ROPSHELL 
ropshell> use a81f3c008e320aa1141ca24b481f5920 (download)
name         : chall (x86_64/ELF)
base address : 0x401000
total gadgets: 3759

ropshell> suggest
call
    > 0x00407a2e : call rax
    > 0x0041fdd1 : call rbx
    > 0x00405df1 : call rcx
    > 0x00432211 : call rdx
    > 0x00404a04 : call rsi
jmp
    > 0x0040b287 : push rsp; ret
    > 0x00453370 : jmp rax
    > 0x0045f6fe : jmp rbx
    > 0x00437789 : jmp rdi
    > 0x00438935 : jmp rbp
load mem
    > 0x0045ec52 : movsxd rax, [rcx]; ret
    > 0x00432f85 : mov rbx, [rcx + 0x10]; ret
    > 0x00432f86 : mov ebx, [rcx + 0x10]; ret
    > 0x00407a2b : mov rax, [rdx]; call rax
    > 0x004632a9 : mov rax, [rsi]; mov [rdi], rax; ret
load reg
    > 0x004224c4 : pop rax; ret
    > 0x00446c41 : pop rbx; ret
    > 0x00412ac3 : pop rcx; ret
    > 0x004742ca : pop rdx; ret 2
    > 0x00401031 : pop rbp; ret
pop pop ret
    > 0x004224c4 : pop rax; ret
    > 0x004042d1 : pop rax; pop rbp; ret
sp lifting
    > 0x00463a87 : add rsp, 0x30; ret
    > 0x00463a87 : add rsp, 0x30; ret
stack pivoting
    > 0x00406369 : xchg eax, esp; ret
    > 0x00463ea0 : mov rsp, rbx; pop rbp; ret
    > 0x00463ea1 : mov esp, ebx; pop rbp; ret
    > 0x0046221a : mov rsp, rsi; mov [rsp + 0x20], eax; pop rbp; ret
    > 0x0046221b : mov esp, esi; mov [rsp + 0x20], eax; pop rbp; ret
syscall
    > 0x00463aa9 : syscall ; ret
write mem
    > 0x0042cd59 : add [rax + 0x110], rbx; ret
    > 0x0042cd5a : add [rax + 0x110], ebx; ret
    > 0x00428375 : add [rax + 0x39], ecx; ret
    > 0x0042cd3d : add [rdx + 0x118], ebx; ret
    > 0x0042cd3c : add [r10 + 0x118], rbx; ret

© 2014 - 2019 - Powered by ROPEME | Contact