ROPSHELL 
ropshell> use 0d8eb562a4e918a8e05e9151339138b5 (download)
name         : help (x86_64/ELF)
base address : 0x4011a0
total gadgets: 7087

ropshell> suggest
call
    > 0x0040265e : call rax
    > 0x0044ef96 : call rbx
    > 0x00484f36 : call rcx
    > 0x0040fe2b : call rdx
    > 0x00457d9e : call rsi
jmp
    > 0x00412f2e : push rsp; ret
    > 0x00401be9 : jmp rax
    > 0x00408dcd : jmp rbx
    > 0x004028f7 : jmp rcx
    > 0x0040ea81 : jmp rdx
load mem
    > 0x00481012 : mov eax, [rcx]; ret
    > 0x00420664 : mov rax, [rdi + 0x68]; ret
    > 0x00420665 : mov eax, [rdi + 0x68]; ret
    > 0x0042b253 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x00431983 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x00451707 : pop rax; ret
    > 0x0040201b : pop rbx; ret
    > 0x004017cf : pop rdx; ret
    > 0x0040f25e : pop rsi; ret
    > 0x004018ca : pop rdi; ret
pop pop ret
    > 0x0040312f : pop r12; ret
    > 0x00411161 : pop r12; pop r13; ret
    > 0x0040f259 : pop r12; pop r13; pop r14; ret
    > 0x004018c3 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00403554 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0040f3c1 : add rsp, 0x118; ret
    > 0x0040f3c1 : add rsp, 0x118; ret
    > 0x00450a3d : add rsp, 0x28; ret
    > 0x004670d7 : add rsp, 0x38; ret
    > 0x00451704 : add rsp, 0x58; ret
stack pivoting
    > 0x00404cf1 : xchg eax, esp; ret
    > 0x00490a34 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x00490a35 : mov esp, ecx; pop rcx; jmp rcx
    > 0x004850bb : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
    > 0x004850bc : mov esp, eax; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0041df74 : syscall ; ret
write mem
    > 0x0044d88c : adc [rbx], eax; ret
    > 0x0046db4b : add [rcx], eax; ret
    > 0x0047ed86 : adc [rax + 0x39], ecx; ret
    > 0x00452625 : add [rbx + 0x94901e0], eax; ret
    > 0x0043e24a : adc [rcx + 7], rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact