ROPSHELL 
ropshell> use 40f241ba0b3f4812c3ddab15e1e70138 (download)
name         : ntdll.dll (i386/PE)
base address : 0x6b281000
total gadgets: 9198

ropshell> suggest "load mem"
> 0x6b312b75 : mov edx, [ebx]; ret
> 0x6b317f00 : mov ebp, [eax]; ret
> 0x6b35fa52 : mov eax, [edx + 0x20]; ret
> 0x6b295abe : mov eax, [esi]; add dh, dh; ret
> 0x6b35fc2a : mov eax, [esi + 0x38]; pop esi; ret
> 0x6b29d638 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x6b37a38b : mov eax, [ecx + 0x14]; add eax, edx; ret
> 0x6b2d4970 : mov eax, [edx]; mov edx, [edx + 4]; ret
> 0x6b35ee91 : mov edi, [esi]; idiv bh; mov esp, ebp; pop ebp; ret 0x1c
> 0x6b2c057c : mov ecx, [ebp + 0x18]; call ecx
> 0x6b2be1f1 : mov eax, [ecx]; add [eax], al; call fs:[0xc0]; ret 0x10
> 0x6b2f3121 : mov ebx, [eax]; std ; jmp [ecx]
> 0x6b341b83 : mov ecx, [edx + 0x4c]; mov [eax], ecx; pop ebp; ret 0xc
> 0x6b34f6ef : mov ecx, [esi]; sub ecx, eax; mov eax, ecx; pop esi; pop ebp; ret 4
> 0x6b354904 : mov ecx, [esi + 8]; mov [edi + 4], ecx; pop edi; pop esi; pop ebp; ret 8
> 0x6b3416a0 : mov eax, [edi]; mov [esi], eax; mov [edi], esi; pop edi; pop esi; pop ebx; ret
> 0x6b321f4c : mov ecx, [edx]; movzx eax, [ecx]; add ecx, 2; mov [edx], ecx; pop ebp; ret
> 0x6b35fa34 : movzx ecx, [edi]; add esi, ecx; mov [edx], edi; mov eax, esi; pop edi; pop esi; ret
> 0x6b35519f : mov ecx, [ebx + 0x8bec45]; mov eax, [eax]; mov [ebp - 0x1c], eax; xor eax, eax; inc eax; ret
> 0x6b361b7a : mov eax, [edi + 4]; sub eax, esi; mov [ecx], esi; pop edi; mov [edx], eax; pop esi; ret

© 2014 - 2019 - Powered by ROPEME | Contact