ROPSHELL 
ropshell> use 7450dd3ddf93a83f69c64c82b539212a (download)
name         : win32kfull.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 13056

ropshell> suggest "write mem"
> 0x1c01b184e : adc [rax], r8; ret
> 0x1c0142a16 : adc [rax], ecx; ret
> 0x1c02c3ff5 : add [rbx], ecx; ret
> 0x1c029b59b : add [rbx], edi; ret
> 0x1c01fc80f : add [rbx], ebp; ret
> 0x1c024545c : add [rcx], eax; ret
> 0x1c0058c8f : add [rdi], ecx; ret
> 0x1c01b187a : adc [r8], rax; ret
> 0x1c02c3ff4 : add [r11], ecx; ret
> 0x1c029b59a : add [r11], edi; ret
> 0x1c00d7587 : adc [rax + 0x14], ecx; ret
> 0x1c0059d0f : add [rax + 1], edi; ret
> 0x1c00f4b7b : adc [rcx + 0x3a], eax; ret
> 0x1c010923b : add [rcx + 0x63480024], esi; ret
> 0x1c012b116 : add [rdx + 0x10], eax; ret
> 0x1c00aa1f5 : add [rbp + 0x3b], eax; ret
> 0x1c02d21ef : add [rbp + 3], ecx; ret
> 0x1c00ec67c : adc [rbp + 0x46], esi; ret
> 0x1c002019f : add [r9 + 4], ecx; ret
> 0x1c02c8b7f : adc [rdx], eax; mov rax, rdx; ret
> 0x1c018a803 : adc [rcx], edx; add [rax], al; ret
> 0x1c00b524d : add [rcx], ebp; cld ; mov rax, r10; ret
> 0x1c00a001f : adc [rsi], ecx; add [rax], al; ret
> 0x1c02dab28 : add [rdi], edx; add [rax], al; ret
> 0x1c0081f86 : add [r8], eax; add [rax - 0x7f], cl; ret
> 0x1c009dbea : add [rdx + 0x2c], ecx; add rsp, 0x28; ret
> 0x1c0038fc0 : adc [rdx + 3], esi; xor eax, eax; ret
> 0x1c02aae51 : add [rdi + 3], esi; xor eax, eax; ret
> 0x1c009dbe9 : add [r10 + 0x2c], ecx; add rsp, 0x28; ret
> 0x1c0036d2e : add [rbx], esi; jmp [rbp + 0x48]
> 0x1c0003b00 : add [r9 + 0x2b], eax; ror [rcx + 0x51893c41], 1; ret
> 0x1c0122e11 : add [rbx], eax; add al, ch; add r8b, r14b; dec [rax - 0x7d]; ret
> 0x1c009dbe6 : add [rdx + 0x28], ebx; add [r10 + 0x2c], ecx; add rsp, 0x28; ret
> 0x1c012db42 : add [rsi], eax; add [rax], al; add [rax - 0x73], cl; add eax, 0x1f9b9a; ret
> 0x1c0020198 : add [r9], eax; add [r9 + 8], eax; add [r9 + 4], ecx; ret
> 0x1c01b4d92 : add [rcx + 7], edi; and dl, cl; sub cl, dl; shr eax, cl; and eax, 1; ret
> 0x1c00797dd : add [rbx + 0x7fc83b0a], ecx; or [rbp + 0x41c18bc9], al; cmovs eax, ecx; mov [rdx], eax; ret
> 0x1c0169529 : add [rcx + 4], edx; neg eax; neg r8d; mov [r9], eax; mov [r9 + 8], r8d; ret
> 0x1c0169528 : add [r9 + 4], edx; neg eax; neg r8d; mov [r9], eax; mov [r9 + 8], r8d; ret
> 0x1c020fb25 : add [rax + 0x483b7401], ebp; mov eax, [rcx + 0x28]; mov eax, [rax + 0x60]; add rsp, 0x28; ret
> 0x1c01508f1 : add [rdi], ebp; add [rbx + rax - 0x40], al; mov al, [r8 + r14 + 0x2eb220]; mov r14, [rsp + 0x20]; ret

© 2014 - 2019 - Powered by ROPEME | Contact