ROPSHELL 
ropshell> use d5fad1cc387c31792b8fcae48ffea669 (download)
name         : kernel32.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2743

ropshell> suggest
call
    > 0x18001e366 : call rax
    > 0x180031c37 : call rcx
    > 0x1800087b8 : call rdx
    > 0x18005bb1d : call rsi
    > 0x18001e365 : call r8
jmp
    > 0x180024010 : jmp rax
    > 0x1800111e6 : jmp rcx
    > 0x18006fbb5 : jmp rdx
    > 0x1800120e5 : jmp rdi
    > 0x18000bbdb : jmp [rax]
load mem
    > 0x1800200d0 : mov eax, [rcx + 0x10]; ret
    > 0x1800083ac : mov rcx, [rdx]; sub eax, ecx; ret
    > 0x1800083ad : mov ecx, [rdx]; sub eax, ecx; ret
    > 0x180016f5a : mov eax, [rcx]; add [rax - 0x7d], cl; ret
    > 0x180071865 : mov ebp, [rbx]; stc ; dec [rax - 0x75]; ret
load reg
    > 0x1800063b6 : pop rax; ret
    > 0x18000112a : pop rbx; ret
    > 0x180001661 : pop rsi; ret
    > 0x180001281 : pop rdi; ret
    > 0x18000120c : pop rbp; ret
pop pop ret
    > 0x18000198d : pop r12; ret
    > 0x18000930f : pop r12; pop rbp; ret
    > 0x18000b87e : pop r12; pop rdi; pop rbp; ret
    > 0x1800123e2 : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x180001e13 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x180024693 : add rsp, 0x118; ret
    > 0x180024693 : add rsp, 0x118; ret
    > 0x180004ff1 : add rsp, 0x28; ret
    > 0x180003839 : add rsp, 0x38; ret
    > 0x180001047 : add rsp, 0x48; ret
stack pivoting
    > 0x18002038a : xchg eax, esp; ret
    > 0x180004133 : mov rsp, r11; pop r14; ret
    > 0x180004134 : mov esp, ebx; pop r14; ret
    > 0x1800507ea : push rbx; add cl, [rax - 0x75]; pop rsp; and al, 8; ret
    > 0x18004c53b : leave ; ret
syscall
    > 0x180023fa4 : int 0x80; adc al, 0; add [rbp + 0x2e], dh; ret
write mem
    > 0x18006366a : add [rax + 0xf], ecx; ret
    > 0x1800675cc : adc [rax + 4], edi; ret
    > 0x18001ad6c : adc [rcx + 0x20], eax; ret
    > 0x180063669 : add [r8 + 0xf], ecx; ret
    > 0x180060d39 : add [rdi], ecx; xchg eax, ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact