ROPSHELL 
ropshell> use bd1331eea9e034eb3d661990e25037b7 (download)
name         : ld-2.27-3ubuntu1.6.so.2 (x86_64/ELF)
base address : 0xf10
total gadgets: 1423

ropshell> suggest
call
    > 0x00002360 : call rax
    > 0x0001702d : call rbx
    > 0x00005f0a : call rcx
    > 0x000076a9 : call rdx
    > 0x0001bf19 : call rsi
jmp
    > 0x0000275f : jmp rax
    > 0x00017001 : jmp rbx
    > 0x00002286 : jmp rdx
    > 0x000010d5 : jmp rsp
    > 0x0001d5c9 : jmp r10
load mem
    > 0x0001197c : mov eax, [rdx + 4]; ret
    > 0x0001e973 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x000207d3 : movzx edx, [rsi]; sub eax, edx; ret
    > 0x000199a3 : mov rdi, [r12]; call rax
    > 0x000212a1 : movzx ecx, [rsi]; mov [rdi], cl; ret
load reg
    > 0x0000105f : pop rbx; ret
    > 0x000012a9 : pop rsi; ret
    > 0x000017fb : pop rdi; ret
    > 0x00001ae0 : pop rbp; ret
    > 0x00012c3f : pop rsp; ret
pop pop ret
    > 0x00012c3e : pop r12; ret
    > 0x0000e532 : pop r12; pop r13; ret
    > 0x0001318e : pop r12; pop r13; pop r14; ret
    > 0x000017f4 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00001ad8 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x0001c8ee : add rsp, 0x98; ret
    > 0x00019b5b : add rsp, 0x48; jmp [rax]
    > 0x00019ae9 : add rsp, 0x58; jmp [rax]
stack pivoting
    > 0x00004157 : xchg eax, esp; ret
    > 0x00019ba8 : mov rsp, rbp; pop rbp; ret
    > 0x00019ba9 : mov esp, ebp; pop rbp; ret
    > 0x000010d1 : mov rsp, r13; jmp r12
    > 0x0001d303 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0001d265 : syscall ; ret
write mem
    > 0x0002144a : adc [rbx], eax; ret
    > 0x0000601e : adc [rax + 0x29], ecx; ret
    > 0x0001966f : add [rbp + 0x39481104], ecx; ret
    > 0x00021288 : adc [rdi], eax; movups xmm[rdi + rdx - 0x10], xmm1; ret
    > 0x00004abb : add [rdi], ecx; test ch, cl; add eax, [rax]; add [rax - 0x7d], cl; ret

© 2014 - 2019 - Powered by ROPEME | Contact