ROPSHELL 
ropshell> use 290eb0780917665d1c2ae4e65c0716d6 (download)
name         : simple_test.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 489

ropshell> suggest
call
    > 0x14000124d : call rax
    > 0x14000c3b5 : call rbx
    > 0x14000c9ac : call rcx
    > 0x1400011ee : call rdi
    > 0x140004aa2 : call rbp
jmp
    > 0x140003ff4 : jmp rax
    > 0x1400020a5 : jmp rbx
    > 0x14000257d : jmp rcx
    > 0x140007180 : jmp rdx
    > 0x1400020a4 : jmp r11
load mem
    > 0x140004aa0 : mov ecx, [rbx]; call rbp
    > 0x140004ee0 : movzx ecx, [rax + 6]; mov eax, ecx; ret
    > 0x140005030 : mov eax, [rdx + 0x24]; not eax; shr eax, 0x1f; ret
    > 0x140004ab2 : mov rax, [rbx + 8]; mov rcx, rsi; call rax
    > 0x140004696 : mov rcx, [rax + 8]; mov r9, r14; call rdi
load reg
    > 0x14000487c : pop rax; ret
    > 0x14000493d : pop rbx; ret
    > 0x140005140 : pop rcx; ret
    > 0x140004167 : pop rsi; ret
    > 0x14000440b : pop rdi; ret
pop pop ret
    > 0x14000133f : pop r12; ret
    > 0x140006294 : pop r12; pop rbp; ret
    > 0x14000cc21 : pop r12; pop r13; pop r14; ret
    > 0x1400054c2 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x1400044c6 : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x1400010b2 : add rsp, 0x28; ret
    > 0x1400010b2 : add rsp, 0x28; ret
    > 0x1400024e6 : add rsp, 0x38; ret
    > 0x140001193 : add rsp, 0x48; ret
    > 0x140004879 : add rsp, 0x58; ret
stack pivoting
    > 0x14000717c : xchg eax, esp; add rdx, r12; jmp rdx
    > 0x14000628e : mov rsp, rbp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x14000628f : mov esp, ebp; pop rbx; pop rsi; pop rdi; pop r12; pop rbp; ret
    > 0x1400050d0 : leave ; mov rax, r9; ret
write mem
    > 0x140002542 : add [rdx], esi; nop ; add rsp, 0x28; ret
    > 0x14000454d : add [rdi], ecx; test ebx, ebx; add al, [rax]; add [rax - 0x7d], cl; ret
    > 0x14000c39e : add [rbp + 0x2a], esi; mov rbx, [rip + 0x32008eb8]; nop [rax + rax]; mov ecx, 1; call rbx

© 2014 - 2019 - Powered by ROPEME | Contact