ROPSHELL 
ropshell> use caaf1d03a067c40c069c6b3b5f6aa406 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6238

ropshell> suggest
call
    > 0x1800276de : call rax
    > 0x18001df4d : call rbx
    > 0x1800e661d : call rsi
    > 0x1800799fd : call rbp
    > 0x180093046 : call rsp
jmp
    > 0x18002c08a : push rsp; ret
    > 0x18002b9a4 : jmp rax
    > 0x1800294f2 : jmp rcx
    > 0x1800a34ae : jmp rdx
    > 0x1800c0c9f : jmp rsi
load mem
    > 0x18006c480 : movzx eax, [rcx]; ret
    > 0x1800854b6 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800fe095 : mov eax, [rdx + 0x38]; ret
    > 0x180094d06 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x18007b880 : mov rax, [rdx]; mov [rcx], rax; ret
load reg
    > 0x180017d0d : pop rax; ret
    > 0x1800027c8 : pop rbx; ret
    > 0x180091915 : pop rcx; ret
    > 0x18001a5b6 : pop rdx; ret
    > 0x18000219b : pop rsi; ret
pop pop ret
    > 0x18008ee78 : pop r11; ret
    > 0x18008ee76 : pop r10; pop r11; ret
    > 0x1800040f6 : pop r12; pop rdi; pop rbp; ret
    > 0x180023fa8 : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x180009505 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a4158 : add rsp, 0x10; ret
    > 0x1800a4158 : add rsp, 0x10; ret
    > 0x18006d003 : add rsp, 0x238; ret
    > 0x180006f1e : add rsp, 0x38; ret
    > 0x18007cd6e : add rsp, 0x438; ret
stack pivoting
    > 0x18003f411 : xchg eax, esp; ret
    > 0x180022eed : mov rsp, r11; pop r14; ret
    > 0x180022eee : mov esp, ebx; pop r14; ret
    > 0x180113b02 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x1800de97d : xchg esp, ebx; lahf ; xor eax, eax; ret
syscall
    > 0x18009f302 : syscall ; ret
write mem
    > 0x18007e88f : add [rbx], edi; ret
    > 0x1800a6148 : adc [rdx], eax; ret
    > 0x180076838 : add [rdi], ecx; ret
    > 0x180076837 : add [r15], ecx; ret
    > 0x18007345a : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact