ROPSHELL 
ropshell> use f041baaf75aae07d3f96385dd209dd37 (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 7426

ropshell> suggest "load mem"
> 0x1c014ae90 : mov rax, [rcx]; ret
> 0x1c014ae91 : mov eax, [rcx]; ret
> 0x1c0184284 : mov rax, [rcx + 0x108]; ret
> 0x1c00812ce : mov rax, [rdx + 0x10]; ret
> 0x1c0184285 : mov eax, [rcx + 0x108]; ret
> 0x1c00812cf : mov eax, [rdx + 0x10]; ret
> 0x1c0089a44 : mov rcx, [rax]; mov [r9], rcx; ret
> 0x1c0089a45 : mov ecx, [rax]; mov [r9], rcx; ret
> 0x1c013eeba : mov eax, [rdx]; mov [r9 + 4], eax; ret
> 0x1c0025a78 : mov eax, [r8]; cmp [rdx], eax; sete al; ret
> 0x1c0129419 : mov rax, [r9 + 8]; mov [r8], rax; ret
> 0x1c007b348 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c00a2fbb : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1c0111e20 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c00493c3 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x1c012942f : movzx eax, [r9 + 8]; mov [r8], eax; ret
> 0x1c007b349 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c00a2fbc : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1c0111e21 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c010dfa1 : mov ecx, [rdi]; add [rbx], bl; add rsp, 0x28; ret
> 0x1c0170515 : mov edx, [rsi]; add [rax], al; add rsp, 0x58; ret
> 0x1c0130c2e : mov rax, [r10 + 0x140]; mov [r9 + 0x1f8], rax; ret
> 0x1c006578b : mov edx, [rcx + 0x1a8]; mov eax, edx; add rsp, 0x28; ret
> 0x1c01a3e91 : mov r8, [rax]; mov [rip + 0x66d75], r8; xor eax, eax; ret
> 0x1c0131142 : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r15; pop r14; pop r12; ret
> 0x1c004beba : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r13; pop rbp; ret
> 0x1c001c394 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x1c012e320 : mov rcx, [rax + 0x80]; mov [r8 + 8], rcx; xor eax, eax; ret
> 0x1c012e321 : mov ecx, [rax + 0x80]; mov [r8 + 8], rcx; xor eax, eax; ret
> 0x1c007a8c3 : movzx edx, [r9 + 0x18]; sub dx, ax; add [rcx + 0x20], dx; ret
> 0x1c01c06f1 : mov rcx, [r8]; call [rip + 0x5eafd]; nop [rax + rax]; add rsp, 0x28; ret
> 0x1c011ee35 : mov rdx, [rcx]; cmp rax, rdx; cmove r8, rdx; mov rax, r8; add rsp, 0x28; ret
> 0x1c011ee36 : mov edx, [rcx]; cmp rax, rdx; cmove r8, rdx; mov rax, r8; add rsp, 0x28; ret
> 0x1c00edb81 : mov ebp, [rdx]; adc eax, [rax]; nop [rax + rax]; add rsp, 0x28; ret
> 0x1c0092966 : mov rax, [r8 + 0x20]; movups xmm0, xmm[rax + 0xc]; movdqu xmm[rdx + 0x10], xmm0; ret
> 0x1c00a6d14 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x1c019cda0 : mov rcx, [r9 + 0x400]; call [rip + 0x8231a]; nop [rax + rax]; add rsp, 0x28; ret
> 0x1c0136222 : movzx eax, [r10 + 0x58]; add rax, rax; mov [r9 + rax*8 + 8], rcx; ret
> 0x1c00a6d15 : mov ecx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x1c0177228 : movzx ecx, [r8 + 0xa]; add cx, [r8 + 8]; mov [r9 + 0x56], cx; ret
> 0x1c010ba41 : mov ebp, [rax + 0x110f000f]; and [rcx + 0x4c], 0; mov [rcx + 0x48], 0x1c0; ret
> 0x1c00ab983 : mov ebp, [rdx + rax]; add cl, ch; int3 ; add esi, esi; jmp [rsi + rdi*8]
> 0x1c00a6ecf : mov r11, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x1c00a6ed0 : mov ebx, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x1c00f907d : mov edx, [rax + 0x18]; sub edx, [rcx + 0x198]; add edx, [r8 + 0x14]; mov eax, edx; ret
> 0x1c00f907c : mov edx, [r8 + 0x18]; sub edx, [rcx + 0x198]; add edx, [r8 + 0x14]; mov eax, edx; ret
> 0x1c00a4f6d : mov r8, [rax + 0x10]; mov [rdx + 8], r8; mov rax, [rcx + 0x318]; mov [rax + 0x10], rdx; ret
> 0x1c009bfa8 : mov rax, [r11]; imul rax, rdx; mov [r11], rax; mov rax, [rcx + 8]; imul rax, rdx; mov [rcx + 8], rax; ret
> 0x1c009bfa9 : mov eax, [rbx]; imul rax, rdx; mov [r11], rax; mov rax, [rcx + 8]; imul rax, rdx; mov [rcx + 8], rax; ret
> 0x1c018f47c : mov ecx, [r9]; add ecx, r8d; mov rax, [rsp + 0x40]; mov [rax], ecx; mov al, 1; mov rbx, [rsp + 8]; ret
> 0x1c0182054 : mov rdx, [rcx + 8]; mov rcx, r10; mov [rsp + 0x20], rax; call [rip + 0x9d4a9]; nop [rax + rax]; add rsp, 0x38; ret
> 0x1c00fb0ac : mov rax, [r11 + 8]; mov [rsp + 0x38], rax; mov rax, [r10 + 0x30]; mov rax, [rax + 0xc8]; call [rip + 0x1257ca]; add rsp, 0x58; ret
> 0x1c00fb0ad : mov eax, [rbx + 8]; mov [rsp + 0x38], rax; mov rax, [r10 + 0x30]; mov rax, [rax + 0xc8]; call [rip + 0x1257ca]; add rsp, 0x58; ret
> 0x1c01742e5 : mov rdx, [rax + 0x2c8]; mov rax, [r8 + 8]; mov rcx, [rax + 8]; mov eax, [rcx + 0x18]; add [rdx + 0x2c], eax; xor eax, eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact