ROPSHELL 
ropshell> use c92b90f0ba9730149f174d2b243a4664 (download)
name         : dxdiag_ru.exe (x86_64/PE)
base address : 0x100001000
total gadgets: 6005

ropshell> suggest
call
    > 0x100037765 : call rax
    > 0x10004ee93 : call rbx
    > 0x10004ea4d : call rcx
    > 0x1000500cc : call rdx
    > 0x1000526a9 : call rsi
jmp
    > 0x100021c56 : jmp rax
    > 0x100060bab : jmp rbx
    > 0x100021433 : jmp rcx
    > 0x10005c642 : jmp rdx
    > 0x10005f767 : jmp rsi
load mem
    > 0x10004df6d : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x10005addf : mov rax, [rdx + rax]; add rsp, 0x28; ret
    > 0x10005ade0 : mov eax, [rdx + rax]; add rsp, 0x28; ret
    > 0x1000517e4 : mov rax, [rcx]; mov [rdx + rax], r9d; ret
    > 0x1000517e5 : mov eax, [rcx]; mov [rdx + rax], r9d; ret
load reg
    > 0x10000d49c : pop rax; ret
    > 0x10000d553 : pop rbx; ret
    > 0x100025cbd : pop rdi; ret
    > 0x10000e299 : pop rbp; ret
    > 0x100030cd0 : pop rsp; ret
pop pop ret
    > 0x10000d49c : pop rax; ret
    > 0x100052333 : pop r12; pop rbp; ret
sp lifting
    > 0x100043680 : add rsp, 0x108; ret
    > 0x100043680 : add rsp, 0x108; ret
    > 0x100042e62 : add rsp, 0x208; ret
    > 0x1000181f3 : add rsp, 0x308; ret
    > 0x100021b4c : add rsp, 0x478; ret
stack pivoting
    > 0x1000318ad : xchg eax, esp; ret
    > 0x10005a9d8 : lea rsp, [rbp + 0x60]; pop rbp; ret
    > 0x10005a9d9 : lea esp, [rbp + 0x60]; pop rbp; ret
    > 0x10003de8b : mov esp, eax; mov rax, [r13]; mov rcx, r13; call [rax + 0x10]
    > 0x10003bacc : mov esp, ebp; test ebx, ebx; cmovs r12d, ebx; mov rax, [rsi]; mov rcx, rsi; call [rax + 0x10]
write mem
    > 0x10004d0e3 : adc [rax + 0xf], ecx; ret
    > 0x10005ca27 : add [rcx + 8], eax; pop rbx; ret
    > 0x10001c90b : add [rbx], eax; add [rax - 0x7d], cl; ret
    > 0x10004e1d4 : adc [rbp + 4], esi; mov rax, rcx; ret
    > 0x10000d1d9 : add [rdi], ecx; xchg eax, ebp; ror [rbx - 0x3b7cb73f], 0x28; ret

© 2014 - 2019 - Powered by ROPEME | Contact