ROPSHELL 
ropshell> use 6f020a220388eca0ab6062dc27bd16b6 (download)
name         : tdi.sys (x86_64/PE)
base address : 0x11000
total gadgets: 329

ropshell> suggest
call
    > 0x000123b8 : call rax
    > 0x000139ef : call rbx
    > 0x00013799 : call rcx
    > 0x00013798 : call r9
    > 0x000139ee : call r11
jmp
    > 0x00012f17 : jmp rax
    > 0x00011c4d : jmp rcx
    > 0x00012eab : jmp [rax + 0x10]
    > 0x00013a87 : jmp [rsi + 0x3b]
    > 0x00012c07 : push rsp; insd [rdi], dx; call [rip + 0x246f]; and [rip + 0x37ff], 0; xor eax, eax; add rsp, 0x28; ret
load mem
    > 0x00013e21 : mov rcx, [rsi + 0x28]; call rax
    > 0x00013794 : mov rdx, [rsi + 8]; call r9
    > 0x00013e22 : mov ecx, [rsi + 0x28]; call rax
    > 0x00013795 : mov edx, [rsi + 8]; call r9
    > 0x00013221 : mov rsi, [r11 + 0x30]; mov rsp, r11; pop r13; pop r12; pop rdi; ret
load reg
    > 0x00012d8f : pop rbx; ret
    > 0x000128b4 : pop rsi; ret
    > 0x0001149f : pop rdi; ret
    > 0x000121b1 : pop rbp; ret
    > 0x000110e9 : pop rsp; ret
pop pop ret
    > 0x000110e8 : pop r12; ret
    > 0x00011600 : pop r12; pop rdi; ret
    > 0x000128b1 : pop r12; pop rdi; pop rsi; ret
    > 0x000121ad : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x000121ab : pop r13; pop r12; pop rdi; pop rsi; pop rbp; ret
sp lifting
    > 0x00011814 : add rsp, 0x28; ret
    > 0x00011814 : add rsp, 0x28; ret
stack pivoting
    > 0x00013225 : mov rsp, r11; pop r13; pop r12; pop rdi; ret
    > 0x00013226 : mov esp, ebx; pop r13; pop r12; pop rdi; ret
    > 0x00013c22 : leave ; call rax
write mem
    > 0x00011713 : adc [rax + 0xf], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact