ROPSHELL 
ropshell> use 5da5aa94a1a049f03d31b96460690c12 (download)
name         : VBoxC_release.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 23367

ropshell> suggest
call
    > 0x18001ac1e : call rax
    > 0x18010e90d : call rbx
    > 0x18000a56d : call rcx
    > 0x18002fcac : call rdx
    > 0x18002ba50 : call rsi
jmp
    > 0x18021de18 : push rsp; ret
    > 0x180012ee3 : jmp rax
    > 0x18014006d : jmp rbx
    > 0x180016280 : jmp rcx
    > 0x180019642 : jmp rdx
load mem
    > 0x18015b510 : mov rax, [rcx + 0x10]; ret
    > 0x18015f93a : mov rax, [rdx + 0x160]; ret
    > 0x18015abf0 : mov eax, [rcx + 0x10]; ret
    > 0x18015f93b : mov eax, [rdx + 0x160]; ret
    > 0x180198f3e : mov eax, [rbx]; add rsp, 0x48; ret
load reg
    > 0x180012db3 : pop rax; ret
    > 0x1800010b1 : pop rbx; ret
    > 0x18018042d : pop rcx; ret
    > 0x18010a94a : pop rdx; ret
    > 0x180002468 : pop rsi; ret
pop pop ret
    > 0x180002053 : pop r12; ret
    > 0x180009568 : pop r12; pop rbp; ret
    > 0x180159d58 : pop r12; pop rbp; pop rbx; ret
    > 0x180167f83 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180014b95 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1801d3da5 : add rsp, 0x108; ret
    > 0x1801d3da5 : add rsp, 0x108; ret
    > 0x18017c680 : add rsp, 0x20; ret
    > 0x180006eb0 : add rsp, 0x38; ret
    > 0x180001425 : add rsp, 0x48; ret
stack pivoting
    > 0x18000c992 : xchg eax, esp; ret
    > 0x18017c4cf : mov rsp, rbp; pop rbp; ret
    > 0x180029d3f : mov rsp, r11; pop r12; ret
    > 0x180029d40 : mov esp, ebx; pop r12; ret
    > 0x18017c4d0 : mov esp, ebp; pop rbp; ret
write mem
    > 0x1801aaabb : add [rax], ecx; ret
    > 0x1801afc65 : adc [rbx], eax; ret
    > 0x1801b0db3 : add [r8], eax; ret
    > 0x180175879 : add [rbx], edi; pop rbp; ret
    > 0x1801f9107 : adc [rdx + 0xe0], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact