ROPSHELL 
ropshell> use 911ddf2e16761643a47225f654d811e5 (download)
name         : ntdll.dll (i386/PE)
base address : 0x7c901000
total gadgets: 6968

ropshell> suggest "load mem"
> 0x7c90e2b5 : mov eax, [edx + 4]; ret
> 0x7c913a5e : mov edi, [ebp + 0xffffffdc]; ret
> 0x7c971773 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x7c91e45b : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x7c973167 : movzx eax, [ecx]; inc ecx; mov [edx], ecx; ret
> 0x7c912df9 : mov eax, [esi + 0x20]; pop esi; pop ebx; pop ebp; ret 0x10
> 0x7c9032a3 : mov ecx, [ebp + 0x18]; call ecx
> 0x7c90162e : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x7c9032d6 : mov eax, [ecx + 8]; mov [edx], eax; mov eax, 2; ret 0x10
> 0x7c963cc4 : mov ecx, [esi]; mov [eax], ecx; pop edi; pop esi; pop ebx; pop ebp; ret 8
> 0x7c902b11 : mov eax, [edx]; mov edx, [edx + 4];  cmpxchg8b [ebp]; pop ebp; pop ebx; ret 4
> 0x7c926be6 : mov eax, [esi]; mov [edi], ax; xor eax, eax; pop edi; pop esi; pop ebp; ret 0xc
> 0x7c919b13 : mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4
> 0x7c92075a : mov ecx, [edi]; movzx eax, ax; mov [eax + ecx], 0; pop edi; pop esi; pop ebp; ret 0x14
> 0x7c9718d2 : mov ebx, [ebp + 0xc]; push ebx; push [ebp + 8]; call [ebp + 0x18]
> 0x7c9206fa : mov ecx, [esi + 4]; shr eax, 1; and [ecx + eax*2], 0; pop esi; pop ebp; ret 8
> 0x7c91bb91 : mov edx, [ecx]; mov ax, [ebp + 8]; mov [edx], ax; add [ecx], 2; pop ebp; ret
> 0x7c91c25c : mov eax, [ebx + 0xc]; mov ecx, [ebp + 0xffffffcc]; mov [eax + 0x24], ecx; xor ecx, ecx; ret
> 0x7c9695ae : mov edx, [ecx + 8]; sub [eax + 0x3c], edx; and [ecx + 0x24], 0; pop esi; pop ebp; ret 0xc
> 0x7c92cf2a : movzx edx, [esi + 2]; sub edx, ecx; mov [eax + 8], edx; xor eax, eax; pop esi; pop ebp; ret 0x10
> 0x7c91ec0b : mov esi, [ecx + 8]; mov [ecx + esi*4 + 0x10], edx; inc [ecx + 8]; pop esi; pop ebp; ret 0xc
> 0x7c924a86 : mov esi, [ebp + 8]; lea eax, [edi + 0x18]; push eax; push esi; call [esi + 0x1c]
> 0x7c9033c5 : mov eax, [ebp]; mov [ebx + 0xb4], eax; lea eax, [ebp + 8]; mov [ebx + 0xc4], eax; pop ebx; ret 4
> 0x7c9536ae : mov edi, [eax]; lea ebx, [ebp + 0xfffffffc]; push ebx; push edx; push ecx; push eax; call [edi + 0x10]
> 0x7c9641c4 : mov esi, [edi + 8]; lea eax, [esi + 0x10]; push eax; push [ebp + 0xc]; push edi; call [edi + 0x28]
> 0x7c910425 : mov ecx, [eax + 0x20]; mov [ebp + 0xffffffe4], ecx; and [ebp + 0xfffffffc], 0; push [eax + 0x1c]; call [ebp + 0xffffffe4]

© 2014 - 2019 - Powered by ROPEME | Contact