ROPSHELL 
ropshell> use 0d7af30d0a42165ee37f1311e6fbe1d1 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6523

ropshell> suggest
call
    > 0x18001600f : call rax
    > 0x18002c776 : call rbx
    > 0x1800450e5 : call rcx
    > 0x180006219 : call rdx
    > 0x18009102d : call rbp
jmp
    > 0x1800068ca : push rsp; ret
    > 0x180004b4b : jmp rax
    > 0x1800178f1 : jmp rbx
    > 0x180003937 : jmp rcx
    > 0x1800a257e : jmp rdx
load mem
    > 0x18006eb80 : movzx eax, [rcx]; ret
    > 0x1800fbe3d : mov rax, [r10 + 0x38]; ret
    > 0x180081056 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800fbe3e : mov eax, [rdx + 0x38]; ret
    > 0x180094ab6 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180023701 : pop rax; ret
    > 0x180001064 : pop rbx; ret
    > 0x18002566d : pop rcx; ret
    > 0x18005bfa2 : pop rdx; ret 0x11
    > 0x180006906 : pop rsi; ret
pop pop ret
    > 0x18008f0f7 : pop r11; ret
    > 0x18008f0f5 : pop r10; pop r11; ret
    > 0x180022a60 : pop r12; pop rdi; pop rbp; ret
    > 0x1800016b8 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000b27a : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a34d8 : add rsp, 0x10; ret
    > 0x1800a34d8 : add rsp, 0x10; ret
    > 0x180002d24 : add rsp, 0x28; ret
    > 0x1800028fb : add rsp, 0x38; ret
    > 0x18007fa02 : add rsp, 0x438; ret
stack pivoting
    > 0x180018f08 : xchg eax, esp; ret
    > 0x180042b2a : mov rsp, r11; pop r14; ret
    > 0x180042b2b : mov esp, ebx; pop r14; ret
    > 0x18010f046 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x18010f047 : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009e592 : syscall ; ret
write mem
    > 0x18005b6b8 : add [rbx], edi; ret
    > 0x180069dbd : add [rdi], ecx; ret
    > 0x180069dbc : add [r15], ecx; ret
    > 0x18008550d : add [rax + 0xf], ecx; ret
    > 0x18007280a : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact