ROPSHELL 
ropshell> use bf27cb0e70701b1211030c01e1063174 (download)
name         : ntdll.dll (i386/PE)
base address : 0x6a201000
total gadgets: 11361

ropshell> suggest
call
    > 0x6a2c3506 : call [esi - 0x18]; ret
    > 0x6a21b7b6 : call eax
    > 0x6a2300ee : call ebx
    > 0x6a237019 : call ecx
    > 0x6a21cf0e : call edx
jmp
    > 0x6a20a178 : push esp; ret
    > 0x6a21dd8d : jmp eax
    > 0x6a2124e4 : jmp ebx
    > 0x6a291415 : jmp ecx
    > 0x6a29363f : jmp esi
load mem
    > 0x6a21a9e5 : mov edx, [ebx]; ret
    > 0x6a20a580 : mov ebp, [eax]; ret
    > 0x6a297564 : mov eax, [edx + 4]; ret
    > 0x6a2f01a0 : mov eax, [esi + 0x20]; pop esi; ret
    > 0x6a2931ad : mov eax, [ebp + 0x10]; pop ebp; ret
load reg
    > 0x6a25b5bf : pop eax; ret
    > 0x6a2234fd : pop ebx; ret
    > 0x6a20c141 : pop ecx; ret
    > 0x6a20cae9 : pop edx; ret
    > 0x6a222028 : pop esi; ret
pop pop ret
    > 0x6a25b5bf : pop eax; ret
    > 0x6a294282 : pop eax; pop ebp; ret
    > 0x6a29c0d2 : pop eax; pop esi; pop ebp; ret
    > 0x6a29421c : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x6a29c82f : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x6a292317 : add esp, 0x14; ret
    > 0x6a292317 : add esp, 0x14; ret
stack pivoting
    > 0x6a25a58f : xchg eax, esp; ret
    > 0x6a238f90 : mov esp, ebx; pop ebx; ret
    > 0x6a222475 : mov esp, ebp; pop ebp; ret
    > 0x6a2a3b98 : lea esp, [esp + 0x80]; pop ecx; ret
    > 0x6a28d606 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
write mem
    > 0x6a264f8c : add [ebx], eax; ret
    > 0x6a23825f : add [ebx], edi; ret
    > 0x6a228042 : add [ecx], eax; pop edi; ret
    > 0x6a219de5 : adc [edx], ebp; lahf ; ret
    > 0x6a279c0d : add [eax + 0x5dc03308], ecx; ret 0xc

© 2014 - 2019 - Powered by ROPEME | Contact