ROPSHELL 
ropshell> use b3a5e819e3cf9834a6b33c606fc50289 (download)
name         : dbghelp.dll (x86_64/PE)
base address : 0x103001000
total gadgets: 10616

ropshell> suggest
call
    > 0x103018ba0 : call rax
    > 0x1030b5abe : call rbx
    > 0x10301af9b : call rcx
    > 0x10312d3bd : call rsi
    > 0x10314bdf9 : call rdi
jmp
    > 0x10300b79a : jmp rax
    > 0x10314c093 : jmp rbx
    > 0x10300a407 : jmp rcx
    > 0x10301e70a : jmp rdx
    > 0x103005d45 : jmp rsi
load mem
    > 0x1030e0ea0 : mov eax, [rcx]; ret
    > 0x1031210f9 : mov eax, [rdx]; ret
    > 0x1030d2990 : mov rax, [rcx + 0x100]; ret
    > 0x1030d2991 : mov eax, [rcx + 0x100]; ret
    > 0x10307ed7c : mov eax, [rdx + 0x1c]; ret
load reg
    > 0x103001276 : pop rax; ret
    > 0x103007de8 : pop rbx; ret
    > 0x1031038be : pop rcx; ret
    > 0x103103f56 : pop rdx; ret
    > 0x10300830d : pop rsi; ret
pop pop ret
    > 0x103017440 : pop r12; ret
    > 0x10300a756 : pop r12; pop rbp; ret
    > 0x1030923fe : pop r12; pop rbp; pop rbx; ret
    > 0x10309ece8 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x10300dd62 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x10314fb18 : add rsp, 0x138; ret
    > 0x10314fb18 : add rsp, 0x138; ret
    > 0x10305ac76 : add rsp, 0x218; ret
    > 0x103001221 : add rsp, 0x38; ret
    > 0x10301102b : add rsp, 0x48; ret
stack pivoting
    > 0x10300e1d9 : xchg eax, esp; ret
    > 0x1030c5807 : mov rsp, r11; pop r14; ret
    > 0x1030c5808 : mov esp, ebx; pop r14; ret
    > 0x1030b5ab6 : lea esp, [rax + rdx - 0x72bf0000]; push rcx; call rbx
    > 0x103129790 : xchg esp, edx; or [rax], eax; add [rbp + 0x3bb474c0], al; ret
write mem
    > 0x1031472f6 : add [rbx], eax; ret
    > 0x103049745 : adc [rdx], eax; ret
    > 0x10309f3c7 : add [rdi], ecx; ret
    > 0x10313760a : add [r8], eax; ret
    > 0x103063e8f : add [r10], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact