ROPSHELL 
ropshell> use 14b11bf6b3b0d4d54c4f649db701a597 (download)
name         : sdstor.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 462

ropshell> suggest
jmp
    > 0x1c000c2b0 : jmp rax
    > 0x1c000c643 : push rsp; add eax, edi; ret
    > 0x1c000c382 : jmp [rsi + 0x66]
load mem
    > 0x1c0001fec : mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
    > 0x1c0001fed : mov esi, [rbx + 0x20]; mov rsp, r11; pop rdi; ret
    > 0x1c0009548 : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r15; pop r14; pop r12; ret
    > 0x1c0002d19 : mov rdi, [r11 + 0x30]; mov rsp, r11; pop r14; pop r13; pop rbp; ret
    > 0x1c0002d1a : mov edi, [rbx + 0x30]; mov rsp, r11; pop r14; pop r13; pop rbp; ret
load reg
    > 0x1c0001415 : pop rax; ret
    > 0x1c0001112 : pop rbx; ret
    > 0x1c0002f4a : pop rdx; ret
    > 0x1c0002a8b : pop rsi; ret
    > 0x1c00018de : pop rdi; ret
pop pop ret
    > 0x1c00016ba : pop r12; ret
    > 0x1c0003522 : pop r12; pop rbp; ret
    > 0x1c0002ee8 : pop r12; pop rdi; pop rbp; ret
    > 0x1c0001ce5 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x1c000b748 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1c000114f : add rsp, 0x28; ret
    > 0x1c000114f : add rsp, 0x28; ret
    > 0x1c0004eb9 : add rsp, 0x38; ret
    > 0x1c00013be : add rsp, 0x48; ret
    > 0x1c0001412 : add rsp, 0x58; ret
stack pivoting
    > 0x1c0001ff0 : mov rsp, r11; pop rdi; ret
    > 0x1c0001ff1 : mov esp, ebx; pop rdi; ret

© 2014 - 2019 - Powered by ROPEME | Contact