ROPSHELL 
ropshell> use 517fb6a5285d00bdc8ab97db4e4ce793 (download)
name         : ntdll.dll (x86_64/RAW)
base address : 0x0
total gadgets: 7152

ropshell> suggest
call
    > 0x00078af3 : call rax
    > 0x0001ddf8 : call rbx
    > 0x00146ad6 : call rdx
    > 0x00132261 : call rdi
    > 0x00028251 : call rbp
jmp
    > 0x0000c3e8 : push rsp; ret
    > 0x0008eadc : jmp rax
    > 0x00132f2c : jmp rbx
    > 0x0000c34e : jmp rcx
    > 0x00078cd7 : jmp rdx
load mem
    > 0x00072920 : movzx eax, [rcx]; ret
    > 0x001445ad : mov edx, [rbx]; ret
    > 0x001395d8 : mov ebp, [rax]; ret
    > 0x000839a6 : mov eax, [rcx + 0x16b0]; ret
    > 0x00104085 : mov eax, [rdx + 0x38]; ret
load reg
    > 0x00001e13 : pop rax; ret
    > 0x000012a7 : pop rbx; ret
    > 0x000915b5 : pop rcx; ret
    > 0x000ea37b : pop rdx; ret
    > 0x0000124e : pop rsi; ret
pop pop ret
    > 0x0008eaf8 : pop r11; ret
    > 0x0008eaf6 : pop r10; pop r11; ret
    > 0x0002d063 : pop r12; pop rbp; pop rbx; ret
    > 0x0002126d : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x00011f5d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x000a5058 : add rsp, 0x10; ret
    > 0x000a5058 : add rsp, 0x10; ret
    > 0x0008b07f : add rsp, 0x238; ret
    > 0x0000146b : add rsp, 0x38; ret
    > 0x00081156 : add rsp, 0x438; ret
stack pivoting
    > 0x0000ca67 : xchg eax, esp; ret
    > 0x00027276 : mov rsp, r11; pop r14; ret
    > 0x00027277 : mov esp, ebx; pop r14; ret
    > 0x001fb869 : lea esp, [rbp + 0x4b602227]; ret
    > 0x0011a422 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x0009fd82 : syscall ; ret
write mem
    > 0x000fabaf : adc [rax], r10; ret
    > 0x001fdf21 : add [rax], ecx; ret
    > 0x000fabb0 : adc [rax], edx; ret
    > 0x0000217f : add [rbx], edi; ret
    > 0x000a7088 : adc [rdx], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact