ROPSHELL 
ropshell> use 5e92aa65c6f3e68f44dc0be120d03a9d (download)
name         : echo_server (x86_64/ELF)
base address : 0x223440
total gadgets: 6200

ropshell> suggest
call
    > 0x00223717 : call rax
    > 0x00225574 : call rbx
    > 0x0024bdb9 : call rcx
    > 0x0026d138 : call rdx
    > 0x0022fac3 : call rsi
jmp
    > 0x00225513 : jmp rax
    > 0x00225034 : jmp rcx
    > 0x00232f99 : jmp rdx
    > 0x00231aef : jmp rsi
    > 0x002390bf : jmp rdi
load mem
    > 0x002869b7 : mov rax, [rdi]; ret
    > 0x00292a4d : movsx eax, [rcx]; ret 0x20
    > 0x002869b8 : mov eax, [rdi]; ret
    > 0x00279082 : movsxd rax, [rcx + 0x2aa3d4]; ret
    > 0x002a0d74 : mov rax, [rdi + 8]; pop rbp; ret
load reg
    > 0x0023aafc : pop rax; ret 6
    > 0x002234c0 : pop rbx; ret
    > 0x002235d3 : pop rcx; ret
    > 0x00223a08 : pop rsi; ret
    > 0x00223738 : pop rdi; ret
pop pop ret
    > 0x00238b0e : pop r13; ret
    > 0x00223735 : pop r14; pop r15; ret
    > 0x0022384a : pop r12; pop r14; pop r15; ret
    > 0x00223aa5 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00223e0a : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x002235fd : add rsp, 0x28; ret
    > 0x002235fd : add rsp, 0x28; ret
stack pivoting
    > 0x00240737 : xchg eax, esp; ret
    > 0x0024b53f : mov esp, eax; jmp rdx
    > 0x00277e84 : lea rsp, [rbp - 0x10]; pop rbx; pop r14; pop rbp; ret
    > 0x00277e85 : lea esp, [rbp - 0x10]; pop rbx; pop r14; pop rbp; ret
    > 0x0027d407 : mov esp, ecx; call [rax + 0x10]
syscall
    > 0x002778c9 : syscall ; ret
write mem
    > 0x00293440 : adc [rbx], eax; ret 0x20
    > 0x00286c3d : adc [rsi], eax; pop rbp; ret
    > 0x0028671c : add [rax + 0x29], ecx; ret
    > 0x00225d0f : add [rax + 0x5d078801], esi; ret
    > 0x0027fe53 : adc [rdx + 0x18], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact