ROPSHELL 
ropshell> use f041baaf75aae07d3f96385dd209dd37 (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 7426

ropshell> suggest "stack pivoting"
> 0x1c00325a9 : xchg eax, esp; ret
> 0x1c004479e : mov rsp, r11; pop r14; ret
> 0x1c004479f : mov esp, ebx; pop r14; ret
> 0x1c017c7ed : mov esp, esp; cld ; dec [rax - 0x75]; ret
> 0x1c01ba9c2 : lea rsp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
> 0x1c01ba9c3 : lea esp, [rbp + 0x100]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
> 0x1c006479b : push rbx; or [rax - 0x75], cl; pop rsp; and al, 8; mov rdi, [rsp + 0x10]; ret
> 0x1c0148a77 : push rsi; or [rax - 0x75], ecx; sbb [r13 + rcx*4 + 5], cl; pop rsp; ret 8
> 0x1c001f0ff : xchg esp, ecx; add [rax], al; add [rax - 0x68], cl; mov ecx, [rdx + rax*4 + 0x1cc7c0]; add rcx, rdx; jmp rcx
> 0x1c0174233 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact