ROPSHELL 
ropshell> use 67b2026b5d9009b183a8f4eb23a6180e (download)
name         : KernelBase.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 17820

ropshell> suggest "load mem"
> 0x18001c862 : mov eax, [rcx]; ret
> 0x18001c861 : mov eax, [r9]; ret
> 0x1800abaaf : mov edi, [rax + 0x505]; ret
> 0x1800331a5 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1800ad75c : mov ecx, [rsi]; fadd st(1); xor eax, eax; ret
> 0x1800ecb6c : mov eax, [rcx + 0xa8]; add eax, edx; ret
> 0x180141d23 : mov rax, [r8 + 8]; mov [rdx], rax; ret
> 0x180017bfd : mov rbx, [r11 + 0x10]; mov rsp, r11; pop rdi; ret
> 0x180006558 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180017c62 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18008ded9 : mov r12, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x180110422 : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x180092e57 : mov r15, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x180090946 : mov ebx, [rdx + 0xf000000]; test [rdi], cl; ret 5
> 0x1800a4fa9 : mov edx, [rax + 0x12]; sub dl, [rdi - 0x3fcc6d44]; ret
> 0x180006559 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180017c63 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1800bb0fa : mov rax, [rcx + 8]; mov [rdx + 8], rax; ret
> 0x1801264cf : mov eax, [r8]; shr eax, 4; and al, 1; add rsp, 0x28; ret
> 0x18007e06d : mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800c6529 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x18006945f : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x18007e06e : mov edi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800c652a : mov ebp, [rbx + 0x28]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1800f13cd : mov rax, [r9]; call [rip + 0x14bf32]; xor eax, eax; add rsp, 0x28; ret
> 0x18007efcf : mov rax, [rdx + 0x18]; mov [r8 + 0x18], rax; mov rax, rcx; ret
> 0x18007efd0 : mov eax, [rdx + 0x18]; mov [r8 + 0x18], rax; mov rax, rcx; ret
> 0x18010facf : mov eax, [r10 + 0x38]; mov [r8 + 0x7c], eax; add rsp, 0x28; ret
> 0x1800aa881 : mov ecx, [rax]; xor eax, eax; dec ecx; mov [rdx + rcx*2], ax; ret
> 0x1800a7c1c : mov ecx, [rdi]; movsb [rdi], [rsi]; xchg eax, edx; mov eax, 0x13; ret
> 0x1800aa880 : mov ecx, [r8]; xor eax, eax; dec ecx; mov [rdx + rcx*2], ax; ret
> 0x1801731ed : mov ecx, [rax + rax]; nop [rax + rax]; xor eax, eax; add rsp, 0x28; ret
> 0x1800a8bd9 : mov edx, [rcx + 0x72]; fsub [rdi]; push rsp; xchg eax, edx; xor eax, eax; ret
> 0x180080692 : mov rcx, [rax + 0x20]; mov [rcx + 0x28], rdx; mov eax, 1; add rsp, 0x28; ret
> 0x18007e069 : mov rsi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x18007e06a : mov esi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800b7d11 : mov rax, [rcx]; movabs r10, -0x3d6b41d6ed219e90; mov rax, [rax + 0x18]; call [rip + 0x1855e0]; add rsp, 0x28; ret
> 0x18012c348 : mov rax, [rdx]; mov [rcx], rax; lea rcx, [rdx - 8]; neg rdx; sbb rax, rax; and rax, rcx; ret
> 0x18012c349 : mov eax, [rdx]; mov [rcx], rax; lea rcx, [rdx - 8]; neg rdx; sbb rax, rax; and rax, rcx; ret
> 0x1800f13c9 : mov rdx, [r9 + 8]; mov rax, [r9]; call [rip + 0x14bf32]; xor eax, eax; add rsp, 0x28; ret
> 0x1800aa5d9 : mov edx, [rbx + 0x70]; sahf ; int 0xf6; xor eax, eax; mov [rdx], eax; mov [rdx + 4], ax; ret
> 0x18007e065 : mov rbx, [rbp + 0x30]; mov rsi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x18007e066 : mov ebx, [rbp + 0x30]; mov rsi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x180090b04 : mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x180090b05 : mov eax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x180107040 : mov rax, [rbp + 0xf]; lea r11, [rsp + 0xa0]; mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180107041 : mov eax, [rbp + 0xf]; lea r11, [rsp + 0xa0]; mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180137763 : mov eax, [r8 + 0x10]; mov [rdx + 0x10], eax; mov rax, [rcx + 8]; lea rcx, [rax + 0x14]; mov [r9 + 8], rcx; ret
> 0x180090afc : movsx rcx, [r10 + 0x100]; mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x180090afd : movsx ecx, [rdx + 0x100]; mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret

© 2014 - 2019 - Powered by ROPEME | Contact