ROPSHELL 
ropshell> use 268d91e97f93f943c6adc61e29e491ca (download)
name         : vuln (x86_64/ELF)
base address : 0x401160
total gadgets: 962

ropshell> suggest
call
    > 0x00406c78 : call rax
    > 0x0040791e : call rbx
    > 0x00406df3 : call rcx
    > 0x004086a5 : call rsi
    > 0x004078dc : call rdi
jmp
    > 0x004119ca : push rsp; ret
    > 0x004011dc : jmp rax
    > 0x00412b3d : jmp rsp
    > 0x0040e0b2 : jmp [rcx]
    > 0x004012e5 : jmp [rsi + 0x2e]
load mem
    > 0x0041297e : mov eax, [rdi + 0x40]; ret
    > 0x00406c74 : mov rdi, [rbx + 0x50]; call rax
    > 0x00411930 : mov edx, [rbx + 0x88]; pop rbx; sub rax, rdx; ret
    > 0x00406c75 : mov edi, [rbx + 0x50]; call rax
    > 0x004074e4 : mov rdi, [rbp + 0x50]; call [rbp + 0x40]
load reg
    > 0x0040a8ee : pop rax; ret
    > 0x00408e3b : pop rbx; ret
    > 0x00403f62 : pop rdx; ret
    > 0x00404cc0 : pop rsi; ret
    > 0x00401465 : pop rdi; ret
pop pop ret
    > 0x0040726d : pop r12; ret
    > 0x0040a178 : pop r12; pop r13; ret
    > 0x00404cbb : pop r12; pop r13; pop r14; ret
    > 0x00401937 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00401936 : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x00411003 : add rsp, 0x18; ret
    > 0x00411003 : add rsp, 0x18; ret
stack pivoting
    > 0x0040d671 : push rdx; pop rsp; add rax, rdx; ret
    > 0x00406dec : mov esp, edx; mov edx, 0x1740; call rcx
    > 0x00410c68 : xchg eax, esp; mov al, 0; add [rcx], ch; clc ; cdqe ; mov rax, [rdx + rax*8]; ret
    > 0x00404c41 : leave ; mov eax, ecx; ret
write mem
    > 0x0040ff64 : adc [rdi + 0x1718], eax; ret
    > 0x0040748e : adc [rbp + 0x60], esi; call rcx
    > 0x0040fd93 : add [rax + 0x63], ecx; jmp [rsi + 0xf]
    > 0x0041009c : add [rbx + 0x28], rbp; add rsp, 8; pop rbx; pop rbp; ret
    > 0x0041009d : add [rbx + 0x28], ebp; add rsp, 8; pop rbx; pop rbp; ret

© 2014 - 2019 - Powered by ROPEME | Contact