ROPSHELL 
ropshell> use 6a15026ec4076ad81938e7d5b5365d10 (download)
name         : d3d11.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6922

ropshell> suggest
call
    > 0x1800bdb59 : call [rbp - 0x74b7000a]; ret
    > 0x180090415 : call rax
    > 0x18007a353 : call rcx
    > 0x18007c7bd : call rdx
    > 0x180009b55 : call rbp
jmp
    > 0x1800290d5 : jmp rax
    > 0x180038d7d : jmp rbx
    > 0x18002919b : jmp rcx
    > 0x18001dc8c : jmp rdx
    > 0x1800e30cd : jmp rdi
load mem
    > 0x18012163c : mov rax, [rdx]; ret
    > 0x180057ad0 : mov eax, [rcx]; ret
    > 0x18012163d : mov eax, [rdx]; ret
    > 0x180054e80 : mov rax, [rcx + 0x98d8]; ret
    > 0x180051546 : mov eax, [rcx + 0x10]; ret
load reg
    > 0x18000153b : pop rax; ret
    > 0x180001845 : pop rbx; ret
    > 0x180025913 : pop rcx; ret
    > 0x1800a85ea : pop rdx; ret 2
    > 0x18000237c : pop rsi; ret
pop pop ret
    > 0x180002650 : pop r12; ret
    > 0x18000f26d : pop r12; pop rbp; ret
    > 0x18000f8a3 : pop r12; pop rdi; pop rbp; ret
    > 0x180036c4d : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180005c07 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800f678c : add rsp, 0x108; ret
    > 0x1800f678c : add rsp, 0x108; ret
    > 0x18002249c : add rsp, 0x248; ret
    > 0x180007896 : add rsp, 0x38; ret
    > 0x18000360d : add rsp, 0x48; ret
stack pivoting
    > 0x180034c9e : xchg eax, esp; ret
    > 0x1800027a6 : mov rsp, r11; pop r14; ret
    > 0x1800027a7 : mov esp, ebx; pop r14; ret
    > 0x1800dd4d1 : mov esp, esi; push rsi; ret
    > 0x18007869a : xchg edi, esp; add [rax], al; add [rbp - 0x7cea8101], al; call [rax]
write mem
    > 0x1800bc737 : add [rbx], edi; ret
    > 0x180044433 : add [rdi], ecx; ret
    > 0x180044432 : add [r15], ecx; ret
    > 0x18010e012 : add [rax + 0x3b], ecx; ret
    > 0x18005d2d4 : add [rax + 3], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact