004405df : add rsp, 0x18; ret
    > 0x004405df : add rsp, 0x18; ret
    > 0x0049a5a0 : add rsp, 0x28; ret
    > 0x004812d5 : add rsp, 0x38; ret
    > 0x00481367 : add rsp, 0x48; ret
stack pivoting
    > 0x0049d4ad : mov rsp, rcx; ret
    > 0x00459ad4 : xchg eax, esp; ret
    > 0x0049d4ae : mov esp, ecx; ret
    > 0x00473f2c : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x00419eb4 : xchg edi, esp; add al, 0; add dh, dh; ret
syscall
    > 0x0043fd35 : syscall ; ret
write mem
    > 0x00426ef1 : add [rax], edi; ret
    > 0x0043c121 : add [rax + 0x28d4802], ecx; ret
    > 0x00436e76 : adc [rcx + 7], rdi; ret
    > 0x00436e77 : adc [rcx + 7], edi; ret
    > 0x0043f20e : adc [rsi + 3], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact