ROPSHELL 
ropshell> use 9cc024c6ee4358240e2264542e8f94f2 (download)
name         : chal (x86_64/ELF)
base address : 0x10403a0
total gadgets: 2973

ropshell> suggest
call
    > 0x0104f43a : call rax
    > 0x01070861 : call rbx
    > 0x01070aa2 : call rdx
    > 0x0107f9aa : call rdi
    > 0x0104ce9d : call rbp
jmp
    > 0x0104528d : jmp rax
    > 0x010f9281 : jmp rbx
    > 0x010bf931 : jmp rsi
    > 0x0107d4f1 : jmp rbp
    > 0x0104bf9d : jmp rsp
load mem
    > 0x011040d4 : mov rax, [rdi]; pop rbp; ret
    > 0x011040c4 : mov eax, [rdi]; pop rbp; ret
    > 0x010c8c89 : mov eax, [rsi]; add rsp, 8; pop rbp; ret
    > 0x0104a9c7 : mov ecx, [rdx]; mov [rdi], ecx; pop rbp; ret
    > 0x01083d51 : mov esi, [rcx]; std ; jmp [rsi - 0x7d]
load reg
    > 0x010fb0ba : pop rax; ret
    > 0x010f33d9 : pop rcx; ret
    > 0x0104054b : pop rbp; ret
    > 0x010f562c : pop rsp; ret
    > 0x010e3555 : pop rbx; pop rbp; ret
pop pop ret
    > 0x010fb0ba : pop rax; ret
    > 0x0105d08e : pop r14; pop rbp; ret
    > 0x010518af : pop r14; pop r15; pop rbp; ret
    > 0x010518ad : pop r12; pop r14; pop r15; pop rbp; ret
    > 0x010d8e6c : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
stack pivoting
    > 0x010f6137 : xchg eax, esp; ret
    > 0x0104e1b2 : mov rsp, rbp; pop rbp; ret
    > 0x0104e1b3 : mov esp, ebp; pop rbp; ret
    > 0x010d1eff : lea esp, [rax - 2]; jmp [rsi - 0x7d]
    > 0x010a7999 : xchg esp, edi; add [rax], al; add [rax - 0x75], cl; test [rax + 0x48ffffe4], ecx; mov eax, [rax*8 + 0x10035f8]; jmp rax
syscall
    > 0x010689f7 : syscall ; ret
write mem
    > 0x010e6cae : add [rbp + 0x21], ecx; ret
    > 0x010cf5d1 : add [rdx + 0x12], edi; pop rbp; ret
    > 0x010f6134 : add [rcx + 0xf], eax; xchg eax, esp; ret
    > 0x0107eaeb : adc [rdx], eax; std ; jmp [rsi - 0x77]
    > 0x011043ce : adc [rax + rdi], edx; vmovups xmm[rax + rdx - 0x10], xmm1; pop rbp; ret

© 2014 - 2019 - Powered by ROPEME | Contact