ROPSHELL 
ropshell> use 0d7af30d0a42165ee37f1311e6fbe1d1 (download)
name         : ntdll_test.dll (x86_64/RAW)
base address : 0x0
total gadgets: 7301

ropshell> suggest
call
    > 0x0001540f : call rax
    > 0x0002bb76 : call rbx
    > 0x000444e5 : call rcx
    > 0x00005619 : call rdx
    > 0x0011fa31 : call rdi
jmp
    > 0x00005cca : push rsp; ret
    > 0x00003f4b : jmp rax
    > 0x00016cf1 : jmp rbx
    > 0x00002d37 : jmp rcx
    > 0x000a197e : jmp rdx
load mem
    > 0x0006df80 : movzx eax, [rcx]; ret
    > 0x001320bd : mov edx, [rbx]; ret
    > 0x00122e08 : mov ebp, [rax]; ret
    > 0x000fb23d : mov rax, [r10 + 0x38]; ret
    > 0x00080456 : mov eax, [rcx + 0x16b0]; ret
load reg
    > 0x00022b01 : pop rax; ret
    > 0x00000464 : pop rbx; ret
    > 0x00024a6d : pop rcx; ret
    > 0x00125371 : pop rdx; ret
    > 0x00005d06 : pop rsi; ret
pop pop ret
    > 0x0008e4f7 : pop r11; ret
    > 0x0008e4f5 : pop r10; pop r11; ret
    > 0x00021e60 : pop r12; pop rdi; pop rbp; ret
    > 0x00000ab8 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x0000a67a : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x000a28d8 : add rsp, 0x10; ret
    > 0x000a28d8 : add rsp, 0x10; ret
    > 0x00002124 : add rsp, 0x28; ret
    > 0x00001cfb : add rsp, 0x38; ret
    > 0x0007ee02 : add rsp, 0x438; ret
stack pivoting
    > 0x00018308 : xchg eax, esp; ret
    > 0x00041f2a : mov rsp, r11; pop r14; ret
    > 0x00041f2b : mov esp, ebx; pop r14; ret
    > 0x0010e446 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x0010e447 : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x0009d992 : syscall ; ret
write mem
    > 0x0005aab8 : add [rbx], edi; ret
    > 0x000691bd : add [rdi], ecx; ret
    > 0x000691bc : add [r15], ecx; ret
    > 0x001314bd : adc [rdx], ebp; lahf ; ret
    > 0x0008490d : add [rax + 0xf], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact