ROPSHELL 
ropshell> use ec0cbdf5854bff24b533e2536a486eec (download)
name         : fiestaFTP.bak.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 3739

ropshell> suggest
call
    > 0x14000b0f8 : call rax
    > 0x14000dc32 : call rdx
    > 0x140007f98 : call rsi
    > 0x14000f88c : call rbp
    > 0x14000b0f7 : call r8
jmp
    > 0x140027065 : jmp rax
    > 0x1400470f5 : jmp rcx
    > 0x14000a6cc : jmp [rax]
    > 0x14005fd78 : jmp [rbx]
    > 0x1400486fa : jmp [rcx]
load mem
    > 0x14004e364 : mov rax, [rcx]; ret
    > 0x14004e365 : mov eax, [rcx]; ret
    > 0x14003e36b : movzx eax, [r8]; ret
    > 0x14004b279 : mov rax, [rcx + 0x40]; ret
    > 0x1400467e0 : mov eax, [rcx + 0x20]; ret
load reg
    > 0x140012ef6 : pop rax; ret
    > 0x1400062af : pop rbx; ret
    > 0x14004dea3 : pop rcx; ret 3
    > 0x140006783 : pop rsi; ret
    > 0x14000609e : pop rdi; ret
pop pop ret
    > 0x1400094be : pop r12; ret
    > 0x140016ae0 : pop r12; pop rbp; ret
    > 0x1400188f9 : pop r12; pop rdi; pop rbp; ret
    > 0x140008639 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x140020f8d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x14004e149 : add rsp, 0x10; ret
    > 0x14004e149 : add rsp, 0x10; ret
    > 0x140003df0 : add rsp, 0x28; ret
    > 0x140013fc2 : add rsp, 0x38; ret
    > 0x140012e4f : add rsp, 0x48; ret
stack pivoting
    > 0x14004e944 : xchg eax, esp; ret
    > 0x14004b351 : mov rsp, r11; pop r14; ret
    > 0x14004b352 : mov esp, ebx; pop r14; ret
    > 0x140013282 : lea rsp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
    > 0x140013283 : lea esp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
write mem
    > 0x140010bca : add [rax + 0x3b], ecx; ret
    > 0x1400258fa : add [rbp + 0x3b], ecx; ret
    > 0x140047126 : add [rdi], ecx; mov dh, 0xc2; ret
    > 0x14002e577 : add [r8], rax; add [rax - 0x75], cl; ret
    > 0x140010347 : add [rdx + 1], edi; jmp [rax + 0x10]

© 2014 - 2019 - Powered by ROPEME | Contact