ROPSHELL 
ropshell> use 5da5aa94a1a049f03d31b96460690c12 (download)
name         : VBoxC_release.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 23367

ropshell> suggest "load reg"
> 0x180012db3 : pop rax; ret
> 0x1800010b1 : pop rbx; ret
> 0x18018042d : pop rcx; ret
> 0x18010a94a : pop rdx; ret
> 0x180002468 : pop rsi; ret
> 0x180001058 : pop rdi; ret
> 0x1800046cf : pop rbp; ret
> 0x180002054 : pop rsp; ret
> 0x18015abca : pop r8; ret
> 0x180002053 : pop r12; ret
> 0x18008a3e5 : pop r13; ret
> 0x180010aab : pop r14; ret
> 0x18016f850 : pop r15; ret
> 0x18002bc97 : mov rbx, [rsp + 0x18]; ret
> 0x18016448f : mov rdi, [rsp + 0x10]; ret
> 0x1801a8f0b : mov rbp, [rsp + 0x10]; ret
> 0x18002bc98 : mov ebx, [rsp + 0x18]; ret
> 0x180164490 : mov edi, [rsp + 0x10]; ret
> 0x1801a8f0c : mov ebp, [rsp + 0x10]; ret
> 0x18016c8ab : mov rax, [rsp]; add rsp, 8; ret
> 0x1801ba53a : mov rsi, [rsp + 0x18]; pop rdi; ret
> 0x18016c8ac : mov eax, [rsp]; add rsp, 8; ret
> 0x1801ba53b : mov esi, [rsp + 0x18]; pop rdi; ret
> 0x18010e774 : mov r11, [rsp + 8]; add rsp, 0x10; ret
> 0x180051296 : mov edx, [rsp + 0xd0]; jmp rcx
> 0x1800ac4d9 : mov ecx, [rsp + 0x48]; call r15
> 0x180177c8e : mov rcx, [rsp + 0x58]; call [rax]
> 0x18010e770 : mov r10, [rsp]; mov r11, [rsp + 8]; add rsp, 0x10; ret
> 0x180016c55 : mov rdx, [rsp + 0x58]; mov rcx, rbx; call [rax + 0x50]
> 0x18007482c : mov r8, [rsp + 0x100]; mov rdx, r14; call [rax + 0x28]
> 0x180013d2f : mov r9, [rsp + 0x58]; mov r8d, ebx; mov rdx, rdi; call [rax + 0x50]
> 0x1801604c5 : mov r12, [rsp + 0x18]; mov rax, r10; mov rbx, [rsp + 0x20]; mov rsi, [rsp + 0x28]; pop rdi; ret
> 0x1801604c6 : mov esp, [rsp + 0x18]; mov rax, r10; mov rbx, [rsp + 0x20]; mov rsi, [rsp + 0x28]; pop rdi; ret
> 0x1800ac5b3 : mov r13, [rsp + 0x4be0]; mov rcx, [rsp + 0x50]; mov rax, [rcx]; call [rax + 0x10]
> 0x1800ac5ab : mov r14, [rsp + 0x4bd8]; mov r13, [rsp + 0x4be0]; mov rcx, [rsp + 0x50]; mov rax, [rcx]; call [rax + 0x10]
> 0x180078393 : mov r15, [rsp + 0x270]; mov rax, [r15]; mov r8, [rsp + 0x100]; lea rdx, [rip + 0x1c0ae3]; mov rcx, r15; call [rax + 0x20]

© 2014 - 2019 - Powered by ROPEME | Contact