This repository has been archived by the owner on Nov 13, 2024. It is now read-only.
Features:
- handling non-return gadgets (
jmp reg,call reg) - set registers (
rdi=0xxxxxx,rsi=0xxxxxx) - set register to register (
rdi=rax) - write to mem
- write string/bytes to mem
- function call (
open('/etc/passwd',0)) - pass register in function call (
read('rax', bss, 0x100)) - avoiding badchars
- stack pivoting (
Exrop.stack_pivot) - syscall (
Exrop.syscall)