ropshell> use 911ddf2e16761643a47225f654d811e5 (download) name : ntdll.dll (i386/PE) base address : 0x7c901000 total gadgets: 6968
ropshell> search mov r32 r32 % found 175 gadgets > 0x7c9604fc : mov eax, eax; ret > 0x7c93d8d6 : mov eax, ecx; ret > 0x7c901726 : mov eax, edx; ret > 0x7c902b50 : mov edx, ecx; ret > 0x7c975aaf : mov eax, ebx; pop ebx; ret > 0x7c902b30 : mov eax, ecx; bswap eax; ret > 0x7c90318a : mov eax, ecx; pop ebp; ret 0xc > 0x7c951c92 : mov eax, ecx; pop ebp; ret 8 > 0x7c92a08b : mov eax, edx; pop ebp; ret 8 > 0x7c97548a : mov eax, edx; pop ebx; ret > 0x7c952873 : mov eax, esi; pop esi; ret > 0x7c901820 : mov eax, esi; pop esi; ret 0x10 > 0x7c902bbe : mov eax, edi; pop edi; ret 0xc > 0x7c901210 : mov edi, edi; int3 ; ret > 0x7c972e3d : mov esp, ebx; pop ebx; ret > 0x7c90e502 : mov esp, ebp; pop ebp; ret > 0x7c903132 : mov esp, ebp; pop ebp; ret 0x14 > 0x7c97cdf0 : mov esp, ebp; pop ebp; ret 0xc > 0x7c97ce91 : mov esp, ebp; pop ebp; ret 4 > 0x7c97d14f : mov esp, ebp; pop ebp; ret 8 > 0x7c920595 : mov eax, ebx; pop ebx; pop ebp; ret 0x10 > 0x7c9749e1 : mov eax, ebx; pop ebx; pop ebp; ret 4 > 0x7c902b4e : mov eax, edx; mov edx, ecx; ret > 0x7c956efa : mov eax, edx; pop esi; pop ebp; ret > 0x7c902b93 : mov eax, esi; pop edi; pop esi; ret 0xc > 0x7c9105b0 : mov eax, esi; pop esi; pop ebp; ret > 0x7c9151e7 : mov eax, esi; pop esi; pop ebp; ret 0x14 > 0x7c91ccbf : mov eax, esi; pop esi; pop ebp; ret 0x18 > 0x7c92644c : mov eax, esi; pop esi; pop ebp; ret 0xc > 0x7c920369 : mov eax, esi; pop esi; pop ebp; ret 4 > 0x7c936c8a : mov eax, esi; pop esi; pop ebp; ret 8 > 0x7c937e71 : mov eax, esi; pop esi; pop ebx; ret > 0x7c90178a : mov eax, esi; pop esi; pop ebx; ret 0x10 > 0x7c9731b0 : mov eax, edi; pop edi; pop ebp; ret > 0x7c93343b : mov eax, edi; pop edi; pop ebp; ret 4 > 0x7c9025c1 : mov edi, edi; xor eax, eax; ret > 0x7c95d914 : mov eax, ebx; pop ebx; pop esi; pop ebp; ret 0x24 > 0x7c91f6d7 : mov eax, esi; pop esi; pop ebx; pop ebp; ret 0x10 > 0x7c97aca4 : mov eax, esi; pop esi; pop ebx; pop ebp; ret 4 > 0x7c91053a : mov eax, esi; pop esi; pop edi; pop ebp; ret 0xc > 0x7c918e05 : mov eax, edi; pop edi; pop esi; pop ebp; ret 4 > 0x7c9521d1 : mov eax, edi; pop edi; pop esi; pop ebp; ret 8 > 0x7c90e7f7 : mov eax, edi; pop esi; pop ebx; pop edi; ret > 0x7c92af97 : mov eax, edi; pop esi; pop edi; pop ebp; ret 0x10 > 0x7c90181e : mov ecx, eax; mov eax, esi; pop esi; ret 0x10 > 0x7c903188 : mov edx, eax; mov eax, ecx; pop ebp; ret 0xc > 0x7c967b20 : mov edx, edi; lcall [esi + 0x5d]; ret 4 > 0x7c91a4e3 : mov eax, ebx; pop edi; pop esi; pop ebx; pop ebp; ret 0x10 > 0x7c92ec51 : mov eax, edx; mov [ecx], eax; pop ebp; ret 4 > 0x7c91ebcb : mov eax, edx; pop edi; pop esi; pop ebx; pop ebp; ret 8 > 0x7c966a66 : mov eax, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x14 > 0x7c93142c : mov eax, esi; pop edi; pop esi; pop ebx; pop ebp; ret 0xc > 0x7c96b947 : mov eax, esi; pop esi; pop edi; pop ebx; pop ebp; ret 0xc > 0x7c910739 : mov eax, edi; pop edi; pop esi; pop ebx; pop ebp; ret 0x10 > 0x7c92affd : mov eax, edi; pop edi; pop esi; pop ebx; pop ebp; ret 4 > 0x7c975d7f : mov eax, edi; pop esi; pop ebx; pop edi; pop ebp; ret 0x10 > 0x7c902b4c : mov ecx, eax; mov eax, edx; mov edx, ecx; ret > 0x7c95286c : mov esi, eax; call 1; mov eax, esi; pop esi; ret > 0x7c92a344 : mov edi, esi; jmp [esi + 0xffffff8b] > 0x7c90118a : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10 > 0x7c972e3a : mov esp, ebp; pop ebp; mov esp, ebx; pop ebx; ret > 0x7c90181c : mov ebx, ecx; mov ecx, eax; mov eax, esi; pop esi; ret 0x10 > 0x7c954687 : mov ebx, edi; call [edi + 0x6a] > 0x7c9546b8 : mov ebx, edi; call [esi + 0x6a] > 0x7c949723 : mov edx, esi; cld ; jmp [esi + 0xffffff83] > 0x7c967b1a : mov edx, edi; call [esi + 0xffffffe8] > 0x7c94d6b0 : mov edi, esi; call [eax + 0x56] > 0x7c949e70 : mov edi, esi; call [edi + 0x53] > 0x7c94d72b : mov edi, esi; call [edx + 0x50] > 0x7c901214 : mov edi, edi; mov eax, [esp + 4]; int3 ; ret 4 > 0x7c946b97 : mov ebp, edi; call [edi + 0xffffffe8] > 0x7c946beb : mov ebp, edi; call [edx + 0x74] > 0x7c912225 : mov eax, ebx; sub eax, ecx; pop edi; pop esi; pop ebx; pop ebp; ret 0xc > 0x7c9136e3 : mov ebp, esp; mov eax, [ebp + 8]; inc eax; pop ebp; ret 4 > 0x7c9381ee : mov ecx, edx; and ecx, 3; rep stosb es:[edi], al; pop edi; pop ebp; ret 0xc > 0x7c92c1eb : mov ecx, edx; and ecx, 3; rep stosb es:[edi], al; pop edi; pop ebp; ret 4 > 0x7c90181a : mov edx, ebx; mov ebx, ecx; mov ecx, eax; mov eax, esi; pop esi; ret 0x10 > 0x7c92f152 : mov edi, eax; push edi; push ebx; call [ebp + 0x14] > 0x7c956f9e : mov edi, ebp; lcall [ecx + 0x59]; mov eax, esi; pop esi; pop ebp; ret 0xc > 0x7c92a26f : mov ebp, esp; mov eax, [ebp + 8]; add eax, 2; pop ebp; ret 4 > 0x7c9395e5 : mov ebx, edx; add ebx, eax; add ebx, 0x10; jmp [ebx] > 0x7c964c6c : mov ecx, eax; mov eax, fs:[0x18]; mov [eax + 0x34], ecx; pop ebp; ret 4 > 0x7c92648b : mov ecx, edi; shl al, cl; or [edx], al; pop edi; pop esi; pop ebp; ret 0xc > 0x7c9386ab : mov edi, esp; dec [ebp + 0xfffee885]; call [eax + 0xffffff8d] > 0x7c946bda : mov ebp, edi; dec [ebp + 0xfffdec85]; call [eax + 0xffffffe8] > 0x7c90162c : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x7c901818 : mov ecx, edx; mov edx, ebx; mov ebx, ecx; mov ecx, eax; mov eax, esi; pop esi; ret 0x10 > 0x7c915230 : mov esi, eax; push esi; push [ebp + 8]; call [ebp + 0x18] > 0x7c9136e0 : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; inc eax; pop ebp; ret 4 > 0x7c910080 : mov ebp, esp; mov eax, [ebp + 8]; mov ax, [eax + 4]; pop ebp; ret 4 > 0x7c923b7c : mov ebp, esp; mov eax, [ebp + 8]; mov eax, [eax + 0x14]; pop ebp; ret 4 > 0x7c96419f : mov ebp, esp; mov eax, [ebp + 8]; mov eax, [eax + 0x18]; pop ebp; ret 4 > 0x7c92a26c : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; add eax, 2; pop ebp; ret 4 > 0x7c9136bb : mov ebp, esp; mov eax, [ebp + 8]; lea eax, [eax*4 + 8]; pop ebp; ret 4 > 0x7c938127 : mov ebp, esp; mov eax, [ebp + 8]; test eax, [ebp + 0xc]; setne al; pop ebp; ret 8 > 0x7c967b11 : mov edx, edi; dec [ebp + 0xe8501c46]; dec ecx; mov edx, edi; call [esi + 0xffffffe8] > 0x7c91e38f : mov ebp, esp; mov ecx, [ebp + 8]; xor eax, eax; cmp [ecx], eax; sete al; pop ebp; ret 4 > 0x7c920503 : mov ebx, esi; lea eax, [ebp + 0xfffffffc]; push eax; push esi; push edi; call [ebp + 0x14] > 0x7c91007d : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; mov ax, [eax + 4]; pop ebp; ret 4 > 0x7c923b79 : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; mov eax, [eax + 0x14]; pop ebp; ret 4 > 0x7c96419c : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; mov eax, [eax + 0x18]; pop ebp; ret 4 > 0x7c946fae : mov ebp, edi; dec [ebx + 0x7dfb3bf8]; xorps xmm1, xmm[ebp + 0xfffb9885]; call [eax + 0x68] > 0x7c934fd3 : mov ebp, esp; mov eax, [ebp + 8]; and [eax], 0; and [eax + 4], 0; pop ebp; ret 4 > 0x7c90fe33 : mov ebp, esp; mov eax, fs:[0x18]; mov ecx, [ebp + 8]; mov [eax + 0x34], ecx; pop ebp; ret 4 > 0x7c951d8b : mov ebp, esp; mov eax, fs:[0x18]; mov ecx, [ebp + 8]; mov [eax + 0xf24], ecx; pop ebp; ret 4 > 0x7c9640b1 : mov ebp, esp; mov ecx, [ebp + 8]; xor eax, eax; cmp [ecx + 0x18], eax; sete al; pop ebp; ret 4 > 0x7c901628 : mov eax, esp; test eax, [ecx]; mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x7c9136b8 : mov edi, edi; push ebp; mov ebp, esp; mov eax, [ebp + 8]; lea eax, [eax*4 + 8]; pop ebp; ret 4 > 0x7c9518e6 : mov ebp, esp; mov eax, [ebp + 8]; mov ecx, [ebp + 0xc]; add [eax + 0xb0], ecx; pop ebp; ret 8 > 0x7c927bb7 : mov ebp, esp; push [ebp + 0x14]; push [ebp + 0x10]; push [ebp + 0xc]; call [ebp + 8]; pop ebp; ret 0x10 > 0x7c90117c : mov esi, esp; push [ebp + 0x14]; push [ebp + 0x10]; push [ebp + 0xc]; call [ebp + 8] > 0x7c9131a1 : mov ebp, esp; mov eax, [ebp + 8]; movzx eax, [eax + 1]; lea eax, [eax*4 + 8]; pop ebp; ret 4 > 0x7c95f300 : mov ebp, esp; mov eax, [ebp + 8]; movzx ecx, [eax]; mov eax, [eax + 0xfffffff8]; sub eax, ecx; pop ebp; ret 4 > 0x7c927bb7 : mov ebp, esp; push [ebp + 0x14]; push [ebp + 0x10]; push [ebp + 0xc]; call [ebp + 8] > 0x7c91827b : mov ebp, esp; mov eax, [ebp + 0xc]; mov ecx, [ebp + 8]; lea eax, [ecx + eax*4 + 8]; pop ebp; ret 8 > 0x7c903220 : mov edi, edi; mov eax, [esp + 4]; sub eax, [esp + 0xc]; mov edx, [esp + 8]; sbb edx, [esp + 0x10]; ret 0x10 > 0x7c919ae3 : mov ebp, esp; mov eax, fs:[0x18]; mov ecx, [ebp + 8]; mov ecx, [ecx + 4]; mov [eax + 0xfb0], ecx; pop ebp; ret 4 > 0x7c927bb4 : mov edi, edi; push ebp; mov ebp, esp; push [ebp + 0x14]; push [ebp + 0x10]; push [ebp + 0xc]; call [ebp + 8] > 0x7c951d6d : mov eax, ecx; leave ; ret > 0x7c92d6ef : mov eax, ebx; pop ebx; leave ; ret > 0x7c91e5af : mov eax, ebx; pop ebx; leave ; ret 0x14 > 0x7c95f133 : mov eax, ebx; pop ebx; leave ; ret 0x18 > 0x7c927d73 : mov eax, ebx; pop ebx; leave ; ret 0xc > 0x7c9546c5 : mov eax, ebx; pop ebx; leave ; ret 4 > 0x7c968ae8 : mov eax, ebx; pop ebx; leave ; ret 8 > 0x7c91f3f2 : mov eax, edx; pop edi; leave ; ret > 0x7c918531 : mov eax, esi; pop esi; leave ; ret > 0x7c91ef7b : mov eax, esi; pop esi; leave ; ret 0x18 > 0x7c92c856 : mov eax, esi; pop esi; leave ; ret 0x20 > 0x7c931041 : mov eax, esi; pop esi; leave ; ret 0xc > 0x7c92dbba : mov eax, esi; pop esi; leave ; ret 4 > 0x7c92de04 : mov eax, edi; pop edi; leave ; ret 0xc > 0x7c92eedc : mov eax, ebx; pop ebx; pop esi; leave ; ret 0x1c > 0x7c965269 : mov eax, ebx; pop ebx; pop esi; leave ; ret 8 > 0x7c960a4d : mov eax, edx; pop edi; pop esi; leave ; ret 0x10 > 0x7c929e2f : mov eax, esi; pop esi; pop ebx; leave ; ret 4 > 0x7c97aadf : mov eax, esi; pop esi; pop ebx; leave ; ret 8 > 0x7c933531 : mov eax, esi; pop esi; pop edi; leave ; ret 0xc > 0x7c902977 : mov eax, edi; cld ; pop edi; leave ; ret > 0x7c933ca8 : mov eax, edi; pop edi; pop ebx; leave ; ret > 0x7c91598e : mov eax, edi; pop edi; pop ebx; leave ; ret 8 > 0x7c925c0d : mov eax, edi; pop edi; pop esi; leave ; ret > 0x7c968eb2 : mov eax, edi; pop edi; pop esi; leave ; ret 0x10 > 0x7c976543 : mov eax, edi; pop edi; pop esi; leave ; ret 0x20 > 0x7c951ea5 : mov eax, edi; pop edi; pop esi; leave ; ret 4 > 0x7c965672 : mov eax, edi; pop edi; pop esi; leave ; ret 8 > 0x7c951d6b : mov ecx, eax; mov eax, ecx; leave ; ret > 0x7c937980 : mov eax, ebx; pop edi; pop esi; pop ebx; leave ; ret > 0x7c92f0e5 : mov eax, ebx; pop edi; pop esi; pop ebx; leave ; ret 0x14 > 0x7c933390 : mov eax, ebx; pop edi; pop esi; pop ebx; leave ; ret 0x18 > 0x7c902816 : mov eax, ecx; pop ebx; pop esi; pop edi; leave ; ret > 0x7c917cc5 : mov eax, edx; pop edi; pop esi; pop ebx; leave ; ret 0x20 > 0x7c96e2f7 : mov eax, esi; pop edi; pop ebx; pop esi; leave ; ret 0x18 > 0x7c97072f : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret > 0x7c95fdcb : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 0x10 > 0x7c9155fc : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 0x14 > 0x7c9324d4 : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 0x24 > 0x7c932578 : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 0x44 > 0x7c963a9a : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 4 > 0x7c91a401 : mov eax, esi; pop edi; pop esi; pop ebx; leave ; ret 8 > 0x7c9606ab : mov eax, esi; pop esi; pop ebx; pop edi; leave ; ret 8 > 0x7c9313b0 : mov eax, esi; pop esi; pop edi; pop ebx; leave ; ret 8 > 0x7c91d4c5 : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 0x10 > 0x7c91ca0f : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 0x14 > 0x7c91da6e : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 0x1c > 0x7c95e46e : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 0x28 > 0x7c9598c2 : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 0xc > 0x7c91c8d3 : mov eax, edi; pop edi; pop esi; pop ebx; leave ; ret 8 > 0x7c917130 : mov eax, edi; pop esi; pop ebx; pop edi; leave ; ret 0x18 > 0x7c968ae5 : mov edx, esi; pop esi; mov eax, ebx; pop ebx; leave ; ret 8 > 0x7c933ca6 : mov edi, eax; mov eax, edi; pop edi; pop ebx; leave ; ret > 0x7c96b1dd : mov ecx, ebx; xadd [eax], ecx; mov al, bl; pop esi; pop ebx; leave ; ret 8 > 0x7c97bbbb : mov ecx, edx; and ecx, 3; rep movsb es:[edi], [esi]; pop esi; pop edi; leave ; ret 8 > 0x7c972fb4 : mov ebp, esp; push ecx; fnstsw [ebp + 0xfffffffc]; fnclex ; movsx eax, [ebp + 0xfffffffc]; leave ; ret > 0x7c972f9f : mov ebp, esp; push ecx; wait ; fnstsw [ebp + 0xfffffffc]; movsx eax, [ebp + 0xfffffffc]; leave ; ret