ROPSHELL 
ropshell> use 560ef758264b3b33d5d0b3e404a99cfb (download)
name         : KernelBase.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 14537

ropshell> suggest
call
    > 0x1801576bc : call rsi
    > 0x18009b45d : call rdi
    > 0x18005458d : call rbp
    > 0x18001ebfd : call [rax]
    > 0x18001e544 : call [rbx]
jmp
    > 0x1800c6bc0 : push rsp; ret
    > 0x18006215f : jmp rax
    > 0x180146f8d : jmp rbx
    > 0x180003bef : jmp rcx
    > 0x1800bff5f : jmp rdx
load mem
    > 0x1800f02ce : mov eax, [rcx]; ret
    > 0x1800f02cd : mov eax, [r9]; ret
    > 0x1800e5a3e : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x18007f15a : mov rax, [rcx + 0x38]; add rax, 8; ret
    > 0x18007f15b : mov eax, [rcx + 0x38]; add rax, 8; ret
load reg
    > 0x180006095 : pop rax; ret
    > 0x1800042f3 : pop rbx; ret
    > 0x1800d65ab : pop rcx; ret
    > 0x18000396d : pop rsi; ret
    > 0x180003642 : pop rdi; ret
pop pop ret
    > 0x18001a21e : pop r12; ret
    > 0x180005626 : pop r12; pop rbp; ret
    > 0x180056204 : pop r12; pop rbp; pop rbx; ret
    > 0x1800604aa : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x1800166fe : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800f6e3a : add rsp, 0x18; ret
    > 0x1800f6e3a : add rsp, 0x18; ret
    > 0x18000b5c1 : add rsp, 0x28; ret
    > 0x1800193e3 : add rsp, 0x38; ret
    > 0x18004a204 : add rsp, 0x48; ret
stack pivoting
    > 0x180003663 : xchg eax, esp; ret
    > 0x180046cd7 : mov rsp, r11; pop r14; ret
    > 0x180046cd8 : mov esp, ebx; pop r14; ret
    > 0x1800f751c : lea rsp, [rbp + 0x20]; pop rbp; ret
    > 0x18013c28f : push rcx; pop rsp; sbb [rax], eax; ret
syscall
    > 0x18019bd24 : int 0x80; adc al, 0; add [rbp + 0x2e], dh; ret
write mem
    > 0x1800e0bfa : add [rbx], eax; ret
    > 0x1801975f7 : adc [rcx], eax; ret
    > 0x180199989 : adc [rdx], eax; ret
    > 0x180184860 : add [rax + 0x2b], ecx; ret
    > 0x180198ee8 : add [rax + 0x7f], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact