ROPSHELL 
ropshell> use 00dfcfa3da8c5e7c15e89a1a2ed510d6 (download)
name         : ntdll.dll (x86_64/RAW)
base address : 0x0
total gadgets: 12489

ropshell> suggest
call
    > 0x0001f206 : call rax
    > 0x000256fe : call rbx
    > 0x0002e8c7 : call rcx
    > 0x0002095e : call rdx
    > 0x00024fa0 : call rsi
jmp
    > 0x0001a9b8 : push rsp; ret
    > 0x000217dd : jmp rax
    > 0x000090cc : jmp rbx
    > 0x0000ecd0 : jmp rcx
    > 0x00091bd6 : jmp rdx
load mem
    > 0x0001e435 : mov edx, [rbx]; ret
    > 0x0001adc0 : mov ebp, [rax]; ret
    > 0x00079714 : mov eax, [rdx + 4]; ret
    > 0x000df163 : mov eax, [rsi + 0x20]; pop rsi; ret
    > 0x0007535d : mov eax, [rbp + 0x10]; pop rbp; ret
load reg
    > 0x0006bef2 : pop rax; ret
    > 0x000282f9 : pop rbx; ret
    > 0x0001c981 : pop rcx; ret
    > 0x00010940 : pop rdx; ret
    > 0x00026c8d : pop rsi; ret
pop pop ret
    > 0x000856e6 : pop r15; ret
    > 0x00076432 : pop rax; pop rbp; ret
    > 0x000efdab : pop r14; pop rbx; pop rcx; ret
    > 0x000763cc : pop rax; pop rdi; pop rsi; pop rbp; ret
    > 0x0007e9df : pop rax; pop rdi; pop rsi; pop rbx; pop rbp; ret
stack pivoting
    > 0x00031e6d : xchg eax, esp; ret
    > 0x000aabc6 : xchg esp, edi; dec ecx; ret
    > 0x00032abb : mov esp, ebx; pop rbx; ret
    > 0x000259e4 : mov esp, ebp; pop rbp; ret
    > 0x00057900 : lea esp, [rdx + 0x48d4b39]; ret
write mem
    > 0x0007370e : add [rax], r8; ret 8
    > 0x0002706d : add [rbx], eax; ret
    > 0x00033c7f : add [rbx], esi; ret
    > 0x000801e1 : add [rbx], edi; ret
    > 0x0004ae54 : add [rcx], eax; pop rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact