ROPSHELL 
ropshell> use 3c94bcda2a65e71413d3fee2b4be913e (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 6847

ropshell> suggest
call
    > 0x1c0012d61 : call rax
    > 0x1c0003938 : call rcx
    > 0x1c010623c : call rdx
    > 0x1c0178415 : call rsi
    > 0x1c00f7a70 : call rdi
jmp
    > 0x1c00baf3d : push rsp; ret
    > 0x1c00cb360 : jmp rax
    > 0x1c00f9403 : jmp rbx
    > 0x1c00770aa : jmp rcx
    > 0x1c0033fa5 : jmp rsi
load mem
    > 0x1c0177b50 : mov rax, [rcx]; ret
    > 0x1c0177b51 : mov eax, [rcx]; ret
    > 0x1c01a0e20 : mov rax, [rcx + 0x108]; ret
    > 0x1c0163fe3 : mov rax, [rdx + 0x1e8]; ret
    > 0x1c01a0e21 : mov eax, [rcx + 0x108]; ret
load reg
    > 0x1c001c359 : pop rax; ret
    > 0x1c0001959 : pop rbx; ret
    > 0x1c001c1de : pop rdx; ret
    > 0x1c00010f6 : pop rsi; ret
    > 0x1c0001c9b : pop rdi; ret
pop pop ret
    > 0x1c0003d3e : pop r12; ret
    > 0x1c000303e : pop r12; pop rbp; ret
    > 0x1c0006d2e : pop r12; pop rbx; pop rbp; ret
    > 0x1c0016e21 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x1c0009306 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1c015965b : add rsp, 0x18; ret
    > 0x1c015965b : add rsp, 0x18; ret
    > 0x1c0001982 : add rsp, 0x28; ret
    > 0x1c002af00 : add rsp, 0x38; ret
    > 0x1c002f05e : add rsp, 0x48; ret
stack pivoting
    > 0x1c0001ee9 : xchg eax, esp; ret
    > 0x1c002df5d : mov rsp, r11; pop r14; ret
    > 0x1c002df5e : mov esp, ebx; pop r14; ret
    > 0x1c00f35cf : xchg esp, esi; jmp [rsi - 0x7d]
    > 0x1c01c300d : lea rsp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
write mem
    > 0x1c01c6401 : add [rax], edx; ret
    > 0x1c01c6468 : add [rax], esi; ret
    > 0x1c011432a : adc [rbx], ecx; ret
    > 0x1c004743d : adc [rbx], edi; ret
    > 0x1c006e31f : add [rdx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact