ROPSHELL 
ropshell> use 1308215b07912a3c663b342c65f6e70d (download)
name         : wof.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 872

ropshell> suggest
jmp
    > 0x1c0010430 : jmp rax
    > 0x1c001045c : push rsp; add eax, edi; ret
    > 0x1c000eada : jmp [rsi + 0x45]
load mem
    > 0x1c0005cfc : mov rax, [rdx]; mov [rcx], rax; ret
    > 0x1c0005cfd : mov eax, [rdx]; mov [rcx], rax; ret
    > 0x1c000a6a3 : mov rsi, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
    > 0x1c000692b : mov rdi, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
    > 0x1c000a6a4 : mov esi, [rbx + 0x20]; mov rsp, r11; pop rbp; ret
load reg
    > 0x1c000764c : pop rax; ret
    > 0x1c0001873 : pop rbx; ret
    > 0x1c000387a : pop rsi; ret
    > 0x1c000125e : pop rdi; ret
    > 0x1c0001155 : pop rbp; ret
pop pop ret
    > 0x1c0003db1 : pop r12; ret
    > 0x1c0008887 : pop r12; pop rbp; ret
    > 0x1c0008403 : pop r12; pop rdi; pop rbp; ret
    > 0x1c000323d : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x1c000186e : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1c000152d : add rsp, 0x28; ret
    > 0x1c000152d : add rsp, 0x28; ret
    > 0x1c0004e64 : add rsp, 0x38; ret
    > 0x1c00011ef : add rsp, 0x48; ret
    > 0x1c0007649 : add rsp, 0x58; ret
stack pivoting
    > 0x1c000692f : mov rsp, r11; pop rbp; ret
    > 0x1c0006930 : mov esp, ebx; pop rbp; ret
    > 0x1c001040d : leave ; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
write mem
    > 0x1c00105a3 : adc [rbx], ecx; movaps xmm[rcx - 0x10], xmm0; ret
    > 0x1c00054ad : add [rbp + 6], esi; add rsp, 0x28; ret
    > 0x1c0010470 : adc [rcx], eax; movups xmm[rcx + r8 - 0x10], xmm1; ret
    > 0x1c0010471 : add [rdx + 0xf], eax; adc [rcx + rax - 0x10], ecx; ret
    > 0x1c000a545 : add [rdi], ecx; test [rdi], edi; add [rax], eax; add [rcx - 0x75], al; ret

© 2014 - 2019 - Powered by ROPEME | Contact