ROPSHELL 
ropshell> use b28f2a4bcd6673b5a1b3cb26f7d9e71f (download)
name         : void (x86_64/ELF)
base address : 0x401040
total gadgets: 460

ropshell> suggest
call
    > 0x00405b61 : call rdi
    > 0x00401609 : call rsp
    > 0x00401608 : call r12
    > 0x004015c0 : call [rbx]
    > 0x00401194 : call [rbp + 0x48]
jmp
    > 0x004010cc : jmp rax
    > 0x00402099 : jmp rdx
    > 0x00403d55 : jmp rsi
    > 0x00401611 : jmp [rsi + 0x2e]
load mem
    > 0x004020b2 : mov rax, [rcx]; mov [rdi], rax; ret
    > 0x004020b3 : mov eax, [rcx]; mov [rdi], rax; ret
    > 0x00404da9 : movzx edx, [rsi]; xor eax, eax; sub eax, edx; ret
    > 0x00404da0 : movzx edx, [rcx + 1]; xor eax, eax; sub eax, edx; ret
    > 0x00405c8a : mov rax, [rbx + 0x50]; mov edx, 1; pop rbx; jmp rax
load reg
    > 0x00401abc : pop rax; ret
    > 0x00404c92 : pop rbx; ret
    > 0x00401bf7 : pop rsi; ret
    > 0x00401ce2 : pop rdi; ret
    > 0x00401151 : pop rbp; ret
pop pop ret
    > 0x00401691 : pop r12; ret
    > 0x00402324 : pop r12; pop r13; ret
    > 0x00401bf2 : pop r12; pop r13; pop r14; ret
    > 0x00401cdb : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00401cda : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x00401503 : add rsp, 0x158; ret
    > 0x00401503 : add rsp, 0x158; ret
    > 0x00405421 : add rsp, 0x28; ret
    > 0x00401ab9 : add rsp, 0x58; ret
stack pivoting
    > 0x004012d8 : leave ; ret
syscall
    > 0x004055b0 : syscall ; ret
write mem
    > 0x0040583f : adc [rdi + 0x20], eax; ret
    > 0x00404da3 : add [rcx], esi; shr [rcx], 0xd0; ret
    > 0x004053c3 : add [rax + 2], edi; sbb eax, -1; ret
    > 0x00402088 : adc [rdi + 0x4d], esi; lea rcx, [rip + 0x4026]; movsxd rdx, [rcx + rsi*4]; add rdx, rcx; jmp rdx

© 2014 - 2019 - Powered by ROPEME | Contact