ROPSHELL 
ropshell> use c394b60fbc0f8c1a1c0c9a015dcbef97 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6480

ropshell> suggest
call
    > 0x180009bef : call rax
    > 0x180021bbe : call rbx
    > 0x180023597 : call rcx
    > 0x180006359 : call rdx
    > 0x180011569 : call rsi
jmp
    > 0x180006a0a : push rsp; ret
    > 0x180004c8b : jmp rax
    > 0x18002624d : jmp rbx
    > 0x180003a77 : jmp rcx
    > 0x180027efd : jmp rdx
load mem
    > 0x180071c30 : movzx eax, [rcx]; ret
    > 0x1800fbb3d : mov rax, [r10 + 0x38]; ret
    > 0x180081266 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800fbb3e : mov eax, [rdx + 0x38]; ret
    > 0x180095506 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x18002010c : pop rax; ret
    > 0x1800011a4 : pop rbx; ret
    > 0x18009217b : pop rcx; ret
    > 0x180057642 : pop rdx; ret
    > 0x180006a46 : pop rsi; ret
pop pop ret
    > 0x18008fb38 : pop r11; ret
    > 0x18008fb36 : pop r10; pop r11; ret
    > 0x18001f378 : pop r12; pop rdi; pop rbp; ret
    > 0x1800017f8 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000a23a : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a46a8 : add rsp, 0x10; ret
    > 0x1800a46a8 : add rsp, 0x10; ret
    > 0x180002e64 : add rsp, 0x28; ret
    > 0x180002a3b : add rsp, 0x38; ret
    > 0x18007edb6 : add rsp, 0x438; ret
stack pivoting
    > 0x1800514e8 : xchg eax, esp; ret
    > 0x18006369f : xchg esp, ebx; ret
    > 0x180042607 : mov rsp, r11; pop r14; ret
    > 0x180042608 : mov esp, ebx; pop r14; ret
    > 0x18010ed66 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009f762 : syscall ; ret
write mem
    > 0x180081488 : add [rbx], edi; ret
    > 0x180068f7d : add [rdi], ecx; ret
    > 0x180068f7c : add [r15], ecx; ret
    > 0x1800860cd : add [rax + 0xf], ecx; ret
    > 0x1800740ba : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact