ROPSHELL 
ropshell> use a3f93f13f0215a820f1bcd2a026cd946 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6321

ropshell> suggest "load mem"
> 0x18006b710 : movzx eax, [rcx]; ret
> 0x1800ff5fe : mov rax, [r10 + 0x38]; ret
> 0x180060746 : mov eax, [rcx + 0x16b0]; ret
> 0x1800ff5ff : mov eax, [rdx + 0x38]; ret
> 0x180092147 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1800791a0 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x1800791a1 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x1800a0b90 : mov rax, [rcx + 8]; and al, 0xf0; ret
> 0x18010e5fe : movzx eax, [r8]; mov [r10 + 0x20], ax; ret
> 0x1800a23a9 : mov rax, [r9 + 0x30]; call rax
> 0x1800de4bb : mov rbx, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x18004de0d : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800850ad : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180083792 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x1800ccb93 : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x1800dc649 : mov r15, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x18004de0e : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800850ae : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180083793 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop rdi; ret
> 0x1800667b5 : mov rax, [rdx + 0x38]; mov [rdx + 0x38], rcx; ret
> 0x1800f5fcf : mov eax, [r9 + 0x194]; mov [rdx + 0x194], eax; ret
> 0x1800f74c1 : mov rcx, [r8]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x1800f74c2 : mov ecx, [rax]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x18007d9d9 : mov rcx, [rax + 0x48]; cmp [rip + 0xe8bf4], rcx; sete al; ret
> 0x1800f202d : mov rcx, [r10 + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x180087d5f : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x1800d5065 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x18007c76d : mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800a108f : mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x18007d9da : mov ecx, [rax + 0x48]; cmp [rip + 0xe8bf4], rcx; sete al; ret
> 0x1800f202e : mov ecx, [rdx + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x18007c76e : mov esi, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800a1090 : mov edi, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800ff55e : movzx ecx, [r9]; add r8d, ecx; mov [rdx], r9; mov eax, r8d; ret
> 0x1800a3d9c : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800a2403 : mov edx, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800a3d9d : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x18010002a : mov eax, [r9]; mov rbx, [rsp + 8]; mov rdi, [rsp + 0x10]; ret
> 0x1800a0b47 : mov edx, [rcx]; mov rcx, [rcx + 8]; mov eax, 1; int 0x2d; int3 ; ret
> 0x18005122c : mov rsi, [rbp + 0x150]; lea rsp, [rbp + 0x120]; pop r14; pop rdi; pop rbp; ret
> 0x180090344 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x18007ab5f : mov eax, [r10 + 0x98]; and [r10 + 0x64], 0; mov [r10 + 0x68], eax; ret
> 0x18007c769 : mov rdi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x18007361d : mov r8, [rdx + 8]; sub r8, [rcx + 0x18]; xor eax, eax; test r8, r8; sete al; ret
> 0x1800a108b : mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800a108c : mov esi, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x18007c76a : mov edi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800a3e4f : mov r11, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x1800a3e50 : mov ebx, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x1800a3d98 : mov rdx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800a3d99 : mov edx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x180051225 : mov rbx, [rbp + 0x148]; mov rsi, [rbp + 0x150]; lea rsp, [rbp + 0x120]; pop r14; pop rdi; pop rbp; ret
> 0x180051226 : mov ebx, [rbp + 0x148]; mov rsi, [rbp + 0x150]; lea rsp, [rbp + 0x120]; pop r14; pop rdi; pop rbp; ret
> 0x1800a1087 : mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800a23fa : mov r10, [rax + 0x40]; mov [r9 + 0x40], r10; mov r10d, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800a1083 : mov r12, [rcx + 0x18]; mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret

© 2014 - 2019 - Powered by ROPEME | Contact