ROPSHELL 
ropshell> use caaf1d03a067c40c069c6b3b5f6aa406 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6238

ropshell> suggest "write mem"
> 0x18007e88f : add [rbx], edi; ret
> 0x1800a6148 : adc [rdx], eax; ret
> 0x180076838 : add [rdi], ecx; ret
> 0x180076837 : add [r15], ecx; ret
> 0x18007345a : add [rax + 1], edi; ret
> 0x18006c446 : add [rbx + 0x27401f8], eax; ret
> 0x1800a6162 : adc [rcx + 0x10], eax; ret
> 0x180079dcf : adc [rdx + 0x10], ecx; ret
> 0x1800aa424 : add [rbp + 0x3b], eax; ret
> 0x180013939 : adc [rbp + 2], esi; ret
> 0x1800f6763 : add [rax], ebx; bt eax, ecx; setb al; ret
> 0x1800a5e23 : adc [rbx], ecx; movaps xmm[rcx - 0x10], xmm0; ret
> 0x1800fd2e6 : add [rdx], esi; ror [rax - 0x7d], 0xc4; ret
> 0x1800a615e : adc [rcx], eax; movups xmm[r9 + 0x10], xmm0; ret
> 0x180082800 : add [rbx + 3], esi; mov [rcx], r8d; ret
> 0x18006e713 : add [rbp + 0x88504], ecx; add [rax], al; ret
> 0x18006e712 : add [r13 + 0x88504], ecx; add [rax], al; ret
> 0x1800a5cf1 : add [rdx + 0xf], eax; adc [rcx + rax - 0x10], ecx; ret
> 0x18005603e : adc [rax + 3], ecx; ror [rcx - 0x77], 1; mov eax, ecx; ret
> 0x180068d45 : add [rdx + 0xa], esi; xor eax, eax; cmp [rcx], r8d; seta al; ret
> 0x180086295 : add [rsi], ebp; xor [rbp - 0x78], al; push rsp; or eax, [rbx]; mov eax, r10d; add rsp, 0x28; ret
> 0x18003148c : add [rbx + 0x2418902], ecx; movzx eax, [rdx + 4]; mov [rcx + 6], ax; xor eax, eax; ret
> 0x1800e95d4 : add [rcx], edi; add dh, [rdx + 8]; mov al, [rdx]; mov [rcx], al; xor eax, eax; ret
> 0x180059c3a : add [rbx], ebp; rol [rcx - 0x77], 1; add cl, [rbx + 0x5c8b48c2]; and al, 8; mov rsi, [rsp + 0x10]; ret
> 0x180059c39 : add [r11], ebp; rol [rcx - 0x77], 1; add cl, [rbx + 0x5c8b48c2]; and al, 8; mov rsi, [rsp + 0x10]; ret
> 0x1800aecff : add [rbx + 0x3983fff5], edx; add [rdi], cl; test [rsi], dl; xchg eax, ebx; cmc ; jmp [rbp + 0x48]
> 0x18008f4cd : add [rcx + 0x46894101], esi; mov r8d, [rbx + rdx*8 + 0xc]; mov rdx, r13; add r8, r15; call r8
> 0x1800720fb : add [rcx + 0x18], rax; mov eax, [rcx + 0x10]; mov [rcx + rax*8 + 0x20], r8; mov eax, edx; inc [rcx + 0x10]; ret

© 2014 - 2019 - Powered by ROPEME | Contact