ROPSHELL 
ropshell> use bcdf8553b79a022af1a0cd008d9b5c13 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6431

ropshell> suggest
call
    > 0x1800214ee : call rax
    > 0x1800043e1 : call rbx
    > 0x18001f88d : call rdi
    > 0x18008f3b6 : call rsp
    > 0x18008b9ff : call r8
jmp
    > 0x18002288b : jmp rax
    > 0x180039997 : jmp rcx
    > 0x18009fe8e : jmp rdx
    > 0x1800d3e2d : jmp rsi
    > 0x1800a79cc : jmp rsp
load mem
    > 0x18006d0a0 : movzx eax, [rcx]; ret
    > 0x1800fefde : mov rax, [r10 + 0x38]; ret
    > 0x180063256 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800fefdf : mov eax, [rdx + 0x38]; ret
    > 0x180091047 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180005f44 : pop rax; ret
    > 0x18000137d : pop rbx; ret
    > 0x18008dd2f : pop rcx; ret
    > 0x18006066d : pop rdx; ret
    > 0x18000132d : pop rsi; ret
pop pop ret
    > 0x18008b6e8 : pop r11; ret
    > 0x18008b6e6 : pop r10; pop r11; ret
    > 0x18001eaa1 : pop r12; pop rbp; pop rbx; ret
    > 0x1800222e2 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180003103 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a1028 : add rsp, 0x10; ret
    > 0x1800a1028 : add rsp, 0x10; ret
    > 0x18006cfe7 : add rsp, 0x238; ret
    > 0x18000144b : add rsp, 0x38; ret
    > 0x18007118a : add rsp, 0x438; ret
stack pivoting
    > 0x180049166 : xchg eax, esp; ret
    > 0x180035a89 : mov rsp, r11; pop r14; ret
    > 0x180035a8a : mov esp, ebx; pop r14; ret
    > 0x1801105a2 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x1801105a3 : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009bda2 : syscall ; ret
write mem
    > 0x18007e1e7 : add [rbx], edi; ret
    > 0x1800770ad : add [rdi], ecx; ret
    > 0x1800770ac : add [r15], ecx; ret
    > 0x18007020a : add [rax + 1], edi; ret
    > 0x18006d0b6 : add [rbx + 0x27401f8], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact