ROPSHELL 
ropshell> use f4f9fc355b6c729eeb4d69186e0ba93e (download)
name         : msiexec.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 1272

ropshell> suggest
call
    > 0x14000a470 : call rax
    > 0x14000371f : call rbx
    > 0x140005e6a : call rsi
    > 0x1400084b7 : call rdi
    > 0x14000a1e2 : call rbp
jmp
    > 0x140009932 : jmp rax
    > 0x1400039dd : jmp rdi
    > 0x14000683c : jmp [rsi + 0x3b]
load mem
    > 0x140004c72 : mov rsi, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
    > 0x14000a602 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r15; ret
    > 0x140002b55 : mov r14, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
    > 0x140002b56 : mov esi, [rbx + 0x20]; mov rsp, r11; pop rbp; ret
    > 0x14000a603 : mov edi, [rbx + 0x20]; mov rsp, r11; pop r15; ret
load reg
    > 0x1400052f5 : pop rax; ret
    > 0x140002805 : pop rbx; ret
    > 0x140003ca5 : pop rsi; ret
    > 0x140002a5a : pop rdi; ret
    > 0x1400029a1 : pop rbp; ret
pop pop ret
    > 0x1400042c3 : pop r12; ret
    > 0x140008900 : pop r12; pop rbp; ret
    > 0x140004036 : pop r12; pop rdi; pop rbp; ret
    > 0x1400034e2 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x1400034e0 : pop r13; pop r12; pop rdi; pop rsi; pop rbp; ret
sp lifting
    > 0x14000b188 : add rsp, 0x10; ret
    > 0x14000b188 : add rsp, 0x10; ret
    > 0x14000a33a : add rsp, 0x28; ret
    > 0x14000382d : add rsp, 0x38; ret
    > 0x1400089d5 : add rsp, 0x48; ret
stack pivoting
    > 0x1400040da : xchg eax, esp; ret
    > 0x14000a606 : mov rsp, r11; pop r15; ret
    > 0x14000a607 : mov esp, ebx; pop r15; ret
    > 0x140007a23 : lea esp, [rax + 0x4800000c]; mov edx, edi; call rbx
    > 0x140006a06 : leave ; call rbx
write mem
    > 0x140008596 : add [rbx], edi; ret
    > 0x14000aa88 : add [rbp + 7], esi; call [rip + 0x5907]; int3 ; xor eax, eax; add rsp, 0x28; ret

© 2014 - 2019 - Powered by ROPEME | Contact