ROPSHELL 
ropshell> use 517fb6a5285d00bdc8ab97db4e4ce793 (download)
name         : ntdll.dll (x86_64/RAW)
base address : 0x0
total gadgets: 7152

ropshell> suggest "load mem"
> 0x00072920 : movzx eax, [rcx]; ret
> 0x001445ad : mov edx, [rbx]; ret
> 0x001395d8 : mov ebp, [rax]; ret
> 0x000839a6 : mov eax, [rcx + 0x16b0]; ret
> 0x00104085 : mov eax, [rdx + 0x38]; ret
> 0x000949a6 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x00080690 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x00080691 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x000a3e00 : mov rax, [rcx + 8]; and al, 0xf0; ret
> 0x00117c0a : movzx eax, [r8]; mov [r10 + 0x20], ax; ret
> 0x000a5139 : mov rax, [r9 + 0x30]; call rax
> 0x000e256b : mov rbx, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x0003cff9 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x000d43fa : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x00086a02 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x000d06d3 : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x00083767 : mov r15, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x0003cffa : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x000d43fb : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x00086a03 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop rdi; ret
> 0x000fca77 : mov eax, [rdi]; add [rax], al; add rsp, 0x98; ret
> 0x0006a2a1 : mov rax, [rdx + 0x38]; mov [rdx + 0x38], rcx; ret
> 0x000faeef : mov eax, [r9 + 0x194]; mov [rdx + 0x194], eax; ret
> 0x000848d9 : mov rcx, [rax + 0x48]; cmp [rip + 0xe9ac4], rcx; sete al; ret
> 0x000f67cd : mov rcx, [r10 + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x000d2e90 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x000d8ac3 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x0008308d : mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x000a42ff : mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x000848da : mov ecx, [rax + 0x48]; cmp [rip + 0xe9ac4], rcx; sete al; ret
> 0x000f67ce : mov ecx, [rdx + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x0008308e : mov esi, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x000a4300 : mov edi, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x00057ab0 : mov eax, [rsi]; add [rbp - 0x72f68740], al; jmp [rsi + 3]
> 0x0007be92 : mov ecx, [rdi]; add [rcx - 0x75], cl; pop rsi; and [rbp - 0x6a7bf02e], al; ret 4
> 0x0010405e : movzx ecx, [r9]; add r8d, ecx; mov [rdx], r9; mov eax, r8d; ret
> 0x0007be91 : mov ecx, [edi]; add [rcx - 0x75], cl; pop rsi; and [rbp - 0x6a7bf02e], al; ret 4
> 0x000a6b29 : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x000a5193 : mov edx, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x000a6b2a : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x00104b36 : mov eax, [r9]; mov rbx, [rsp + 8]; mov rdi, [rsp + 0x10]; ret
> 0x000a3db7 : mov edx, [rcx]; mov rcx, [rcx + 8]; mov eax, 1; int 0x2d; int3 ; ret
> 0x0004fb36 : mov rsi, [rbp + 0x140]; lea rsp, [rbp + 0x110]; pop r14; pop rdi; pop rbp; ret
> 0x00104c72 : mov rax, [r10 + 0x50]; inc r9w; movzx ecx, r9w; movzx eax, [rax + rcx*2]; ret
> 0x00092b64 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x00080337 : mov eax, [r10 + 0x98]; and [r10 + 0x64], 0; mov [r10 + 0x68], eax; ret
> 0x00083089 : mov rdi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x0007a0b1 : mov r8, [rdx + 8]; sub r8, [rcx + 0x18]; xor eax, eax; test r8, r8; sete al; ret
> 0x000a42fb : mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x000a42fc : mov esi, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x0008308a : mov edi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x000a6c0f : mov r11, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x000a6c10 : mov ebx, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x000a6b25 : mov rdx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x000a6b26 : mov edx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x0004fb2f : mov rbx, [rbp + 0x138]; mov rsi, [rbp + 0x140]; lea rsp, [rbp + 0x110]; pop r14; pop rdi; pop rbp; ret
> 0x0004fb30 : mov ebx, [rbp + 0x138]; mov rsi, [rbp + 0x140]; lea rsp, [rbp + 0x110]; pop r14; pop rdi; pop rbp; ret
> 0x000a42f7 : mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x000a518a : mov r10, [rax + 0x40]; mov [r9 + 0x40], r10; mov r10d, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x000a42f3 : mov r12, [rcx + 0x18]; mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x000fab96 : movsxd rcx, [r8 + 0x18]; movups xmm0, xmm[rax + r9]; movups xmm[rcx + rdx], xmm0; movsd xmm1, [rax + r9 + 0x10]; xor eax, eax; movsd [rcx + rdx + 0x10], xmm1; ret

© 2014 - 2019 - Powered by ROPEME | Contact