ROPSHELL 
ropshell> use b0685fcead72b1dff7130f3ce152549f (download)
name         : KernelBase.dll (x86_64/RAW)
base address : 0x0
total gadgets: 19289

ropshell> suggest "load mem"
> 0x00010f86 : mov eax, [rcx]; ret
> 0x00010f85 : mov eax, [r9]; ret
> 0x003ac2bd : mov edx, [rax]; ret
> 0x000a99df : mov edi, [rax + 0x505]; ret
> 0x0001f195 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x0026180e : mov eax, [rbx]; add [rax], al; ret
> 0x000ab73c : mov ecx, [rsi]; fadd st(1); xor eax, eax; ret
> 0x00156ec6 : mov eax, [rcx + 0xa8]; add eax, edx; ret
> 0x00137d09 : mov rax, [rcx + 8]; mov [rcx], rax; ret
> 0x000d05f3 : mov rax, [r8 + 8]; mov [rdx], rax; ret
> 0x00071039 : mov rbx, [r11 + 0x10]; mov rsp, r11; pop rdi; ret
> 0x0003ea06 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x000073f7 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x00024956 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop r14; ret
> 0x00084d71 : mov r12, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x000ceab2 : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x00089547 : mov r15, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x000a2ce9 : mov edx, [rax + 0x12]; sub dl, [rdi - 0x3fcc6d44]; ret
> 0x0003ea07 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x000073f8 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x00024957 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop r14; ret
> 0x000fa7d2 : mov ebx, [rsi]; stc ; jmp [rbp + 0x48]
> 0x0007aa25 : mov eax, [rdi]; add [rax + 1], bh; add rsp, 0x28; ret
> 0x0013825b : mov eax, [r8]; shr eax, 4; and al, 1; add rsp, 0x28; ret
> 0x00076899 : mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x0000409a : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x0007689a : mov edi, [rbp + 0x40]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x000cd1fd : mov rax, [r9]; call [rip + 0x19459a]; xor eax, eax; add rsp, 0x28; ret
> 0x000f2bd4 : mov rax, [rdx + 0x18]; mov [r8 + 0x18], rax; mov rax, rcx; ret
> 0x000f2bd5 : mov eax, [rdx + 0x18]; mov [r8 + 0x18], rax; mov rax, rcx; ret
> 0x0013f95c : mov rax, [rdx]; mov [rcx], rax; mov rax, rcx; and [rdx], 0; ret
> 0x0013f95d : mov eax, [rdx]; mov [rcx], rax; mov rax, rcx; and [rdx], 0; ret
> 0x000a87a1 : mov ecx, [rax]; xor eax, eax; dec ecx; mov [rdx + rcx*2], ax; ret
> 0x000a5aec : mov ecx, [rdi]; movsb [rdi], [rsi]; xchg eax, edx; mov eax, 0x13; ret
> 0x000a87a0 : mov ecx, [r8]; xor eax, eax; dec ecx; mov [rdx + rcx*2], ax; ret
> 0x00005586 : mov rbx, [rbp + 0x70]; lea rsp, [rbp + 0x40]; pop rdi; pop rsi; pop rbp; ret
> 0x00088672 : mov rsi, [rbp + 0x60]; lea rsp, [rbp + 0x30]; pop r14; pop rdi; pop rbp; ret
> 0x00005587 : mov ebx, [rbp + 0x70]; lea rsp, [rbp + 0x40]; pop rdi; pop rsi; pop rbp; ret
> 0x000a6aa9 : mov edx, [rcx + 0x72]; fsub [rdi]; push rsp; xchg eax, edx; xor eax, eax; ret
> 0x00088673 : mov esi, [rbp + 0x60]; lea rsp, [rbp + 0x30]; pop r14; pop rdi; pop rbp; ret
> 0x00006ed6 : mov rcx, [rax + 0x20]; mov [rcx + 0x28], rdx; mov eax, 1; add rsp, 0x28; ret
> 0x00006ed7 : mov ecx, [rax + 0x20]; mov [rcx + 0x28], rdx; mov eax, 1; add rsp, 0x28; ret
> 0x000025c1 : mov rax, [rcx]; movabs r10, -0x3d6b41d6ed219e90; mov rax, [rax + 0x18]; call [rip + 0x25f1c8]; add rsp, 0x28; ret
> 0x000cd1f9 : mov rdx, [r9 + 8]; mov rax, [r9]; call [rip + 0x19459a]; xor eax, eax; add rsp, 0x28; ret
> 0x000a84f9 : mov edx, [rbx + 0x70]; sahf ; int 0xf6; xor eax, eax; mov [rdx], eax; mov [rdx + 4], ax; ret
> 0x0015676c : mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x0011cff8 : mov rax, [rbp + 0xf]; lea r11, [rsp + 0xa0]; mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x0011cff9 : mov eax, [rbp + 0xf]; lea r11, [rsp + 0xa0]; mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x00156764 : movsx rcx, [r10 + 0x100]; mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x00156765 : movsx ecx, [rdx + 0x100]; mov rax, [rbx]; add rcx, rcx; mov [r10 + rcx*8 + 8], rax; inc [r10 + 0x100]; mov rbx, [rsp + 8]; ret
> 0x0010ea7d : movzx eax, [r8 + 2]; mov [r10 + rcx*4 + 0x6a], ax; movzx eax, [r8]; mov [r10 + rcx*4 + 0x6c], ax; mov [r10 + rcx*4 + 0x74], edx; mov [r10 + rcx*4 + 0x70], r9d; ret
> 0x00089b39 : mov ebx, [rdx + 0x78]; mov ss:[rbp - 0x5efa74b8], ds; shr [rax + rax], cl; ret

© 2014 - 2019 - Powered by ROPEME | Contact