ROPSHELL 
ropshell> use 49dd85d1a0efb7e783e78fb085fa7f1c (download)
name         : babyallocator (x86_64/ELF)
base address : 0x400ed0
total gadgets: 199

ropshell> suggest
call
    > 0x00400fbe : call rax
    > 0x00402688 : call rdx
    > 0x00402687 : call r10
    > 0x004027a9 : call [r12 + rbx*8]
jmp
    > 0x00400f25 : jmp rax
    > 0x00402165 : jmp [rsi + 0x2e]
load mem
    > 0x00401ed6 : mov rax, [rbp + 0x10]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
    > 0x00401ed7 : mov eax, [rbp + 0x10]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
    > 0x0040267c : mov r10, [rbp + 8]; inc r10; mov rax, [rbp - 0x10]; call r10
    > 0x0040267d : mov edx, [rbp + 8]; inc r10; mov rax, [rbp - 0x10]; call r10
    > 0x004022ee : mov rdx, [rbx + 0x30]; mov [rax + 0x90], rdx; add rsp, 8; pop rbx; pop rbp; ret
load reg
    > 0x0040260d : pop rax; ret
    > 0x0040228e : pop rbx; ret
    > 0x004016df : pop rsi; ret
    > 0x0040194e : pop rdi; ret
    > 0x00400f30 : pop rbp; ret
pop pop ret
    > 0x00401ee2 : pop r13; ret
    > 0x00401ee0 : pop r12; pop r13; ret
    > 0x004016da : pop r12; pop r13; pop r14; ret
    > 0x00401947 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00401946 : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x00402067 : add rsp, 0x38; ret
    > 0x00402067 : add rsp, 0x38; ret
stack pivoting
    > 0x00401050 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact