ROPSHELL 
ropshell> use efeb7f6c44b3ef7f5adaad87d52bbbf4 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6434

ropshell> suggest
call
    > 0x18001b4be : call rax
    > 0x18004faca : call rbx
    > 0x180006c18 : call rcx
    > 0x180006ba3 : call rdx
    > 0x18000c26b : call rdi
jmp
    > 0x18009fda8 : push rsp; ret
    > 0x18001d845 : jmp rax
    > 0x18002803d : jmp rcx
    > 0x1800a009e : jmp rdx
    > 0x1800c101c : jmp rsi
load mem
    > 0x18006a670 : movzx eax, [rcx]; ret
    > 0x1800f94a1 : mov rax, [r10 + 0x38]; ret
    > 0x18007cc16 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800f94a2 : mov eax, [rdx + 0x38]; ret
    > 0x180091db6 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180006123 : pop rax; ret
    > 0x18000234d : pop rbx; ret
    > 0x18008ea7b : pop rcx; ret
    > 0x180010222 : pop rdx; ret 8
    > 0x1800026cb : pop rsi; ret
pop pop ret
    > 0x18008c438 : pop r11; ret
    > 0x18008c436 : pop r10; pop r11; ret
    > 0x1800095c8 : pop r12; pop rdi; pop rbp; ret
    > 0x180001bed : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x18000d8e4 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a10f8 : add rsp, 0x10; ret
    > 0x1800a10f8 : add rsp, 0x10; ret
    > 0x1800854cf : add rsp, 0x238; ret
    > 0x1800026fb : add rsp, 0x38; ret
    > 0x18007be6a : add rsp, 0x438; ret
stack pivoting
    > 0x180035b35 : xchg eax, esp; ret
    > 0x18001a909 : mov rsp, r11; pop r14; ret
    > 0x18001a90a : mov esp, ebx; pop r14; ret
    > 0x18002e163 : lea esp, [rax - 0x18000000]; ret
    > 0x18010d3b6 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009c072 : syscall ; ret
write mem
    > 0x180077783 : add [rax], r8; ret
    > 0x18007d968 : add [rbx], edi; ret
    > 0x1800769ed : add [rdi], ecx; ret
    > 0x1800769ec : add [r15], ecx; ret
    > 0x18006e7ba : add [rax + 1], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact