ROPSHELL 
ropshell> use d051839a298060557fc2e44868ca8ae6 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 8395

ropshell> suggest "load mem"
> 0x180061ca0 : movzx eax, [rcx]; ret
> 0x18000b06d : mov edx, [rbx]; ret
> 0x180010428 : mov ebp, [rax]; ret
> 0x1800e1752 : mov rax, [rcx + 0x24]; ret
> 0x180073760 : mov eax, [rcx + 0x24]; ret
> 0x1800ea049 : mov eax, [rdx + 0x38]; ret
> 0x1800f9723 : mov ebx, [rcx + 0x235a8279]; ret
> 0x180086e65 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x180069840 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x180069841 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x1800ccc61 : mov rbx, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x18001dcf5 : mov rcx, [rsi + 0x28]; call rbx
> 0x180018b98 : mov rcx, [rdi + 0x28]; call rbx
> 0x1800700b5 : mov rcx, [rbp + 0x10]; call r14
> 0x18007aeb2 : mov rcx, [r15 + 0x10]; call rbx
> 0x180050faf : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18001a943 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1800eb9f4 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x180051f1c : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x18001dcf6 : mov ecx, [rsi + 0x28]; call rbx
> 0x18007aeb3 : mov ecx, [rdi + 0x10]; call rbx
> 0x1800700b6 : mov ecx, [rbp + 0x10]; call r14
> 0x180050fb0 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18001a944 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1800eb9f5 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop rdi; ret
> 0x1801033d7 : mov ecx, [rsi]; mov r8, rbp; call rbx
> 0x1801033d6 : mov ecx, [r14]; mov r8, rbp; call rbx
> 0x1800e5060 : mov rcx, [r8]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x1800e5061 : mov ecx, [rax]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x1800e006d : mov rcx, [r10 + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x18006d1db : mov rdx, [rdi + 0x38]; mov rcx, rsi; call rbx
> 0x1800b0dfd : mov rdi, [rbp + 0x628]; lea rsp, [rbp + 0x600]; pop rbp; ret
> 0x1800cb6ea : mov r12, [r11 + 0x30]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x1800933d7 : mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800e006e : mov ecx, [rdx + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x180016db5 : mov edx, [rdi + 0x10]; mov rcx, rbx; call r13
> 0x180016db4 : mov edx, [r15 + 0x10]; mov rcx, rbx; call r13
> 0x1800933d8 : mov edi, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800b0dfe : mov edi, [rbp + 0x628]; lea rsp, [rbp + 0x600]; pop rbp; ret
> 0x1800f71f0 : mov rax, [r9 + 0x30]; mov [r10 + 0x28], rax; add rsp, 0x28; ret
> 0x1800942b9 : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800934f3 : mov edx, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800942ba : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800e5275 : mov rcx, [rax]; cmp [rcx + 0x10], rax; cmove rdx, rcx; mov rax, rdx; ret
> 0x1800922b7 : mov edx, [rcx]; mov rcx, [rcx + 8]; mov eax, 1; int 0x2d; int3 ; ret
> 0x18003aa2b : mov rdx, [rbx + 0x58]; mov r8, rbx; mov rcx, r14; call rdi
> 0x18003afdc : mov rdx, [rsi + 0xa0]; mov r8, rsi; mov rcx, r14; call rbx
> 0x18003aa2c : mov edx, [rbx + 0x58]; mov r8, rbx; mov rcx, r14; call rdi
> 0x18003afdd : mov edx, [rsi + 0xa0]; mov r8, rsi; mov rcx, r14; call rbx
> 0x1800a0b0c : mov rbx, [rax]; mov rcx, rbx; mov rax, [rip + 0xa06b7]; call rax
> 0x1800a0b0d : mov ebx, [rax]; mov rcx, rbx; mov rax, [rip + 0xa06b7]; call rax
> 0x1800609c9 : mov rax, [rdx + 0x17c0]; mov [rcx + 8], rax; mov [rdx + 0x17c0], rcx; ret
> 0x1800eab3e : mov rax, [r10 + 0x50]; inc r9w; movzx ecx, r9w; movzx eax, [rax + rcx*2]; ret
> 0x1801033d2 : mov rdx, [r14 + 8]; mov ecx, [r14]; mov r8, rbp; call rbx
> 0x1800fd761 : movzx eax, [r8 + 0x14]; mov [rcx + 0xb], 1; mov [rcx + 8], ax; ret
> 0x1800a3ebe : mov rbx, [rcx]; mov rcx, rbx; call [rip + 0x9d306]; mov rcx, rdi; call rbx
> 0x1800abd1c : mov rdi, [rax]; mov rcx, rdi; call [rip + 0x954a8]; mov rcx, rbx; call rdi
> 0x1800a3ebf : mov ebx, [rcx]; mov rcx, rbx; call [rip + 0x9d306]; mov rcx, rdi; call rbx
> 0x1800abd1d : mov edi, [rax]; mov rcx, rdi; call [rip + 0x954a8]; mov rcx, rbx; call rdi
> 0x180067bd3 : mov rbx, [rdi + 0x18]; mov rcx, rbx; mov rax, [rip + 0xd95ef]; call rax
> 0x18006608a : mov rbx, [r15 + 0xf0]; mov rcx, r12; mov rax, [rip + 0xdb135]; call rax
> 0x1800b0df6 : mov rsi, [rbp + 0x620]; mov rdi, [rbp + 0x628]; lea rsp, [rbp + 0x600]; pop rbp; ret
> 0x18001a3fb : mov r8, [rdi + 0x18]; lea rdx, [rsp + 0x20]; mov ecx, esi; call rbx
> 0x180093370 : mov r11, [r10 + 0xd0]; mov rcx, r12; mov rdx, r13; mov r8, r14; call r11
> 0x1800933d3 : mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x18001a3fc : mov eax, [rdi + 0x18]; lea rdx, [rsp + 0x20]; mov ecx, esi; call rbx
> 0x180093371 : mov ebx, [rdx + 0xd0]; mov rcx, r12; mov rdx, r13; mov r8, r14; call r11
> 0x180067bd4 : mov ebx, [rdi + 0x18]; mov rcx, rbx; mov rax, [rip + 0xd95ef]; call rax
> 0x1800933d4 : mov esi, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800b0df7 : mov esi, [rbp + 0x620]; mov rdi, [rbp + 0x628]; lea rsp, [rbp + 0x600]; pop rbp; ret
> 0x1800c57c3 : mov rbx, [rax + 0x18]; mov rcx, rdi; call [rip + 0x7ba00]; mov rcx, rbx; call rdi
> 0x1800942b5 : mov rdx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800c57c4 : mov ebx, [rax + 0x18]; mov rcx, rdi; call [rip + 0x7ba00]; mov rcx, rbx; call rdi
> 0x1800942b6 : mov edx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800922d5 : mov r8, [rdx + 8]; mov dx, [rcx]; mov rcx, [rcx + 8]; mov eax, 2; int 0x2d; int3 ; ret
> 0x1800a0b08 : mov rax, [rdi + 8]; mov rbx, [rax]; mov rcx, rbx; mov rax, [rip + 0xa06b7]; call rax
> 0x180060f33 : mov rbx, [rcx + 0x30]; mov rcx, rbx; call [rip + 0xe0290]; mov edx, r12d; mov rcx, r14; call rbx
> 0x18009f1a0 : mov rbx, [rbp + 0x28]; mov rcx, rbx; call [rip + 0xa2023]; mov rcx, [rbp + 0x30]; call rbx
> 0x1800e57f5 : mov rbx, [r14 + 0x18]; mov rcx, rbx; call [rip + 0x5b9ce]; mov rdx, r12; mov rcx, r13; call rbx
> 0x1800e57f6 : mov ebx, [rsi + 0x18]; mov rcx, rbx; call [rip + 0x5b9ce]; mov rdx, r12; mov rcx, r13; call rbx
> 0x18009f1a1 : mov ebx, [rbp + 0x28]; mov rcx, rbx; call [rip + 0xa2023]; mov rcx, [rbp + 0x30]; call rbx
> 0x180010079 : mov eax, [rdi]; cmpsb [rsi], [rdi]; add [rax], al; add [rax], al; adc [rax + 0x7e], bh; ret
> 0x1800abd18 : mov rax, [rbx + 8]; mov rdi, [rax]; mov rcx, rdi; call [rip + 0x954a8]; mov rcx, rbx; call rdi
> 0x18001de7a : mov rax, [rsi + 8]; mov rbx, [rax]; mov rcx, rbx; call [rip + 0x123346]; mov rcx, rsi; call rbx
> 0x180053431 : mov rax, [rbp + 0x68]; mov r8, rsi; mov edx, 1; mov rcx, r12; mov [rsp + 0x20], rax; call rbx
> 0x1800933cf : mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800abd19 : mov eax, [rbx + 8]; mov rdi, [rax]; mov rcx, rdi; call [rip + 0x954a8]; mov rcx, rbx; call rdi
> 0x18001de7b : mov eax, [rsi + 8]; mov rbx, [rax]; mov rcx, rbx; call [rip + 0x123346]; mov rcx, rsi; call rbx
> 0x180053432 : mov eax, [rbp + 0x68]; mov r8, rsi; mov edx, 1; mov rcx, r12; mov [rsp + 0x20], rax; call rbx
> 0x18001dce5 : mov rbx, [rsi + 0x20]; mov rcx, rbx; call [rip + 0x1234de]; mov dl, dil; mov rcx, [rsi + 0x28]; call rbx
> 0x1800934ea : mov r10, [rax + 0x40]; mov [r9 + 0x40], r10; mov r10d, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800e6186 : mov rdx, [r15 + 8]; mov r9, rbx; xor ecx, ecx; mov [rsp + 0x28], rbp; mov [rsp + 0x20], r14d; call rdi
> 0x18003c4c6 : mov r9, [r15 + 0x30]; and [rsp + 0x20], 0; lea rcx, [rsp + 0x70]; mov r8, rbx; mov rdx, r13; call r14
> 0x180080e00 : mov rcx, [r14]; and [rsp + 0x20], 0; mov r9d, 8; lea r8, [rsp + 0x58]; lea edx, [r9 + 0x12]; call rbx
> 0x18003aa1e : mov rdi, [rbx + 0x50]; mov rcx, rdi; call [rip + 0x1067a5]; mov rdx, [rbx + 0x58]; mov r8, rbx; mov rcx, r14; call rdi
> 0x180061113 : mov rdi, [r14 + 0x28]; mov rcx, rdi; call [rip + 0xe00b0]; lea r8, [rsi + 0x28]; mov rdx, r12; mov rcx, r14; call rdi
> 0x1800e556e : mov rdi, [r15 + 0x48]; mov rcx, rdi; call [rip + 0x5bc55]; lea r8, [rsi + 0x20]; mov rdx, r12; mov rcx, r15; call rdi
> 0x180061114 : mov edi, [rsi + 0x28]; mov rcx, rdi; call [rip + 0xe00b0]; lea r8, [rsi + 0x28]; mov rdx, r12; mov rcx, r14; call rdi
> 0x180101f1c : mov r9, [r14 + 8]; mov [rsp + 0x28], eax; mov r8, rsi; mov rdx, rbx; mov rcx, rbp; mov [rsp + 0x20], r15; call rdi
> 0x1800933cb : mov r12, [rcx + 0x18]; mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800ce0f5 : mov eax, [rsi]; mov rdx, [rsp + 0x68]; mov rcx, [rbp + 0x38]; mov [rsp + 0x28], r15; mov [rsp + 0x20], eax; call rbx
> 0x18003e403 : mov r8, [rbx + 0x18]; lea rax, [rbp - 0x11]; mov rdx, rbx; mov ecx, 3; mov [rsp + 0x28], rax; and [rsp + 0x20], 0; call r14
> 0x1800e6182 : mov r8, [rsi + 0x10]; mov rdx, [r15 + 8]; mov r9, rbx; xor ecx, ecx; mov [rsp + 0x28], rbp; mov [rsp + 0x20], r14d; call rdi

© 2014 - 2019 - Powered by ROPEME | Contact