ROPSHELL 
ropshell> use f4b11cd1870e77dc8d5cde6d8704c449 (download)
name         : step5_2 (x86_64/ELF)
base address : 0x400390
total gadgets: 8345

ropshell> suggest "stack pivoting"
> 0x0049d4ad : mov rsp, rcx; ret
> 0x00459ad4 : xchg eax, esp; ret
> 0x0049d4ae : mov esp, ecx; ret
> 0x00473f2c : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00419eb4 : xchg edi, esp; add al, 0; add dh, dh; ret
> 0x00473f2d : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00481609 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0048160a : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00441254 : mov esp, edx; mov rbp, rax; call rax
> 0x0041004d : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0041004e : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x00450b0b : lea esp, [rsi + rax]; mov rbx, rax; mov rdi, r12; call r15
> 0x004533c0 : movsxd rsp, edx; mov rdx, r12; mov rax, [rdi + 0xd8]; call [rax + 0x38]
> 0x00416534 : mov esp, esi; push rbx; mov rax, [rdi + 0xd8]; mov rbx, rdi; mov rbp, rdx; call [rax + 0x60]
> 0x00400a35 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact