ROPSHELL 
ropshell> use f4b11cd1870e77dc8d5cde6d8704c449 (download)
name         : step5_2 (x86_64/ELF)
base address : 0x400390
total gadgets: 8345

ropshell> suggest "load reg"
> 0x004013d5 : pop rbx; ret
> 0x004708db : pop rcx; ret
> 0x00443b46 : pop rdx; ret
> 0x00401cb7 : pop rsi; ret
> 0x00401b85 : pop rdi; ret
> 0x004004d1 : pop rbp; ret
> 0x0040060b : pop rsp; ret
> 0x00443b45 : pop r10; ret
> 0x0040060a : pop r12; ret
> 0x00406088 : pop r13; ret
> 0x00401cb6 : pop r14; ret
> 0x00401b95 : pop r15; ret
> 0x004811e6 : pop rax; pop rdx; pop rbx; ret
> 0x004198e1 : pop r8; mov [rdi + 4], eax; ret
> 0x0049d205 : mov rax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x0049d206 : mov eax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x004417b0 : mov edi, [rsp]; call rbx
> 0x0041f4d8 : mov rdx, [rsp + 0x68]; call rax
> 0x0041f1d0 : mov rsi, [rsp + 0x48]; call rax
> 0x00448390 : mov rdi, [rsp + 0x10]; call r12
> 0x0047c17c : mov r9, [rsp + 0x30]; call r9
> 0x0047c17d : mov ecx, [rsp + 0x30]; call r9
> 0x0041f4d9 : mov edx, [rsp + 0x68]; call rax
> 0x0041f1d1 : mov esi, [rsp + 0x48]; call rax
> 0x00481156 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x004510c3 : mov rbp, [rsp + 0x10]; nop [rax + rax]; mov rsi, r14; mov rdi, r13; mov rdx, rbp; call r15
> 0x004510c4 : mov ebp, [rsp + 0x10]; nop [rax + rax]; mov rsi, r14; mov rdi, r13; mov rdx, rbp; call r15
> 0x0048114c : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0048114d : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00481147 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]

© 2014 - 2019 - Powered by ROPEME | Contact