ROPSHELL 
ropshell> use ddfdc0ca6fbb9372402f9e6cb0ed1097 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x78e51000
total gadgets: 12000

ropshell> suggest "load mem"
> 0x78e631e1 : mov eax, [rcx]; ret
> 0x78f1150c : mov rax, [r8 + 0x20]; ret
> 0x78eee116 : mov eax, [rcx + 0x18]; ret
> 0x78efa72e : mov eax, [rdx + 0x38]; ret
> 0x78e75365 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x78e5ece0 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x78e5ece1 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x78ef1be5 : movsxd rax, [rcx + 8]; add rax, rcx; ret
> 0x78ecff82 : mov rax, [rbp + 0x28]; call rax
> 0x78e70dbc : mov rcx, [rbx + 0x30]; call rdi
> 0x78ea6167 : mov rcx, [rdi + 0x30]; call r12
> 0x78f36caa : mov rcx, [r12 + 0x20]; call rax
> 0x78ef8b42 : mov rdx, [rsi + 0x10]; call r10
> 0x78e5452a : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x78f0b091 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop r12; ret
> 0x78e9829b : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x78f1a428 : mov r13, [r11 + 0x20]; mov rsp, r11; pop r15; ret
> 0x78f1ab56 : mov r14, [r11 + 0x20]; mov rsp, r11; pop r15; ret
> 0x78ecff83 : mov eax, [rbp + 0x28]; call rax
> 0x78e70dbd : mov ecx, [rbx + 0x30]; call rdi
> 0x78ea6168 : mov ecx, [rdi + 0x30]; call r12
> 0x78ef8b43 : mov edx, [rsi + 0x10]; call r10
> 0x78e5452b : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x78f0b092 : mov edi, [rbx + 0x18]; mov rsp, r11; pop r12; ret
> 0x78f1a429 : mov ebp, [rbx + 0x20]; mov rsp, r11; pop r15; ret
> 0x78f01bf9 : mov rcx, [rax + 0x60]; bts [rcx + 0xbc], 0x1c; ret
> 0x78e68adc : mov ecx, [rax + 0x4900053d]; add ecx, ebx; jmp rcx
> 0x78ef63e1 : mov rcx, [r8]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x78ed62e6 : mov eax, [rbx]; add [rax], al; call rax
> 0x78ef63e2 : mov ecx, [rax]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x78e6468c : mov rcx, [rdx + 0x18]; inc [rcx + 0x20]; mov eax, 1; ret
> 0x78f4218f : mov rcx, [rsi + 0x60]; mov r9, rsi; call rax
> 0x78e61bed : mov rdx, [rbx + 0x58]; call [rbx + 0x50]
> 0x78ef02d0 : mov rdx, [rcx + 0x20]; cmp [rcx + 0x28], rdx; setb al; ret
> 0x78e6bbe3 : mov rdx, [r11 + 0x50]; mov rcx, r9; call rax
> 0x78f45447 : mov r8, [r10 + 0x48]; mov rcx, r11; call r8
> 0x78e9ba6d : mov r9, [rax + 0x58]; call [r9 + r8*8]
> 0x78e72a3c : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x78e9add7 : mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78e67dfa : mov eax, [rbx + 4]; add r8, r14; call r8
> 0x78e6468d : mov ecx, [rdx + 0x18]; inc [rcx + 0x20]; mov eax, 1; ret
> 0x78f42190 : mov ecx, [rsi + 0x60]; mov r9, rsi; call rax
> 0x78e6bbe4 : mov edx, [rbx + 0x50]; mov rcx, r9; call rax
> 0x78ef02d1 : mov edx, [rcx + 0x20]; cmp [rcx + 0x28], rdx; setb al; ret
> 0x78e9add8 : mov edi, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78ed0250 : mov rcx, [rdx]; xor eax, eax; cmp [r9 + 0xd8], rcx; setle al; ret
> 0x78f06a25 : mov ecx, [rbp]; mov r8, rsi; call [rbx - 8]
> 0x78ecd71a : movzx ecx, [r9]; shr rcx, 1; mov [r10], rcx; add rsp, 0x28; ret
> 0x78e9b8b9 : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x78e77ee3 : mov edx, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x78e9b8ba : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x78e9ae43 : mov edx, [rcx]; mov rcx, [rcx + 8]; mov eax, 1; int 0x2d; int3 ; ret
> 0x78f22453 : mov rax, [rbx + 0x20]; mov [rsp + 0x50], rax; call r15
> 0x78e5442a : mov rax, [rdx + 8]; mov [rax], r8; mov [rdx + 8], rcx; ret
> 0x78ed902e : mov rax, [rsi + 8]; mov rcx, rsi; call [rax]
> 0x78e69ce7 : mov rax, [rdi + 8]; mov rcx, rdi; call [rax + 8]
> 0x78f0b08d : mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop r12; ret
> 0x78ecff7e : mov rcx, [rbp + 0x30]; mov rax, [rbp + 0x28]; call rax
> 0x78eeebf4 : mov rcx, [r11 + 0x48]; mov rdx, r10; call [r11 + 0x40]
> 0x78ed902f : mov eax, [rsi + 8]; mov rcx, rsi; call [rax]
> 0x78e69ce8 : mov eax, [rdi + 8]; mov rcx, rdi; call [rax + 8]
> 0x78ecff7f : mov ecx, [rbp + 0x30]; mov rax, [rbp + 0x28]; call rax
> 0x78eefdaa : mov rax, [r10 + 0x50]; inc r9w; movzx ecx, r9w; movzx eax, [rax + rcx*2]; ret
> 0x78eedd0c : movzx eax, [r8 + 0x14]; mov [rcx + 0xb], 1; mov [rcx + 8], ax; ret
> 0x78eee88f : mov rcx, [r10 + 0x1a0]; mov rbx, [rsp + 8]; mov rax, r9; add [rdx], rcx; ret
> 0x78f1e289 : mov rdx, [rdi + 0x30]; mov rcx, [rdi + 0x60]; mov r9, rdi; call r10
> 0x78e9ad70 : mov r11, [r10 + 0xd0]; mov rcx, r12; mov rdx, r13; mov r8, r14; call r11
> 0x78e9add3 : mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78e9ad71 : mov ebx, [rdx + 0xd0]; mov rcx, r12; mov rdx, r13; mov r8, r14; call r11
> 0x78f1e28a : mov edx, [rdi + 0x30]; mov rcx, [rdi + 0x60]; mov r9, rdi; call r10
> 0x78e9add4 : mov esi, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78e6f7b0 : mov rax, [r9]; mov rdx, r9; lea rcx, [rsp + 0xb8]; call [rax]
> 0x78f06a21 : mov rdx, [rbp + 8]; mov ecx, [rbp]; mov r8, rsi; call [rbx - 8]
> 0x78f06a22 : mov edx, [rbp + 8]; mov ecx, [rbp]; mov r8, rsi; call [rbx - 8]
> 0x78f19158 : mov rax, [r11 + 0x10]; mov rcx, [rsp + 0xf0]; mov rcx, [rcx + 0x18]; call rax
> 0x78ed223c : mov r8, [rbx + 0x18]; lea rdx, [rsp + 0x20]; mov ecx, edi; call [rbx + 0x10]
> 0x78e9ae61 : mov r8, [rdx + 8]; mov dx, [rcx]; mov rcx, [rcx + 8]; mov eax, 2; int 0x2d; int3 ; ret
> 0x78f45440 : mov rdx, [r10 + 0x50]; mov [r8], rcx; mov r8, [r10 + 0x48]; mov rcx, r11; call r8
> 0x78e9adcf : mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78f06887 : mov eax, [r9 + 0xc]; lea rcx, [rcx + rax*8]; mov eax, 1; mov [r10 + 0x18], rcx; add rsp, 0x28; ret
> 0x78f00d84 : mov eax, [r8]; lea rdx, [rsp + 0x38]; xor ecx, ecx; mov [rsp + 0x38], eax; call [rip + 0x816c8]; add rsp, 0x28; ret
> 0x78e77eda : mov r10, [rax + 0x40]; mov [r9 + 0x40], r10; mov r10d, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x78f22216 : mov esi, [rdx + 0x24]; add eax, esi; mov [rsp + 0x94], eax; lea rcx, [rsp + 0x30]; mov rdx, r14; call r15
> 0x78e9adcb : mov r12, [rcx + 0x18]; mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x78ed7666 : mov r8, [rsi + 0x18]; lea rax, [rsp + 0x40]; mov rdx, rsi; mov ecx, 3; mov [rsp + 0x28], rax; mov [rsp + 0x20], r13; call [rsi + 0x20]
> 0x78e69d5d : mov ebx, [rdi + 8]; mov [rsp + 0x1b0], r11d; lea r9, [rsp + 0x1a0]; mov r8, [rsp + 0x198]; mov rdx, rdi; lea rcx, [rsp + 0xb8]; call [rdi]

© 2014 - 2019 - Powered by ROPEME | Contact