ROPSHELL 
ropshell> use 67b2026b5d9009b183a8f4eb23a6180e (download)
name         : KernelBase.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 17820

ropshell> suggest
call
    > 0x1800153d3 : call rcx
    > 0x1800ff48d : call rsi
    > 0x1800d805d : call rsp
    > 0x1801282fd : call [rbp - 0x3fcd0008]; add rsp, 0x58; ret
    > 0x18000e2d6 : call [rax]
jmp
    > 0x1800995ab : push rsp; ret
    > 0x18000a94e : jmp rax
    > 0x180037937 : jmp rcx
    > 0x1800d276c : jmp rdx
    > 0x1800d7a46 : jmp rbp
load mem
    > 0x18001c862 : mov eax, [rcx]; ret
    > 0x18001c861 : mov eax, [r9]; ret
    > 0x1800abaaf : mov edi, [rax + 0x505]; ret
    > 0x1800331a5 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x1800ad75c : mov ecx, [rsi]; fadd st(1); xor eax, eax; ret
load reg
    > 0x1800115cc : pop rax; ret
    > 0x180001ca7 : pop rbx; ret
    > 0x1800d4963 : pop rcx; ret
    > 0x18009e73b : pop rdx; ret
    > 0x180001ae9 : pop rsi; ret
pop pop ret
    > 0x180004b33 : pop r12; ret
    > 0x18009e739 : pop r10; pop rdx; ret
    > 0x1800045e7 : pop r12; pop rdi; pop rbp; ret
    > 0x180035f4f : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180006013 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800117f3 : add rsp, 0x1538; ret
    > 0x1800117f3 : add rsp, 0x1538; ret
    > 0x180001715 : add rsp, 0x28; ret
    > 0x180005b21 : add rsp, 0x38; ret
    > 0x18001168d : add rsp, 0x48; ret
stack pivoting
    > 0x180009d95 : xchg eax, esp; ret
    > 0x1800f9fde : mov rsp, r11; pop r14; ret
    > 0x180164fe9 : push rcx; pop rsp; pop rdx; ret
    > 0x180158ebb : push rdx; cmc ; pop rsp; ret
    > 0x1800f9fdf : mov esp, ebx; pop r14; ret
syscall
    > 0x1800a8c1e : int 0x80; xor eax, eax; ret
write mem
    > 0x180035242 : add [rbx], eax; ret
    > 0x1800e88b3 : adc [rbx], edi; ret
    > 0x180097557 : adc [rcx], eax; ret
    > 0x1800a8486 : adc [rdx], eax; ret
    > 0x180068190 : add [rax + 0xf], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact