ROPSHELL 
ropshell> use f8f1a77ddbb280448ac920ea9adf31c0 (download)
name         : kernel32_mine.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2727

ropshell> suggest
call
    > 0x18001d9c6 : call rax
    > 0x180023332 : call rcx
    > 0x18001d925 : call rdx
    > 0x180024721 : call rdi
    > 0x180039bed : call rbp
jmp
    > 0x1800222d0 : jmp rax
    > 0x180031b03 : jmp rbx
    > 0x1800022b3 : jmp rcx
    > 0x180002bb8 : jmp rdi
    > 0x18006ecdc : jmp [rax]
load mem
    > 0x18001f0e0 : mov eax, [rcx + 0x10]; ret
    > 0x180011346 : mov rcx, [rdx]; sub eax, ecx; ret
    > 0x180011347 : mov ecx, [rdx]; sub eax, ecx; ret
    > 0x18006f2ca : mov rax, [rdx + 0x18]; add rax, rcx; ret
    > 0x18006f2cb : mov eax, [rdx + 0x18]; add rax, rcx; ret
load reg
    > 0x18000892a : pop rax; ret
    > 0x18000158a : pop rbx; ret
    > 0x18001adf3 : pop rcx; ret
    > 0x1800014a5 : pop rsi; ret
    > 0x1800013ee : pop rdi; ret
pop pop ret
    > 0x180010ba9 : pop r12; ret
    > 0x18000a2cf : pop r12; pop rbp; ret
    > 0x180006a34 : pop r12; pop rdi; pop rbp; ret
    > 0x180062384 : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x1800040cf : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x180022953 : add rsp, 0x118; ret
    > 0x180022953 : add rsp, 0x118; ret
    > 0x180006895 : add rsp, 0x28; ret
    > 0x180005c90 : add rsp, 0x38; ret
    > 0x180001047 : add rsp, 0x48; ret
stack pivoting
    > 0x18001f57e : xchg eax, esp; ret
    > 0x18000dd4a : mov rsp, r11; pop r14; ret
    > 0x18000dd4b : mov esp, ebx; pop r14; ret
    > 0x1800498e3 : leave ; ret 2
syscall
    > 0x180022264 : int 0x80; adc al, 0; add [rbp + 0x2e], dh; ret
write mem
    > 0x1800624c6 : add [rax + 0xf], ecx; ret
    > 0x1800663cc : adc [rax + 4], edi; ret
    > 0x180006c50 : adc [rcx + 0x20], eax; ret
    > 0x1800624c5 : add [r8 + 0xf], ecx; ret
    > 0x18005c016 : add [r9 + 0xf], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact