ROPSHELL 
ropshell> use 3c94bcda2a65e71413d3fee2b4be913e (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 6847

ropshell> suggest "stack pivoting"
> 0x1c0001ee9 : xchg eax, esp; ret
> 0x1c002df5d : mov rsp, r11; pop r14; ret
> 0x1c002df5e : mov esp, ebx; pop r14; ret
> 0x1c00f35cf : xchg esp, esi; jmp [rsi - 0x7d]
> 0x1c01c300d : lea rsp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
> 0x1c01c300e : lea esp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
> 0x1c0066c92 : push rbx; or [rax - 0x75], cl; pop rsp; and al, 8; mov rdi, [rsp + 0x10]; ret
> 0x1c01b7f93 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact