ROPSHELL 
ropshell> use d3b186374b5679a331d36eadce3c30a1 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6459

ropshell> suggest
call
    > 0x18003a71a : call rax
    > 0x180028591 : call rbx
    > 0x18004c94d : call rdx
    > 0x180059d8d : call rdi
    > 0x180097916 : call rsp
jmp
    > 0x18003205e : push rsp; ret
    > 0x18009371c : jmp rax
    > 0x180026991 : jmp rbx
    > 0x1800178ac : jmp rcx
    > 0x18001cadd : jmp rdx
load mem
    > 0x180073d60 : movzx eax, [rcx]; ret
    > 0x18008c346 : mov eax, [rcx + 0x16b0]; ret
    > 0x18010c5d5 : mov eax, [rdx + 0x38]; ret
    > 0x1800995d6 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x18007f8b0 : mov rax, [rdx]; mov [rcx], rax; ret
load reg
    > 0x180006181 : pop rax; ret
    > 0x1800012a7 : pop rbx; ret
    > 0x1800961f5 : pop rcx; ret
    > 0x1800f113b : pop rdx; ret
    > 0x18000124d : pop rsi; ret
pop pop ret
    > 0x180093738 : pop r11; ret
    > 0x180093736 : pop r10; pop r11; ret
    > 0x18003b40b : pop r12; pop rbp; pop rbx; ret
    > 0x180001107 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x180002c2d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a8bf8 : add rsp, 0x10; ret
    > 0x1800a8bf8 : add rsp, 0x10; ret
    > 0x18008e27b : add rsp, 0x238; ret
    > 0x1800013ab : add rsp, 0x38; ret
    > 0x180079bfe : add rsp, 0x438; ret
stack pivoting
    > 0x1800060d6 : xchg eax, esp; ret
    > 0x18003fdfa : mov rsp, r11; pop r14; ret
    > 0x18003fdfb : mov esp, ebx; pop r14; ret
    > 0x1801226a2 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x1800ea19d : xchg esp, ebx; lahf ; xor eax, eax; ret
syscall
    > 0x1800a38a2 : syscall ; ret
write mem
    > 0x180101eaf : adc [rax], r10; ret
    > 0x180101eb0 : adc [rax], edx; ret
    > 0x1800856cf : add [rbx], edi; ret
    > 0x1800aac48 : adc [rdx], eax; ret
    > 0x18007b368 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact