ROPSHELL 
ropshell> use 00dfcfa3da8c5e7c15e89a1a2ed510d6 (download)
name         : ntdll.dll (x86_64/RAW)
base address : 0x0
total gadgets: 12489

ropshell> suggest "load mem"
> 0x0001e435 : mov edx, [rbx]; ret
> 0x0001adc0 : mov ebp, [rax]; ret
> 0x00079714 : mov eax, [rdx + 4]; ret
> 0x000df163 : mov eax, [rsi + 0x20]; pop rsi; ret
> 0x0007535d : mov eax, [rbp + 0x10]; pop rbp; ret
> 0x00067d51 : mov eax, [rcx + 0x34]; and eax, 1; ret
> 0x000df8da : mov eax, [rcx]; pop rdi; pop rsi; pop rbx; pop rbp; ret 0x10
> 0x000e186b : mov eax, [rdx]; mov [rcx], eax; pop rsi; ret
> 0x0008826d : mov ecx, [rbp + 0x18]; call rcx
> 0x0019330a : mov rbp, [r9]; call [rdi]
> 0x0019330b : mov ebp, [rcx]; call [rdi]
> 0x000ba893 : mov ecx, [rdx + 0x4c]; mov [rax], ecx; pop rbp; ret 0xc
> 0x000caa8f : mov ecx, [rsi]; sub ecx, eax; mov eax, ecx; pop rsi; pop rbp; ret 4
> 0x000d982c : mov eax, [rsi]; shr eax, 8; mov [rdi], eax; pop rdi; pop rsi; ret
> 0x0002aac0 : mov rax, [rbp + 0xc]; mov [rax], ecx; xor eax, eax; pop rbp; ret 8
> 0x000794d6 : mov ecx, [rbx]; call [rip + 0x4b3a11e0]; pop rcx; jmp [rbx]
> 0x0004e1aa : mov esi, [rax]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x0008be6e : mov esi, [rcx]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x000ef172 : mov esi, [rdi]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x0009e4d9 : mov edi, [rax]; mov ecx, edi; call [rip + 0x4b3a11e0]; call rdi
> 0x000d14d4 : mov ecx, [rsi + 8]; mov [rdi + 4], ecx; pop rdi; pop rsi; pop rbp; ret 8
> 0x000ba735 : mov edx, [rbp + 8]; mov eax, [rbp + 0xc]; bswap edx; bswap eax; pop rbp; ret 8
> 0x000ba187 : mov eax, [rdi]; mov [rsi], eax; mov [rdi], esi; pop rdi; pop rsi; pop rbx; ret
> 0x00081eca : mov ecx, [rdx]; movzx eax, [rcx]; add ecx, 2; mov [rdx], ecx; pop rbp; ret
> 0x000df0de : movzx ecx, [rdi]; add esi, ecx; mov [rdx], edi; mov eax, esi; pop rdi; pop rsi; ret
> 0x000d6fd9 : mov eax, [rbx + 0x194]; mov [rdx + 0x194], eax; pop rdi; pop rsi; pop rbx; pop rbp; ret 8
> 0x000dbb7b : mov edx, [rax + 0x50]; mov eax, [rdx + 8]; mov edx, [rdx + 0xc]; ret
> 0x000ab0b1 : mov esi, [rax + 0x4b281898]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x00104500 : mov esi, [rbx + 0x24]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x00027396 : mov esi, [rdi + 0x10]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x000750b6 : mov ebx, [rbp + 8]; mov ecx, ebx; call [rip + 0x4b3a11e0]; mov ecx, esi; call rbx
> 0x000c5c66 : mov ecx, [rax + 0x68]; movabs eax, fs:[0xc98100000030]; add [rax], dl; mov [rax + 0x68], ecx; ret
> 0x000f8306 : mov ecx, [rdi + 4]; shl esi, cl; add esi, [rdi + 0xc]; mov eax, esi; pop rdi; pop rsi; ret
> 0x000977a8 : mov esi, [rdx]; push rdi; push rcx; push [rbp - 0xc]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x0009aa97 : mov eax, [rdi + 4]; push rdi; mov esi, [rax]; mov ecx, esi; call [rip + 0x4b3a11e0]; call rsi
> 0x00054bfa : mov r14, [rdi + 0x60]; mov ecx, esi; push rdi; push [rdi + 0x64]; push rbx; call [rip + 0x4b3a11e0]; call rsi
> 0x00068a84 : mov edi, [rbp + 8]; mov esi, [rip + 0x4b39e560]; mov ecx, esi; push rdi; push rdx; call [rip + 0x4b3a11e0]; call rsi

© 2014 - 2019 - Powered by ROPEME | Contact