ROPSHELL 
ropshell> use 96fbf81515c4a05439ee8cf47aa636ba (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6574

ropshell> suggest
call
    > 0x180073f71 : call rax
    > 0x18003c02c : call rbx
    > 0x180092c66 : call rsp
    > 0x18008f093 : call r8
    > 0x180092c65 : call r12
jmp
    > 0x18000d56e : push rsp; ret
    > 0x18008e9bc : jmp rax
    > 0x18001c0cd : jmp rcx
    > 0x1800a2f4e : jmp rdx
    > 0x180040a88 : jmp [rax]
load mem
    > 0x18006e4d0 : movzx eax, [rcx]; ret
    > 0x1800d92ca : mov eax, [rcx + 0x16b0]; ret
    > 0x18010c055 : mov eax, [rdx + 0x38]; ret
    > 0x1800949f6 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x18007da30 : mov rax, [rdx]; mov [rcx], rax; ret
load reg
    > 0x18000520c : pop rax; ret
    > 0x180001297 : pop rbx; ret
    > 0x180091529 : pop rcx; ret
    > 0x180001f9a : pop rdx; ret
    > 0x18000123d : pop rsi; ret
pop pop ret
    > 0x18008e9d8 : pop r11; ret
    > 0x18008e9d6 : pop r10; pop r11; ret
    > 0x18000b0eb : pop r12; pop rdi; pop rbp; ret
    > 0x1800014a9 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000e38d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a3c18 : add rsp, 0x10; ret
    > 0x1800a3c18 : add rsp, 0x10; ret
    > 0x1800aeafb : add rsp, 0x238; ret
    > 0x1800083d1 : add rsp, 0x38; ret
    > 0x18007f8f3 : add rsp, 0x438; ret
stack pivoting
    > 0x18002d1f8 : xchg eax, esp; ret
    > 0x180028539 : mov rsp, r11; pop r14; ret
    > 0x18002853a : mov esp, ebx; pop r14; ret
    > 0x180123c82 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x1800e885d : xchg esp, ebx; lahf ; xor eax, eax; ret
syscall
    > 0x18009e7e2 : syscall ; ret
write mem
    > 0x1801014cf : adc [rax], r10; ret
    > 0x1801014d0 : adc [rax], edx; ret
    > 0x18005093f : add [rbx], edi; ret
    > 0x1800a5c88 : adc [rdx], eax; ret
    > 0x180077758 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact