ROPSHELL 
ropshell> use 56b034b9ab67b78d8cf316af38dc5177 (download)
name         : VBoxDD.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 24103

ropshell> suggest
call
    > 0x18000a486 : call rax
    > 0x180017749 : call rbx
    > 0x18001f75d : call rcx
    > 0x18000cc76 : call rdx
    > 0x18001ef21 : call rsi
jmp
    > 0x1800524a8 : push rsp; ret
    > 0x180003f55 : jmp rax
    > 0x1800018aa : jmp rcx
    > 0x18000e351 : jmp rdx
    > 0x18004eb11 : jmp rdi
load mem
    > 0x1800fbaae : mov rax, [rcx]; ret
    > 0x1800fbaaf : mov eax, [rcx]; ret
    > 0x180101810 : mov rax, [rcx + 0x58]; ret
    > 0x18012804d : mov eax, [rcx + 0x10]; ret
    > 0x180127eca : mov eax, [rdx + 0x10]; ret
load reg
    > 0x1800aa559 : pop rax; ret
    > 0x18000168a : pop rbx; ret
    > 0x18008ffda : pop rcx; ret
    > 0x1800a4b06 : pop rdx; ret
    > 0x1800057a7 : pop rsi; ret
pop pop ret
    > 0x1800b5113 : pop r10; ret
    > 0x180010201 : pop r12; pop rbp; ret
    > 0x18000d539 : pop r12; pop rbp; pop rbx; ret
    > 0x180026558 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x1800117c2 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x180130ec9 : add rsp, 0x10; ret
    > 0x180130ec9 : add rsp, 0x10; ret
    > 0x1800055fc : add rsp, 0x28; ret
    > 0x18000c490 : add rsp, 0x38; ret
    > 0x1800066ab : add rsp, 0x48; ret
stack pivoting
    > 0x180010cf1 : xchg eax, esp; ret
    > 0x18002e86d : mov rsp, r11; pop r12; ret
    > 0x18002e86e : mov esp, ebx; pop r12; ret
    > 0x1800ebca8 : xchg rax, rsp; or [rax], al; ret
    > 0x1800c159c : mov esp, ecx; call [rax + 0x48]
write mem
    > 0x1800579a4 : add [rax], edx; ret
    > 0x1800457b9 : adc [rbx], esi; ret 0xa9
    > 0x180103708 : adc [rbx], edi; ret
    > 0x1801034b2 : add [rdx], eax; ret
    > 0x180031ff4 : add [rdx], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact