ROPSHELL 
ropshell> use aeb31909457a3a05613ab5bf72df745f (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6203

ropshell> suggest
call
    > 0x180046479 : call rax
    > 0x18002e2eb : call rbx
    > 0x1800120f5 : call rcx
    > 0x180062b22 : call rdx
    > 0x180099f0d : call rsi
jmp
    > 0x18002cddd : push rsp; ret
    > 0x18002db1a : jmp rax
    > 0x1800ac3fe : jmp rbx
    > 0x180010a1d : jmp rcx
    > 0x18002345c : jmp rdx
load mem
    > 0x18005d560 : movzx eax, [rcx]; ret
    > 0x180089a53 : mov rax, [rcx + 0x24]; ret
    > 0x180081945 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800f1919 : mov eax, [r8 + 0x38]; ret
    > 0x18009bd86 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x1800024c7 : pop rax; ret
    > 0x180002947 : pop rbx; ret
    > 0x180095e75 : pop rcx; ret
    > 0x180068236 : pop rdx; ret
    > 0x180001b43 : pop rsi; ret
pop pop ret
    > 0x180011016 : pop r12; ret
    > 0x180004f4f : pop r12; pop rbp; ret
    > 0x18000b9be : pop r12; pop rdi; pop rbp; ret
    > 0x180001ac6 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x180005cb4 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800aa478 : add rsp, 0x10; ret
    > 0x1800aa478 : add rsp, 0x10; ret
    > 0x1800010cf : add rsp, 0x28; ret
    > 0x1800066f3 : add rsp, 0x38; ret
    > 0x180075bc6 : add rsp, 0x438; ret
stack pivoting
    > 0x18000791c : xchg eax, esp; ret
    > 0x180067ed2 : xchg esp, edi; ret 5
    > 0x1800031f1 : mov rsp, r11; pop r14; ret
    > 0x1800031f2 : mov esp, ebx; pop r14; ret
    > 0x1800fdfe6 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x1800a5ad2 : syscall ; ret
write mem
    > 0x180040f4f : adc [rax], edx; ret
    > 0x18003cdaa : add [rbx], edi; ret
    > 0x18005cf5d : add [rcx], edx; ret
    > 0x1800a9eb3 : adc [rax + 0xf], ecx; ret
    > 0x180076dda : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact