ROPSHELL 
ropshell> use 5da5aa94a1a049f03d31b96460690c12 (download)
name         : VBoxC_release.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 23367

ropshell> suggest "stack pivoting"
> 0x18000c992 : xchg eax, esp; ret
> 0x18017c4cf : mov rsp, rbp; pop rbp; ret
> 0x180029d3f : mov rsp, r11; pop r12; ret
> 0x180029d40 : mov esp, ebx; pop r12; ret
> 0x18017c4d0 : mov esp, ebp; pop rbp; ret
> 0x18002f998 : xchg rax, rsp; and [rax], al; ret
> 0x1801d3170 : lea rsp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x1801d3171 : lea esp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x1800440b9 : mov esp, edx; mov rsi, rcx; call [rax]
> 0x18004420d : mov esp, eax; mov rbp, rdx; mov rsi, rcx; call [rax]
> 0x1800f556f : lea esp, [rsi + 8]; mov rax, [r12]; mov rcx, r12; call [rax + 8]
> 0x1801f28cd : xchg esp, ebx; or al, [rax]; mov [rcx + 8], eax; mov rax, [rip + 0xadca5]; mov [rdx], rax; pop rdi; ret
> 0x18001bdeb : lea esp, [rax + rsi]; mov rcx, [rsi]; mov r8, [rcx]; lea rdx, [rsp + 0x20]; call [r8 + 0x68]
> 0x180058338 : movsxd rsp, eax; mov [rbp + 0x5f], r13d; mov rax, [rbx]; lea rdx, [rbp + 0x5f]; mov rcx, rbx; call [rax + 0x48]
> 0x180040803 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact