ROPSHELL 
ropshell> use 67b2026b5d9009b183a8f4eb23a6180e (download)
name         : KernelBase.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 17820

ropshell> suggest "stack pivoting"
> 0x180009d95 : xchg eax, esp; ret
> 0x1800f9fde : mov rsp, r11; pop r14; ret
> 0x180164fe9 : push rcx; pop rsp; pop rdx; ret
> 0x180158ebb : push rdx; cmc ; pop rsp; ret
> 0x1800f9fdf : mov esp, ebx; pop r14; ret
> 0x1800a7fcc : lea esp, [rdi - 0x3fcc3383]; ret
> 0x18009ae9e : xchg rax, rsp; mov eax, 0x7f; ret
> 0x18009ac8e : mov esp, ecx; xor eax, eax; ret
> 0x1800ada5e : mov esp, edx; xor eax, eax; ret
> 0x18007e071 : lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x18009944a : push rbp; pop rsp; or ebp, [rdi - 0x3fcc3ac0]; ret
> 0x18015805e : lea esp, [rax + rdi*4 - 0x7ff8ff81]; ret
> 0x18007e072 : lea esp, [rbp + 0x20]; pop rbp; ret
> 0x1800a27ac : push rsp; pop rsp; xchg eax, esp; mov eax, 0x7f; ret
> 0x18009984d : xchg ebp, esp; xchg eax, edx; mov eax, 0x7f; ret
> 0x1800a150d : xchg esp, esi; sar [rax + 0x7f], 1; ret
> 0x18017117a : push rbx; pop rsp; shl [rdi], -3; fdivr [rax - 0x7ff8ff81]; ret
> 0x18009a27a : push rsi; pop rsp; cmp ch, [rdi]; popfq ; cld ; ret 0
> 0x1800a168a : push rax; pop rsp; cdq ; xchg [rax - 0x80], eax; mov eax, 0x7f; ret
> 0x1801688dc : lea esp, [rsi]; xchg eax, ecx; sar [rax - 0x7ff8ff81], 1; ret
> 0x1800a270a : push rdi; pop rsp; add [rsi + 0x7fb8ce6d], 0; add [rax], al; ret
> 0x18008b269 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact