ROPSHELL 
ropshell> use acbcfe6c48f235338f9c8b2fd01ad499 (download)
name         : babyfmt_level10.0 (x86_64/ELF)
base address : 0x401190
total gadgets: 49

ropshell> suggest
call
    > 0x0040181a : call [rdi + rbx*8]
    > 0x00401819 : call [r15 + rbx*8]
    > 0x0040146c : call [rax - 0x179a72b8]; pop rbx; pop r12; pop r13; pop rbp; ret
jmp
    > 0x004011ec : jmp rax
    > 0x004015a0 : jmp [rcx]
load reg
    > 0x00401833 : pop rdi; ret
    > 0x0040125d : pop rbp; ret
    > 0x00401832 : pop r15; ret
    > 0x00401831 : pop rsi; pop r15; ret
    > 0x00401475 : pop r13; pop rbp; ret
pop pop ret
    > 0x00401832 : pop r15; ret
    > 0x00401475 : pop r13; pop rbp; ret
    > 0x00401473 : pop r12; pop r13; pop rbp; ret
    > 0x0040182c : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040182b : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
stack pivoting
    > 0x0040146e : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
    > 0x0040146f : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
    > 0x004017c7 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact