ROPSHELL 
ropshell> use 6886a7d522b453a57f0a69191236326b (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6630

ropshell> suggest
call
    > 0x180073fd1 : call rax
    > 0x18001902d : call rbx
    > 0x180068f7d : call rdi
    > 0x180092e56 : call rsp
    > 0x18008f283 : call r8
jmp
    > 0x18000d57e : push rsp; ret
    > 0x18008ebac : jmp rax
    > 0x1800c8324 : jmp rbx
    > 0x18001c0dd : jmp rcx
    > 0x1800a366e : jmp rdx
load mem
    > 0x18006e530 : movzx eax, [rcx]; ret
    > 0x1800d7baa : mov eax, [rcx + 0x16b0]; ret
    > 0x18010c9e5 : mov eax, [rdx + 0x38]; ret
    > 0x180047cff : mov eax, [rdi]; add bh, dh; ret
    > 0x180094be6 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x18000521c : pop rax; ret
    > 0x180001297 : pop rbx; ret
    > 0x180091719 : pop rcx; ret
    > 0x1800f0f8b : pop rdx; ret
    > 0x18000123d : pop rsi; ret
pop pop ret
    > 0x18008ebc8 : pop r11; ret
    > 0x18008ebc6 : pop r10; pop r11; ret
    > 0x18000b0fb : pop r12; pop rdi; pop rbp; ret
    > 0x1800014a9 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000e39d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a4338 : add rsp, 0x10; ret
    > 0x1800a4338 : add rsp, 0x10; ret
    > 0x1800af23b : add rsp, 0x238; ret
    > 0x1800083e1 : add rsp, 0x38; ret
    > 0x18007f953 : add rsp, 0x438; ret
stack pivoting
    > 0x180030004 : xchg eax, esp; ret
    > 0x18001a2d2 : xchg ecx, esp; ret
    > 0x180028549 : mov rsp, r11; pop r14; ret
    > 0x18002854a : mov esp, ebx; pop r14; ret
    > 0x180124612 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009ef02 : syscall ; ret
write mem
    > 0x180101e0f : adc [rax], r10; ret
    > 0x180101e10 : adc [rax], edx; ret
    > 0x18005094f : add [rbx], edi; ret
    > 0x1800a63c8 : adc [rdx], eax; ret
    > 0x1800777b8 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact