ROPSHELL 
ropshell> use f041baaf75aae07d3f96385dd209dd37 (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 7426

ropshell> suggest
call
    > 0x1c0185e35 : call rax
    > 0x1c00c4c85 : call rbx
    > 0x1c002a582 : call rcx
    > 0x1c00f43fd : call rsp
    > 0x1c002c43c : call [rax]
jmp
    > 0x1c009abbb : push rsp; ret
    > 0x1c001ee3d : jmp rax
    > 0x1c00ef7e1 : jmp rbx
    > 0x1c0015ce6 : jmp rcx
    > 0x1c019805d : jmp rdx
load mem
    > 0x1c014ae90 : mov rax, [rcx]; ret
    > 0x1c014ae91 : mov eax, [rcx]; ret
    > 0x1c0184284 : mov rax, [rcx + 0x108]; ret
    > 0x1c00812ce : mov rax, [rdx + 0x10]; ret
    > 0x1c0184285 : mov eax, [rcx + 0x108]; ret
load reg
    > 0x1c0024ed7 : pop rax; ret
    > 0x1c000104a : pop rbx; ret
    > 0x1c0098b33 : pop rcx; ret
    > 0x1c00e42aa : pop rdx; ret
    > 0x1c0002221 : pop rsi; ret
pop pop ret
    > 0x1c00224c5 : pop r12; ret
    > 0x1c0004a1a : pop r12; pop rbp; ret
    > 0x1c0089401 : pop r12; pop rbp; pop rbx; ret
    > 0x1c0024d81 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x1c00053d3 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1c012936b : add rsp, 0x18; ret
    > 0x1c012936b : add rsp, 0x18; ret
    > 0x1c00010ca : add rsp, 0x28; ret
    > 0x1c0010e6b : add rsp, 0x38; ret
    > 0x1c00108b8 : add rsp, 0x48; ret
stack pivoting
    > 0x1c00325a9 : xchg eax, esp; ret
    > 0x1c004479e : mov rsp, r11; pop r14; ret
    > 0x1c004479f : mov esp, ebx; pop r14; ret
    > 0x1c017c7ed : mov esp, esp; cld ; dec [rax - 0x75]; ret
    > 0x1c01ba9c2 : lea rsp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
write mem
    > 0x1c01b7558 : add [rbx], eax; ret
    > 0x1c00416f6 : add [rbx], esi; ret
    > 0x1c019377a : add [rbx], edi; ret
    > 0x1c01430e3 : adc [rdx], eax; ret
    > 0x1c005aea7 : add [rdx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact