ROPSHELL 
ropshell> use 89cf8626a053cdda3821aad9d9c485d6 (download)
name         : chal-2 (x86_64/ELF)
base address : 0x400380
total gadgets: 6815

ropshell> suggest
call
    > 0x00404849 : call rax
    > 0x00439949 : call rbx
    > 0x0041df56 : call rcx
    > 0x0043c200 : call rdx
    > 0x0043b731 : call rsi
jmp
    > 0x0041bbdb : push rsp; ret
    > 0x0040195c : jmp rax
    > 0x00418ead : jmp rbx
    > 0x0040f1d4 : jmp rcx
    > 0x00401e4f : jmp rdx
load mem
    > 0x00416caa : mov eax, [rdx]; ret
    > 0x0041995c : movsx eax, [rsi]; neg eax; ret
    > 0x00429114 : mov rax, [rdi + 0x68]; ret
    > 0x0042be18 : mov eax, [rdx + 0x630]; ret
    > 0x00429115 : mov eax, [rdi + 0x68]; ret
load reg
    > 0x00419103 : pop rax; ret
    > 0x00466dc7 : pop rbx; ret
    > 0x00409e4b : pop rcx; ret
    > 0x00476b7f : pop rsi; ret
    > 0x00472463 : pop rdi; ret
pop pop ret
    > 0x004719e4 : pop r12; ret
    > 0x004741de : pop r12; pop r13; ret
    > 0x00476b7a : pop r12; pop r13; pop r14; ret
    > 0x0047245c : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040239d : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004716dd : add rsp, 0x18; ret
    > 0x004716dd : add rsp, 0x18; ret
    > 0x004746ed : add rsp, 0x28; ret
    > 0x0047100a : add rsp, 0x38; ret
stack pivoting
    > 0x00402606 : xchg eax, esp; ret
    > 0x00474c0f : mov rsp, rcx; pop rcx; jmp rcx
    > 0x00474c10 : mov esp, ecx; pop rcx; jmp rcx
    > 0x004404c7 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
    > 0x004404c8 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
syscall
    > 0x00404f36 : syscall ; ret
write mem
    > 0x0040eccc : adc [rcx], eax; ret
    > 0x00410c52 : adc [rdi], eax; ret
    > 0x004278cb : add [rax + 0x39], ecx; ret
    > 0x0040f26f : adc [rax + 0x30], edi; ret
    > 0x0040fc74 : adc [rax + 0x20], ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact