ROPSHELL 
ropshell> use 0dc2a9882540dea4a55b08785e09d8fc (download)
name         : afd.sys (x86_64/PE)
base address : 0x11000
total gadgets: 1293

ropshell> suggest
call
    > 0x0001ca71 : call rbx
    > 0x000149e5 : call rcx
    > 0x00011e03 : call rsi
    > 0x00011c65 : call rdi
    > 0x00017207 : call rbp
jmp
    > 0x00011d1a : jmp rax
    > 0x00011377 : jmp rcx
    > 0x00011376 : jmp r9
    > 0x0001e0c9 : jmp [rax + 0x10]
    > 0x000216aa : jmp [rsi + 0x39]
load mem
    > 0x0001e560 : mov eax, [rcx]; cmp ax, -0x11; sete al; ret
    > 0x000149e0 : mov rcx, [r10 + 0x28]; call r9
    > 0x0001e267 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
    > 0x0001539a : mov rdi, [r11 + 0x28]; mov rsp, r11; pop r12; ret
    > 0x000149e1 : mov ecx, [rdx + 0x28]; call r9
load reg
    > 0x00014551 : pop rax; ret
    > 0x00011860 : pop rbx; ret
    > 0x00011ca1 : pop rsi; ret
    > 0x00011932 : pop rdi; ret
    > 0x00012125 : pop rbp; ret
pop pop ret
    > 0x00013636 : pop r12; ret
    > 0x00013b20 : pop r12; pop rbp; ret
    > 0x000166e9 : pop r12; pop rdi; pop rbx; ret
    > 0x000168c7 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x000125d2 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x000117ce : add rsp, 0x188; ret
    > 0x000117ce : add rsp, 0x188; ret
    > 0x0001173a : add rsp, 0x28; ret
    > 0x0001636e : add rsp, 0x38; ret
    > 0x0001247d : add rsp, 0x48; ret
stack pivoting
    > 0x0001539e : mov rsp, r11; pop r12; ret
    > 0x0001539f : mov esp, ebx; pop r12; ret
    > 0x0001e3a6 : xchg eax, esp; shr bl, 2; xor al, al; add rsp, 0x28; ret
    > 0x00017206 : leave ; call rbp
write mem
    > 0x0001fa95 : add [rbx], edi; ret
    > 0x00011a23 : adc [rax + 0xf], ecx; ret
    > 0x0001c7d5 : adc [rcx], eax; add [rcx], al; add [rax], al; add al, ch; call [rdi - 1]

© 2014 - 2019 - Powered by ROPEME | Contact