ROPSHELL 
ropshell> use b0685fcead72b1dff7130f3ce152549f (download)
name         : KernelBase.dll (x86_64/RAW)
base address : 0x0
total gadgets: 19289

ropshell> suggest
call
    > 0x002a5ff3 : call rax
    > 0x00159aae : call rbx
    > 0x000286f9 : call rcx
    > 0x0003bed1 : call rsi
    > 0x002a6011 : call rdi
jmp
    > 0x00096d7b : push rsp; ret
    > 0x00031b32 : jmp rax
    > 0x00343a90 : jmp rbx
    > 0x0002980a : jmp rcx
    > 0x00014ad4 : jmp [rax]
load mem
    > 0x00010f86 : mov eax, [rcx]; ret
    > 0x00010f85 : mov eax, [r9]; ret
    > 0x003ac2bd : mov edx, [rax]; ret
    > 0x000a99df : mov edi, [rax + 0x505]; ret
    > 0x0001f195 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x0000ba58 : pop rax; ret
    > 0x00001fee : pop rbx; ret
    > 0x0033591c : pop rcx; ret
    > 0x0009c2eb : pop rdx; ret
    > 0x00001900 : pop rsi; ret
pop pop ret
    > 0x000025a1 : pop r12; ret
    > 0x0009c2e9 : pop r10; pop rdx; ret
    > 0x000148cc : pop r12; pop rbp; pop rbx; ret
    > 0x00034efe : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x00002eb7 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x0000be1d : add rsp, 0x1538; ret
    > 0x0000be1d : add rsp, 0x1538; ret
    > 0x00001302 : add rsp, 0x28; ret
    > 0x0000245f : add rsp, 0x38; ret
    > 0x00007b7b : add rsp, 0x48; ret
stack pivoting
    > 0x0000500c : xchg eax, esp; ret
    > 0x0002495a : mov rsp, r11; pop r14; ret
    > 0x0017d619 : push rcx; pop rsp; pop rdx; ret
    > 0x0017124b : push rdx; cmc ; pop rsp; ret
    > 0x0002495b : mov esp, ebx; pop r14; ret
syscall
    > 0x000a6aee : int 0x80; xor eax, eax; ret
write mem
    > 0x0001f690 : add [rbx], eax; ret
    > 0x00094c27 : adc [rcx], eax; ret
    > 0x000a6346 : adc [rdx], eax; ret
    > 0x0010f040 : add [rax + 0x3b], ecx; ret
    > 0x00176d58 : add [rax + 0x7f], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact