ROPSHELL 
ropshell> use 57ac5701b83e83c59df7e83362f69bcb (download)
name         : cygwin1.dll (x86_64/PE)
base address : 0x180041000
total gadgets: 12614

ropshell> suggest
call
    > 0x180043868 : call rax
    > 0x180047744 : call rbx
    > 0x18006095a : call rcx
    > 0x18005afdb : call rdx
    > 0x180046513 : call rsi
jmp
    > 0x180085068 : push rsp; ret
    > 0x18004a3c2 : jmp rax
    > 0x1800925ea : jmp rbx
    > 0x18009c21d : jmp rcx
    > 0x1800435e3 : jmp rdx
load mem
    > 0x1800d87f0 : movzx eax, [rcx]; ret
    > 0x180213860 : mov rax, [rcx + 0x128]; ret
    > 0x180077b80 : movsxd rax, [rdx + 0x18]; ret
    > 0x180213861 : mov eax, [rcx + 0x128]; ret
    > 0x1800a0dd0 : movzx eax, [rdx + 0x18]; ret
load reg
    > 0x18006ab7d : pop rax; ret
    > 0x1800411b3 : pop rbx; ret
    > 0x180076463 : pop rcx; ret
    > 0x180041c96 : pop rsi; ret
    > 0x180041b4d : pop rdi; ret
pop pop ret
    > 0x1800413e6 : pop r12; ret
    > 0x180041351 : pop r12; pop r13; ret
    > 0x180041c91 : pop r12; pop r13; pop r14; ret
    > 0x180041b46 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x180048dfd : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x18014d7a8 : add rsp, 0x188; ret
    > 0x18014d7a8 : add rsp, 0x188; ret
    > 0x18006461e : add rsp, 0x2038; ret
    > 0x1800477f6 : add rsp, 0x3228; ret
    > 0x18004288c : add rsp, 0x48; ret
stack pivoting
    > 0x18005dd83 : xchg eax, esp; ret
    > 0x1800a78d6 : mov rsp, rbp; pop rbp; ret
    > 0x1802105c4 : mov rsp, r10; push r11; ret
    > 0x1802105c5 : mov esp, edx; push r11; ret
    > 0x1800a78d7 : mov esp, ebp; pop rbp; ret
write mem
    > 0x1801ccc18 : add [rcx], edi; ret
    > 0x1800f80b0 : add [rcx], ebp; ret
    > 0x1801cedf1 : add [r9], rdi; ret
    > 0x1801cd167 : add [r9], edi; ret
    > 0x18010d90f : add [rax + 0x88], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact