ROPSHELL 
ropshell> use f041baaf75aae07d3f96385dd209dd37 (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 7426

ropshell> suggest "load reg"
> 0x1c0024ed7 : pop rax; ret
> 0x1c000104a : pop rbx; ret
> 0x1c0098b33 : pop rcx; ret
> 0x1c00e42aa : pop rdx; ret
> 0x1c0002221 : pop rsi; ret
> 0x1c0001266 : pop rdi; ret
> 0x1c0001549 : pop rbp; ret
> 0x1c0004050 : pop rsp; ret
> 0x1c00224c5 : pop r12; ret
> 0x1c005d976 : pop r13; ret
> 0x1c0010f8c : pop r14; ret
> 0x1c0045355 : pop r15; ret
> 0x1c00f6dce : pop r8; xor eax, eax; ret
> 0x1c0036416 : mov rbx, [rsp + 8]; ret
> 0x1c019b748 : mov rsi, [rsp + 0x10]; ret
> 0x1c0022d56 : mov rdi, [rsp + 0x10]; ret
> 0x1c0036417 : mov ebx, [rsp + 8]; ret
> 0x1c019b749 : mov esi, [rsp + 0x10]; ret
> 0x1c0022d57 : mov edi, [rsp + 0x10]; ret
> 0x1c012ffef : mov rax, [rsp + 0x30]; add rsp, 0x28; ret
> 0x1c012fff0 : mov eax, [rsp + 0x30]; add rsp, 0x28; ret
> 0x1c0080b73 : mov rbp, [rsp + 0x20]; mov rsi, [rsp + 0x28]; pop rdi; ret
> 0x1c00870b8 : mov ecx, [rsp + 0x38]; mov [rdx], ecx; add rsp, 0x48; ret
> 0x1c00f40f8 : mov edx, [rsp + 0x50]; mov [rcx], rdx; add rsp, 0x68; ret
> 0x1c0080b74 : mov ebp, [rsp + 0x20]; mov rsi, [rsp + 0x28]; pop rdi; ret
> 0x1c00f40f0 : mov rcx, [rsp + 0xa8]; mov edx, [rsp + 0x50]; mov [rcx], rdx; add rsp, 0x68; ret

© 2014 - 2019 - Powered by ROPEME | Contact