We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROPgadget always seems to miss this sequence:
.text:00000000004005E6 48 8B 5C 24 08 mov rbx, [rsp+8] .text:00000000004005EB 48 8B 6C 24 10 mov rbp, [rsp+10h] .text:00000000004005F0 4C 8B 64 24 18 mov r12, [rsp+18h] .text:00000000004005F5 4C 8B 6C 24 20 mov r13, [rsp+20h] .text:00000000004005FA 4C 8B 74 24 28 mov r14, [rsp+28h] .text:00000000004005FF 4C 8B 7C 24 30 mov r15, [rsp+30h] .text:0000000000400604 48 83 C4 38 add rsp, 38h .text:0000000000400608 C3 retn .text:0000000000400608 __libc_csu_init endp
$ ROPgadget --binary unexploitable | grep 38 0x0000000000400605 : add esp, 0x38 ; ret 0x0000000000400604 : add rsp, 0x38 ; ret 0x0000000000400602 : and al, 0x30 ; add rsp, 0x38 ; ret 0x0000000000400600 : mov edi, dword ptr [rsp + 0x30] ; add rsp, 0x38 ; ret 0x00000000004005ff : mov r15, qword ptr [rsp + 0x30] ; add rsp, 0x38 ; ret 0x0000000000400538 : pop rbp ; mov edi, 0x600e48 ; jmp rax
The text was updated successfully, but these errors were encountered:
Go ahead for a PR :)
Sorry, something went wrong.
I'm 5 years late.... (😬) but it works on rp in case you are interested :-D:
> rp-win-x64.exe --file z.bin --raw x64 --rop=10 | rg "mov rbx," 0x0: mov rbx, qword [rsp+0x08] ; mov rbp, qword [rsp+0x10] ; mov r12, qword [rsp+0x18] ; mov r13, qword [rsp+0x20] ; mov r14, qword [rsp+0x28] ; mov r15, qword [rsp+0x30] ; add rsp, 0x38 ; ret ; \x48\x8b\x5c\x24\x08\x48\x8b\x6c\x24\x10\x4c\x8b\x64\x24\x18\x4c\x8b\x6c\x24\x20\x4c\x8b\x74\x24\x28\x4c\x8b\x7c\x24\x30\x48\x83\xc4\x38\xc3 (1 found)
No branches or pull requests
ROPgadget always seems to miss this sequence:
The text was updated successfully, but these errors were encountered: