ROPSHELL 
ropshell> use 74d1ec6d52c4251163882e1c3eabe4c4 (download)
name         : steam_api64.dll (x86_64/PE)
base address : 0x13b401000
total gadgets: 3674

ropshell> suggest
call
    > 0x13b403d35 : call rax
    > 0x13b40683d : call rbx
    > 0x13b406332 : call rcx
    > 0x13b402700 : call rdx
    > 0x13b407433 : call rdi
jmp
    > 0x13b408154 : jmp rax
    > 0x13b42a803 : jmp rbx
    > 0x13b405271 : jmp rcx
    > 0x13b401798 : jmp rdx
    > 0x13b40c3c5 : jmp rdi
load mem
    > 0x13b4037c0 : movzx eax, [rcx]; ret
    > 0x13b4031b5 : mov rax, [rcx + 8]; ret
    > 0x13b4037d0 : mov eax, [rcx + 4]; ret
    > 0x13b417996 : mov rax, [rcx]; add rsp, 0x38; ret
    > 0x13b4021d3 : mov r10, [rax]; jmp r10
load reg
    > 0x13b402743 : pop rax; ret
    > 0x13b4010c3 : pop rbx; ret
    > 0x13b403e93 : pop rsi; ret
    > 0x13b4030aa : pop rdi; ret
    > 0x13b4063b2 : pop rbp; ret
pop pop ret
    > 0x13b4047a8 : pop r12; ret
    > 0x13b4063b0 : pop r12; pop rbp; ret
    > 0x13b41263a : pop r12; pop rdi; pop rbp; ret
    > 0x13b40c457 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x13b41a2d5 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x13b409df9 : add rsp, 0x10; ret
    > 0x13b409df9 : add rsp, 0x10; ret
    > 0x13b401875 : add rsp, 0x28; ret
    > 0x13b40237a : add rsp, 0x38; ret
    > 0x13b407e9c : add rsp, 0x428; ret
stack pivoting
    > 0x13b40af53 : mov rsp, r11; pop r14; ret
    > 0x13b40af54 : mov esp, ebx; pop r14; ret
    > 0x13b42819e : xchg eax, esp; ror [rbx - 0x3b7cb73f], 0x28; ret
    > 0x13b419134 : lea esp, [rcx + rax]; add al, ch; ret 0x1e
    > 0x13b4280e7 : lea rsp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
write mem
    > 0x13b403029 : adc [rcx], eax; ret
    > 0x13b420973 : add [rdi], ecx; xchg eax, ebp; ret
    > 0x13b42abf7 : adc [rax], edx; movups xmm[rcx], xmm0; ret
    > 0x13b41c343 : adc [rdi + 6], esi; mov eax, 0xd; ret
    > 0x13b402b11 : adc [rcx + 0x70], eax; mov [rcx + 0x80], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact