ROPSHELL 
ropshell> use 4f096d96285e06cd51aef7d2d3de04da (download)
name         : msvcp100.dll (x86_64/PE)
base address : 0x79631000
total gadgets: 5666

ropshell> suggest
call
    > 0x7963843d : call rax
    > 0x79676f25 : call rbx
    > 0x79642c3e : call rdx
    > 0x7963d610 : call rsi
    > 0x7963e2f9 : call rbp
jmp
    > 0x7963efed : jmp rdx
    > 0x796585ad : jmp rbp
    > 0x7963409c : jmp [rax]
    > 0x79637533 : jmp [rbx + 0x18]
    > 0x79668e51 : jmp [rsi + 0x39]
load mem
    > 0x7963853c : mov rax, [rcx]; ret
    > 0x7963853d : mov eax, [rcx]; ret
    > 0x7963bd10 : movzx eax, [rdx]; ret
    > 0x79666d80 : mov rax, [rcx + 0x10]; ret
    > 0x7963a7b4 : mov eax, [rcx + 0x10]; ret
load reg
    > 0x79642982 : pop rax; ret
    > 0x79631590 : pop rbx; ret
    > 0x7963e91a : pop rcx; ret
    > 0x79674282 : pop rdx; ret 4
    > 0x79633704 : pop rsi; ret
pop pop ret
    > 0x79635337 : pop r12; ret
    > 0x79632367 : pop r12; pop rbp; ret
    > 0x7963e4a4 : pop r12; pop rdi; pop rbp; ret
    > 0x79631d89 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x7963e378 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x796330e2 : add rsp, 0x28; ret
    > 0x796330e2 : add rsp, 0x28; ret
    > 0x79638ee1 : add rsp, 0x38; ret
    > 0x79632045 : add rsp, 0x48; ret
    > 0x79668761 : add rsp, 0x58; ret
stack pivoting
    > 0x79636f4a : xchg eax, esp; ret
    > 0x7963dab0 : mov rsp, r11; pop r12; ret
    > 0x7963dab1 : mov esp, ebx; pop r12; ret
    > 0x79655db7 : mov esp, ecx; mov rdi, r8; mov r13, rcx; call [rax + 8]
    > 0x796766e9 : push rdx; add cl, [rax - 0x75]; pop rsp; and al, 8; mov rdi, [rsp + 0x10]; movzx eax, r9w; ret
write mem
    > 0x7963fbc1 : add [rcx], rax; ret
    > 0x7963fbc2 : add [rcx], eax; ret
    > 0x79640240 : add [rax + 3], edi; ret
    > 0x7963bf5f : add [rdi], ecx; mov bh, 2; ret
    > 0x79645888 : adc [rbx], eax; add [rax - 0x75], cl; ret

© 2014 - 2019 - Powered by ROPEME | Contact