ROPSHELL 
ropshell> use 6f020a220388eca0ab6062dc27bd16b6 (download)
name         : tdi.sys (x86_64/PE)
base address : 0x11000
total gadgets: 329

ropshell> suggest "load mem"
> 0x00013e21 : mov rcx, [rsi + 0x28]; call rax
> 0x00013794 : mov rdx, [rsi + 8]; call r9
> 0x00013e22 : mov ecx, [rsi + 0x28]; call rax
> 0x00013795 : mov edx, [rsi + 8]; call r9
> 0x00013221 : mov rsi, [r11 + 0x30]; mov rsp, r11; pop r13; pop r12; pop rdi; ret
> 0x00014422 : mov rdi, [r11 + 0x38]; mov rsp, r11; pop r14; pop r13; pop r12; ret
> 0x00013222 : mov esi, [rbx + 0x30]; mov rsp, r11; pop r13; pop r12; pop rdi; ret
> 0x00014423 : mov edi, [rbx + 0x38]; mov rsp, r11; pop r14; pop r13; pop r12; ret
> 0x00013bc9 : mov rdx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x00013bca : mov edx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x0001321d : mov rbp, [r11 + 0x28]; mov rsi, [r11 + 0x30]; mov rsp, r11; pop r13; pop r12; pop rdi; ret
> 0x0001321e : mov ebp, [rbx + 0x28]; mov rsi, [r11 + 0x30]; mov rsp, r11; pop r13; pop r12; pop rdi; ret
> 0x0001244c : mov r8, [rbx + 0x58]; lea rdx, [rbx + 0x40]; lea rcx, [rbx + 0x78]; call rax
> 0x00013bc5 : mov r8, [rdi + 0x50]; mov rdx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x0001244d : mov eax, [rbx + 0x58]; lea rdx, [rbx + 0x40]; lea rcx, [rbx + 0x78]; call rax
> 0x00013bc6 : mov eax, [rdi + 0x50]; mov rdx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x000139b2 : mov rax, [rdi + 0x58]; mov ecx, r13d; lea r8, [rax + rdx*8]; mov rdx, [rsi + 8]; call r9
> 0x00013bc1 : mov r9, [rdi + 0x58]; mov r8, [rdi + 0x50]; mov rdx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x00013bc2 : mov ecx, [rdi + 0x58]; mov r8, [rdi + 0x50]; mov rdx, [rdi + 0x28]; lea rcx, [rdi + 0x78]; call rax
> 0x000124dc : mov rax, [rbx + 0x58]; lea rdx, [rdi + 0x78]; lea r8, [rax + rcx*8]; mov ecx, r13d; call [rbx + 0x30]
> 0x000124d9 : mov ecx, [rbx + 0x60]; mov rax, [rbx + 0x58]; lea rdx, [rdi + 0x78]; lea r8, [rax + rcx*8]; mov ecx, r13d; call [rbx + 0x30]

© 2014 - 2019 - Powered by ROPEME | Contact