ROPSHELL 
ropshell> use 7b76838bce4e1f682510917348e7579a (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 7256

ropshell> suggest
call
    > 0x18000dcca : call rax
    > 0x18002b3bf : call rbx
    > 0x18005de95 : call rsi
    > 0x180006285 : call rbp
    > 0x18012ae06 : call rsp
jmp
    > 0x18004bf50 : push rsp; ret
    > 0x18001b475 : jmp rax
    > 0x180006b33 : jmp rcx
    > 0x180016818 : jmp rdx
    > 0x180094e7d : jmp rsp
load mem
    > 0x1800eb1a0 : movzx eax, [rcx]; ret
    > 0x180063012 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800d33cd : mov eax, [r8 + 0x38]; ret
    > 0x180066e4b : movzx eax, [rdx]; and al, 1; ret
    > 0x18012ca36 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x18002ef0a : pop rax; ret
    > 0x180001068 : pop rbx; ret
    > 0x180125eee : pop rcx; ret
    > 0x1800024cb : pop rsi; ret
    > 0x180001151 : pop rdi; ret
pop pop ret
    > 0x18012658a : pop r11; ret
    > 0x180126588 : pop r10; pop r11; ret
    > 0x180082106 : pop r12; pop rbp; pop rbx; ret
    > 0x18000ddc0 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180010060 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1801664b8 : add rsp, 0x10; ret
    > 0x1801664b8 : add rsp, 0x10; ret
    > 0x18000209c : add rsp, 0x28; ret
    > 0x180003897 : add rsp, 0x38; ret
    > 0x18002e72e : add rsp, 0x438; ret
stack pivoting
    > 0x180018143 : xchg eax, esp; ret
    > 0x180006768 : mov rsp, r11; pop r14; ret
    > 0x180006769 : mov esp, ebx; pop r14; ret
    > 0x180022bfa : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x180022bfb : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x180161952 : syscall ; ret
write mem
    > 0x180124db7 : adc [rax], r10; ret
    > 0x180124db8 : adc [rax], edx; ret
    > 0x180083e89 : add [rbx], edi; ret
    > 0x180167b08 : adc [rdx], eax; ret
    > 0x1800105c3 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact