ROPSHELL 
ropshell> use d3b186374b5679a331d36eadce3c30a1 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6459

ropshell> suggest "load reg"
> 0x180006181 : pop rax; ret
> 0x1800012a7 : pop rbx; ret
> 0x1800961f5 : pop rcx; ret
> 0x1800f113b : pop rdx; ret
> 0x18000124d : pop rsi; ret
> 0x180001319 : pop rdi; ret
> 0x18000110b : pop rbp; ret
> 0x18000bbcd : pop rsp; ret
> 0x180055b07 : pop r8; ret
> 0x180093738 : pop r11; ret
> 0x18000bbcc : pop r12; ret
> 0x18001c839 : pop r13; ret
> 0x18000412e : pop r14; ret
> 0x18000cc83 : pop r15; ret
> 0x180093736 : pop r10; pop r11; ret
> 0x180093734 : pop r9; pop r10; pop r11; ret
> 0x1800d7dea : mov rax, [rsp + 8]; ret
> 0x180038210 : mov rbx, [rsp + 0x10]; ret
> 0x18005b7e9 : mov rsi, [rsp + 0x10]; ret
> 0x18002148d : mov rdi, [rsp + 0x10]; ret
> 0x180129332 : mov r14, [rsp + 0x20]; ret
> 0x1800d7deb : mov eax, [rsp + 8]; ret
> 0x180038211 : mov ebx, [rsp + 0x10]; ret
> 0x18005b7ea : mov esi, [rsp + 0x10]; ret
> 0x18002148e : mov edi, [rsp + 0x10]; ret
> 0x1800a8bf3 : mov r11, [rsp + 8]; add rsp, 0x10; ret
> 0x1800dfad4 : mov rcx, [rsp + 0x108]; call rax
> 0x18007bf09 : mov r12, [rsp + 0x38]; pop r15; pop r14; pop r13; ret
> 0x1800dfad5 : mov ecx, [rsp + 0x108]; call rax
> 0x18007bf0a : mov esp, [rsp + 0x38]; pop r15; pop r14; pop r13; ret
> 0x18008cebf : mov rbp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret
> 0x1800a7b16 : mov r9, [rsp + 0x38]; add rsp, 0x48; jmp rax
> 0x18008cec0 : mov ebp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret
> 0x1800a8bef : mov r10, [rsp]; mov r11, [rsp + 8]; add rsp, 0x10; ret
> 0x1800a8bf0 : mov edx, [rsp]; mov r11, [rsp + 8]; add rsp, 0x10; ret
> 0x1800a7dc8 : mov rdx, [rsp + 0x38]; mov [rsp + 0x48], rdx; add rsp, 0x48; ret
> 0x1800a7b11 : mov r8, [rsp + 0x30]; mov r9, [rsp + 0x38]; add rsp, 0x48; jmp rax

© 2014 - 2019 - Powered by ROPEME | Contact