ROPSHELL 
ropshell> use 022d546dbb73745fca8e0c8dc8442f93 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6482

ropshell> suggest
call
    > 0x1800144cf : call rax
    > 0x1800658f2 : call rbx
    > 0x18000e55b : call rcx
    > 0x180006459 : call rdx
    > 0x1800f74cd : call rbp
jmp
    > 0x180006b0a : push rsp; ret
    > 0x180004d8b : jmp rax
    > 0x1800724bd : jmp rbx
    > 0x180003b77 : jmp rcx
    > 0x1800a407e : jmp rdx
load mem
    > 0x180074990 : movzx eax, [rcx]; ret
    > 0x1800fc30d : mov rax, [r10 + 0x38]; ret
    > 0x180071526 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800fc30e : mov eax, [rdx + 0x38]; ret
    > 0x1800955f6 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x1800372ac : pop rax; ret
    > 0x1800011a4 : pop rbx; ret
    > 0x18009226b : pop rcx; ret
    > 0x180006b46 : pop rsi; ret
    > 0x180001069 : pop rdi; ret
pop pop ret
    > 0x18008fc28 : pop r11; ret
    > 0x18008fc26 : pop r10; pop r11; ret
    > 0x18000bb40 : pop r12; pop rdi; pop rbp; ret
    > 0x1800017f8 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000c4fa : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a4fd8 : add rsp, 0x10; ret
    > 0x1800a4fd8 : add rsp, 0x10; ret
    > 0x180002e64 : add rsp, 0x28; ret
    > 0x180002a3b : add rsp, 0x38; ret
    > 0x1800598de : add rsp, 0x438; ret
stack pivoting
    > 0x180017888 : xchg eax, esp; ret
    > 0x18002377a : mov rsp, r11; pop r14; ret
    > 0x18002377b : mov esp, ebx; pop r14; ret
    > 0x18010f586 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x18010f587 : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x1800a0072 : syscall ; ret
write mem
    > 0x180032a38 : add [rbx], edi; ret
    > 0x18007175d : add [rdi], ecx; ret
    > 0x18007175c : add [r15], ecx; ret
    > 0x18008623d : add [rax + 0xf], ecx; ret
    > 0x1800765ea : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact