ropshell> use 911ddf2e16761643a47225f654d811e5 (download) name : ntdll.dll (i386/PE) base address : 0x7c901000 total gadgets: 6968
ropshell> search add [r32 %] r32 found 137 gadgets > 0x7c90353a : add [eax], eax; ret > 0x7c95db65 : add [ebx + 0x13], ebx; ret > 0x7c96d7b4 : add [ebx + 0xffffffc9], ebx; ret > 0x7c9227cc : add [ebx + 0x5df675c1], ecx; ret 8 > 0x7c9223b5 : add [ecx + 0x5d5b0858], ecx; ret 4 > 0x7c91acfa : add [ecx + 0x5d5e0451], ecx; ret 0xc > 0x7c91bb9b : add [edx], eax; pop ebp; ret > 0x7c9746c7 : add [esi + 0xffffff8a], ebx; ret > 0x7c91e5ad : add [esi + 0xffffff8b], ebx; ret > 0x7c957792 : add [edi + 0xffffffc9], ebx; ret 8 > 0x7c922037 : add [ebp + 0x8350f845], ecx; ret > 0x7c9695e4 : add [eax + 0x1c], ecx; pop ebp; ret 8 > 0x7c969578 : add [eax + 0x3c], ecx; pop ebp; ret 8 > 0x7c969618 : add [eax + 0x5c], ecx; pop ebp; ret 8 > 0x7c9518ee : add [eax + 0xb0], ecx; pop ebp; ret 8 > 0x7c951c8e : add [ecx + 0xc18b0451], ecx; pop ebp; ret 8 > 0x7c9748e8 : add [edx], eax; add cl, cl; ret > 0x7c928067 : add [edi + 0x5e], ebx; pop ebp; ret 0x10 > 0x7c95d154 : add [edi + 0x5e], ebx; pop ebp; ret 0x2c > 0x7c93692a : add [edi + 0x5e], ebx; pop ebp; ret 4 > 0x7c9131ff : add [edi + 0x5e], ebx; pop ebp; ret 8 > 0x7c90fa14 : add [eax], eax; add [eax], eax; ret > 0x7c92497f : add [eax + 0x5f], ecx; pop esi; pop ebp; ret > 0x7c95ced4 : add [eax + 0x8000001a], edi; pop esi; pop ebp; ret 0xc > 0x7c9183f6 : add [ebx + 0xc62b0c45], ecx; pop esi; pop ebp; ret > 0x7c930c8d : add [edi], cl; xchg [esi], eax; ret > 0x7c92d32b : add [edi + 0x5b], ebx; pop esi; pop ebp; ret 0xc > 0x7c955c41 : add [edi + 0x5b], ebx; pop esi; pop ebp; ret 4 > 0x7c952f15 : add [edi + 0x5e], ebx; pop ebx; pop ebp; ret 0x10 > 0x7c92ae40 : add [edi + 0x5e], ebx; pop ebx; pop ebp; ret 0x14 > 0x7c95c48c : add [edi + 0x5e], ebx; pop ebx; pop ebp; ret 0xc > 0x7c95f391 : add [edi + 0x5e], ebx; pop ebx; pop ebp; ret 4 > 0x7c913476 : add [edi + 0x5e], ebx; pop ebx; pop ebp; ret 8 > 0x7c930d5a : add [edi], cl; xchg [ecx], edi; ret 1 > 0x7c930cd5 : add [edi], cl; xchg [ebx], ebp; ret 1 > 0x7c92b671 : add [eax + 0x754f4111], ecx; neg [edi + 0x5d]; ret 0x10 > 0x7c97429b : add [eax], al; mov [eax], ecx; pop ebp; ret > 0x7c95e067 : add [ebx + 0x1880c4d], ecx; mov al, 1; pop ebp; ret 8 > 0x7c90162b : add [ebx + 0x8b088be1], ecx; inc eax; add al, 0x50; ret > 0x7c92060c : add [ebx], esi; rcr [edi + 0x5e], 0x5d; ret 0xc > 0x7c95cfe2 : add [ebx], esi; rcr [esi + 0x5b], 0x5d; ret 0xc > 0x7c96989a : add [eax + 0x6c], ecx; inc [eax + 0x68]; pop ebp; ret 8 > 0x7c964c72 : add [eax], al; mov [eax + 0x34], ecx; pop ebp; ret 4 > 0x7c968cd1 : add [eax + 0x3202eb01], esi; rcr [edi + 0x5e], 0x5d; ret 8 > 0x7c93e224 : add [eax + 0xffffffff], esi; jmp [esi + 0xffffff8b] > 0x7c919b12 : add [ebx + 0x4518910], cl; mov [eax], ecx; pop ebp; ret 4 > 0x7c95641d : add [ecx + 0xfffdd09d], ecx; jmp [esi + 0xffffff89] > 0x7c956b38 : add [ecx + 0xfffddc9d], ecx; jmp [esi + 0xffffff89] > 0x7c95c161 : add [edx], al; mov [eax + 4], eax; pop ebp; ret 4 > 0x7c934d5b : add [edx + 0xffffffff], edx; jmp [esi + 0xffffff83] > 0x7c95f87e : add [esi], edi; xor eax, eax; pop edi; pop esi; pop ebp; ret 8 > 0x7c920592 : add [edi + 0x5e], ebx; mov eax, ebx; pop ebx; pop ebp; ret 0x10 > 0x7c915e06 : add [edi], ecx; test edx, esi; push 0; add dh, dh; ret > 0x7c903536 : add [eax], al; or [eax], ch; add [eax], eax; ret > 0x7c915765 : add [eax + 0x458b0845], ecx; and [ebx], dh; fstp x[ebx]; ret > 0x7c9158f6 : add [eax + 0x62e8ff5d], ecx; add al, 0; add [ebx], bh; ret > 0x7c956e6c : add [eax + 0xffffffe8], edx; pop ecx; add [eax], eax; pop ebp; ret 0xc > 0x7c956f6a : add [eax + 0xffffffe8], edx; ror [ecx + eax], 1; pop ebp; ret > 0x7c966da6 : add [eax], al; mov [ecx + eax + 0x320], edx; pop ebp; ret 8 > 0x7c921071 : add [eax + ecx + 0x33], esi; rcr [edi + 0x5e], 0x5d; ret 0x10 > 0x7c976b9c : add [ebx + 0x4e9ffc8], al; add [eax], eax; add dh, dh; ret > 0x7c956e69 : add [ebx + 0xe85001c8], al; pop ecx; add [eax], eax; pop ebp; ret 0xc > 0x7c972c65 : add [ebp + eax + 0x6a], esi; add ebx, [eax + 0x5d]; ret > 0x7c9293af : add [ebx + 0xc003084d], cl; mov [ecx], eax; xor eax, eax; pop ebp; ret 0xc > 0x7c958e97 : add [ebx + 0x45ff107d], ecx; sbb [ebx + 0x4b3b184d], cl; or al, 0x72; ret > 0x7c930c87 : add [ecx + 0xfffcfe], al; add [edi], cl; xchg [esi], eax; ret > 0x7c913920 : add [edi], cl; test eax, [edx + 0x56]; add [eax], eax; ret > 0x7c937f1c : add [edi], cl; test ebp, [ecx + 0x55]; add [eax], eax; ret > 0x7c9223b1 : add [eax], eax; or ebx, 1; mov [eax + 8], ebx; pop ebx; pop ebp; ret 4 > 0x7c90fec1 : add [ebx + 0x896602c0], eax; inc ecx; add cl, [ecx + 0xc0330471]; pop esi; pop ebp; ret 8 > 0x7c96b21a : add [ebx + 0xebfffc4d], eax; sbb [eax + 0x90909090], dl; xor eax, eax; inc eax; ret > 0x7c91933b : add [edi], cl; test esp, esp; scasd eax, es:[edi]; add [eax], eax; ret > 0x7c90fa0e : add [eax], eax; rol [edx], 0; rol [ecx], 0; add [eax], eax; ret > 0x7c90fe39 : add [eax], al; mov ecx, [ebp + 8]; mov [eax + 0x34], ecx; pop ebp; ret 4 > 0x7c951d91 : add [eax], al; mov ecx, [ebp + 8]; mov [eax + 0xf24], ecx; pop ebp; ret 4 > 0x7c9631b3 : add [edx], edx; add [ebp + 0xfffde885], cl; call [eax + 0xffffffc7] > 0x7c930369 : add [edx], edx; add [ebp + 0xfffdf485], cl; call [eax + 0xffffffc7] > 0x7c930c85 : add [eax], al; add [ecx + 0xfffcfe], al; add [edi], cl; xchg [esi], eax; ret > 0x7c969612 : add [eax + 0x2c], edx; mov ecx, [ecx + 0xc]; add [eax + 0x5c], ecx; pop ebp; ret 8 > 0x7c969612 : add [eax + 0x2c], edx; mov ecx, [ecx + 0xc]; add [eax + 0x5c], ecx; pop ebp; ret 8 > 0x7c92993d : add [eax], al; mov eax, [ebp + 0x28]; mov [eax], edx; pop edi; pop esi; pop ebp; ret 0x24 > 0x7c97547f : add [ecx + 0x1a89045a], cl; mov [edx + 0x28], ebx; pop edi; pop esi; mov eax, edx; pop ebx; ret > 0x7c92b148 : add [ecx + 0x104d8b08], cl; mov [eax + 8], 1; mov [eax + 4], ecx; pop ebp; ret 0xc > 0x7c903533 : add [esi + 0x11], ah; add [eax], al; or [eax], ch; add [eax], eax; ret > 0x7c901250 : add [esi + 0xffffff89], ah; dec edx; add cl, [ecx + 0x66]; mov [edx], ecx; pop edi; ret 8 > 0x7c97a265 : add [edi + 0x6a], dl; add [ebp + 0xffff1485], ecx; call [eax + 0xffffffe8] > 0x7c919b11 : add [eax], al; mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4 > 0x7c919b11 : add [eax], al; mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4 > 0x7c90fa0d : add [ecx], al; add cl, al; add al, [eax]; rol [ecx], 0; add [eax], eax; ret > 0x7c91f0cd : add [ecx + 0xfffb8cb5], ecx; dec [ecx + 0xfffb9095]; dec [ecx + 0xfffb949d]; jmp [esi + 0xffffff89] > 0x7c920f23 : add [edx + 3], ch; pop eax; mov ecx, [ebp + 0xc]; mov [ecx], esi; pop esi; pop ebp; ret 8 > 0x7c915480 : add [ebx + 0xfc83b09], cl; xchg [edx + 1], edi; add [eax], al; sbb eax, eax; neg eax; pop ebp; ret > 0x7c94c1a4 : add [ebp + 0x80840f37], al; sar ch, 1; dec [ebx + 0xbba445]; add [eax], eax; add [ebx], bh; ret > 0x7c92106c : add [ebp + eax + 0xffffff83], esi; clc ; add [eax + ecx + 0x33], esi; rcr [edi + 0x5e], 0x5d; ret 0x10 > 0x7c919ae9 : add [eax], al; mov ecx, [ebp + 8]; mov ecx, [ecx + 4]; mov [eax + 0xfb0], ecx; pop ebp; ret 4 > 0x7c90ea67 : add [ebx + 0x8b5d08c4], al; inc esp; and al, 8; mov edx, [esp + 0x10]; mov [edx], eax; mov eax, 3; ret > 0x7c903309 : add [ebx + 0x8b04244c], cl; or [ecx + ecx*4 + 0xd], esp; add [eax], al; add [eax], al; ret 4 > 0x7c948950 : add [ecx + 0xd8bd445], cl; inc eax; sub [eax + 0xcd0c8d7c], ebx; cmp bh, 0xff; call [ecx + 0xffffffff] > 0x7c919b0a : add [ebx + 0xb005084d], cl; sldt [eax]; mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4 > 0x7c919b0a : add [ebx + 0xb005084d], cl; sldt [eax]; mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4 > 0x7c931990 : add [edi], ecx; test eax, [ebx]; add eax, [eax]; add [ebx + 0xfffeac85], cl; jmp [esi + 0xffffff83] > 0x7c903304 : add [eax], al; add dl, al; adc [eax], al; mov ecx, [esp + 4]; mov ecx, [ecx]; mov fs:[0], ecx; ret 4 > 0x7c9033c4 : add [ebx + 0x83890045], cl; mov ah, 0; add [eax], al; lea eax, [ebp + 8]; mov [ebx + 0xc4], eax; pop ebx; ret 4 > 0x7c90fa07 : add [esi + 0x3c00002], dh; add [ecx], al; add cl, al; add al, [eax]; rol [ecx], 0; add [eax], eax; ret > 0x7c91ec5c : add [edi], ecx; test bh, [eax]; add al, [eax]; add [ebx + 0xffff6cbd], al; call [ebx + ecx*4] > 0x7c94894e : add [eax], al; add [ecx + 0xd8bd445], cl; inc eax; sub [eax + 0xcd0c8d7c], ebx; cmp bh, 0xff; call [ecx + 0xffffffff] > 0x7c91ec08 : add [ecx + 0xc], eax; mov esi, [ecx + 8]; mov [ecx + esi*4 + 0x10], edx; inc [ecx + 8]; pop esi; pop ebp; ret 0xc > 0x7c9032cb : add [ebp + 0x12], dh; mov ecx, [esp + 8]; mov edx, [esp + 0x10]; mov eax, [ecx + 8]; mov [edx], eax; mov eax, 2; ret 0x10 > 0x7c95903f : add [eax], eax; add [ebp + 0xfffddc85], cl; dec [ecx + 0xfffdc885]; dec [ebp + 0xfffdc085]; call [eax + 0x6a]; add [ebp + 0xfffde085], ecx; call [eax + 0xffffffc7] > 0x7c956f1b : add [eax + 0xffffffe8], edx; pop ds; dec ebp; add [eax], eax; pop ebp; ret > 0x7c939746 : add [edx], ecx; leave ; ret > 0x7c901f2d : add [ebx + 0x5f5e0845], ecx; leave ; ret > 0x7c962164 : add [ecx + 0x5ec03302], ecx; leave ; ret 8 > 0x7c968999 : add [edi + 0x5e], ebx; leave ; ret 4 > 0x7c92131f : add [ebx + 0x5e5f0845], ecx; pop ebx; leave ; ret 0x14 > 0x7c91a4aa : add [ebx + 0x5f118910], ecx; pop esi; leave ; ret 4 > 0x7c95a343 : add [ebx + 0x5f5bcc45], ecx; pop esi; leave ; ret 0x14 > 0x7c912c38 : add [ebx + 0x5f5efc45], ecx; pop ebx; leave ; ret 0xc > 0x7c931bce : add [edi + 0x5e], ebx; pop ebx; leave ; ret 0x10 > 0x7c919890 : add [edi + 0x5e], ebx; pop ebx; leave ; ret 0x1c > 0x7c96de93 : add [edi + 0x5e], ebx; pop ebx; leave ; ret 0x20 > 0x7c9562f9 : add [edi + 0x5e], ebx; pop ebx; leave ; ret 4 > 0x7c916ee0 : add [edi + 0x5e], ebx; pop ebx; leave ; ret 8 > 0x7c91d4c2 : add [ebx], esi; dec [ebx + 0x5b5e5fc7]; leave ; ret 0x10 > 0x7c970a5d : add [edx], eax; pop edi; pop esi; pop ebx; leave ; ret 0xc > 0x7c901f2a : add [eax + 0x458b0147], ecx; or [esi + 0x5f], bl; leave ; ret > 0x7c9374eb : add [eax + 0x5e000009], ecx; mov al, 1; pop ebx; pop edi; leave ; ret > 0x7c936846 : add [eax + eax + 0xc458b00], ecx; pop edi; pop esi; pop ebx; leave ; ret 0x18 > 0x7c901f41 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5f5e0845]; leave ; ret > 0x7c91b274 : add [eax], al; mov [eax + 0xf84], ebx; pop esi; pop ebx; leave ; ret 4 > 0x7c91ef76 : add [ebx], esi; neg [ebx + 0x5f]; mov eax, esi; pop esi; leave ; ret 0x18 > 0x7c92aa40 : add [edi + 0x5b], ebx; mov al, [ebp + 0xffffffff]; pop esi; leave ; ret 8 > 0x7c961e35 : add [esi + 0x38], ecx; mov eax, [ebp + 8]; pop ebx; pop esi; pop edi; leave ; ret 8 > 0x7c901f3e : add [eax + 0x468a0147], ecx; add cl, [eax + 0x458b0247]; or [esi + 0x5f], bl; leave ; ret > 0x7c970a58 : add [esi + 0xffffffc7], esp; inc esi; or al, [ecx]; add bl, [edi + 0x5e]; pop ebx; leave ; ret 0xc > 0x7c92abae : add [ebx + 0xa890c55], cl; mov eax, [eax + 0x44]; mov ecx, [ebp + 0x10]; mov [ecx], eax; leave ; ret 0xc > 0x7c901f37 : add [edx + 0x8a078806], cl; inc esi; add [eax + 0x468a0147], ecx; add cl, [eax + 0x458b0247]; or [esi + 0x5f], bl; leave ; ret