ROPSHELL 
ropshell> use b1d042716b3e413fe75af6c474f3b4f2 (download)
name         : a.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 547

ropshell> suggest
call
    > 0x14000124a : call rax
    > 0x140007ad5 : call rbx
    > 0x140001d33 : call rsi
    > 0x1400021ff : call rdi
    > 0x1400021fa : call rbp
jmp
    > 0x14000181f : jmp rax
    > 0x1400051c0 : jmp rdx
    > 0x140001ec3 : jmp [rax]
    > 0x140003965 : jmp [rsi + 0x2e]
load mem
    > 0x1400021f8 : mov ecx, [rbx]; call rbp
    > 0x140002530 : movzx ecx, [rax + 6]; mov eax, ecx; ret
    > 0x140002680 : mov eax, [rdx + 0x24]; not eax; shr eax, 0x1f; ret
    > 0x140002212 : mov rax, [rbx + 8]; mov rcx, rsi; call rax
    > 0x140002213 : mov eax, [rbx + 8]; mov rcx, rsi; call rax
load reg
    > 0x140001e9c : pop rax; ret
    > 0x140001fa6 : pop rbx; ret
    > 0x140002780 : pop rcx; ret
    > 0x140001695 : pop rsi; ret
    > 0x140001a4b : pop rdi; ret
pop pop ret
    > 0x1400013db : pop r12; ret
    > 0x1400078bf : pop r12; pop r13; ret
    > 0x14000846a : pop r12; pop r13; pop r14; ret
    > 0x140002bd1 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x140001b08 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x1400010aa : add rsp, 0x28; ret
    > 0x1400010aa : add rsp, 0x28; ret
    > 0x140001174 : add rsp, 0x38; ret
    > 0x140001e99 : add rsp, 0x58; ret
stack pivoting
    > 0x1400051bc : xchg eax, esp; add rdx, r12; jmp rdx
    > 0x14000369e : mov rsp, rbp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x14000369f : mov esp, ebp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x140002717 : leave ; mov rax, r9; ret
write mem
    > 0x140007abe : add [rbp + 0x2a], esi; mov rbx, [rip + 0x8754]; nop [rax + rax]; mov ecx, 1; call rbx

© 2014 - 2019 - Powered by ROPEME | Contact