ROPSHELL 
ropshell> use f48a48c98fe6a726d3498780b8287ac7 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6473

ropshell> suggest
call
    > 0x1800786b3 : call rax
    > 0x18001ddf8 : call rbx
    > 0x18001108d : call rdx
    > 0x18003d26d : call rbp
    > 0x1800928a6 : call rsp
jmp
    > 0x18000c3e8 : push rsp; ret
    > 0x18008e69c : jmp rax
    > 0x18000c34e : jmp rcx
    > 0x1800a360e : jmp rdx
    > 0x18011108d : jmp rsi
load mem
    > 0x1800724e0 : movzx eax, [rcx]; ret
    > 0x180083566 : mov eax, [rcx + 0x16b0]; ret
    > 0x1801037b5 : mov eax, [rdx + 0x38]; ret
    > 0x180094566 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x180080250 : mov rax, [rdx]; mov [rcx], rax; ret
load reg
    > 0x180001e13 : pop rax; ret
    > 0x1800012a7 : pop rbx; ret
    > 0x180091175 : pop rcx; ret
    > 0x18006f06a : pop rdx; ret
    > 0x18000124e : pop rsi; ret
pop pop ret
    > 0x18008e6b8 : pop r11; ret
    > 0x18008e6b6 : pop r10; pop r11; ret
    > 0x18002cf93 : pop r12; pop rbp; pop rbx; ret
    > 0x18002126d : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x180011f5d : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a42d8 : add rsp, 0x10; ret
    > 0x1800a42d8 : add rsp, 0x10; ret
    > 0x18008ac3f : add rsp, 0x238; ret
    > 0x18000146b : add rsp, 0x38; ret
    > 0x180080d16 : add rsp, 0x438; ret
stack pivoting
    > 0x18000ca67 : xchg eax, esp; ret
    > 0x1800271a6 : mov rsp, r11; pop r14; ret
    > 0x1800271a7 : mov esp, ebx; pop r14; ret
    > 0x180119b52 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x1800e1fdd : xchg esp, ebx; lahf ; xor eax, eax; ret
syscall
    > 0x18009f002 : syscall ; ret
write mem
    > 0x1800fa2df : adc [rax], r10; ret
    > 0x1800fa2e0 : adc [rax], edx; ret
    > 0x18000217f : add [rbx], edi; ret
    > 0x1800a6308 : adc [rdx], eax; ret
    > 0x18007c358 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact