ROPSHELL 
ropshell> use 1ab5406f33d8be8febd070750080329a (download)
name         : win32k.sys (i386/PE)
base address : 0xbf800380
total gadgets: 16986

ropshell> suggest "write mem"
> 0xbf988af1 : adc [ebx], eax; ret
> 0xbf8061ef : add [ebx], esi; ret
> 0xbf89bc0b : add [ebx], edi; ret
> 0xbf9248ac : add [edx], ecx; ret
> 0xbf8c7d59 : add [edx], edi; ret
> 0xbf8c3969 : add [esi], eax; pop ebp; ret 8
> 0xbf87d61e : add [ebx + 0x5d002460], eax; ret 8
> 0xbf9007ea : adc [esi + 0x5d], ebx; ret 4
> 0xbf896b4d : add [ebp + 1], esi; ret
> 0xbf8b44a0 : add [edi], ecx; xchg eax, ebp; ret
> 0xbf97c4a8 : add [eax + 2], ecx; pop ebp; ret 0xc
> 0xbf97a336 : add [eax + 0xc], edx; pop ebp; ret 8
> 0xbf8cbb89 : adc [eax + 1], edi; pop ebp; ret 0x20
> 0xbf8e2970 : adc [ecx + 0xc], eax; pop ebp; ret 4
> 0xbf89cea6 : add [edi + 4], esi; pop ebp; ret 4
> 0xbf98b749 : add [ecx], edx; add [eax], al; ret
> 0xbf926b3a : add [ebx + 0x5e5f1045], ecx; pop ebx; pop ebp; ret 0x10
> 0xbf96b6d2 : add [ecx + 0x18], esi; pop esi; pop ebp; ret 4
> 0xbf989758 : add [edx + 0x66], eax; mov eax, edx; ret
> 0xbf968272 : add [edx + 2], ebp; pop eax; pop ebp; ret 0x10
> 0xbf97c0a1 : add [esi + 0xf], edx; xchg eax, esp; ret
> 0xbf87c028 : adc [edi + 0x5e], ebx; pop ebx; pop ebp; ret 4
> 0xbf80979a : add [ecx + 0x56], edx; call edi
> 0xbf980c0f : add [esi + 0x9c], eax; pop ecx; pop esi; pop ebp; ret
> 0xbf98b229 : add [ebp + 0x5e068144], ecx; pop edi; pop ebx; pop ebp; ret 0xc
> 0xbf988249 : add [edi], edx; add [eax], al; pop esi; pop ebp; ret 4
> 0xbf87cea1 : add [ebx + 0x53], edx; push eax; call esi
> 0xbf8ff550 : adc [esi + 0x75], ecx; pop edi; pop esi; pop ebx; pop ebp; ret 0x10
> 0xbf921a46 : add [eax], edx; xor eax, eax; inc eax; pop edi; pop esi; pop ebp; ret 4
> 0xbf92354b : adc [edi + 0x75], ecx; cmp [ebx - 0xdafa], cl; jmp esp
> 0xbf98971a : add [eax], ebx; add [eax], al; pop ebx; mov esp, ebp; pop ebp; ret 0x40
> 0xbf8ab358 : add [ecx], eax; add eax, [eax]; push edi; call eax
> 0xbf88a1ae : add [edx], eax; add [eax], al; push esi; call edi
> 0xbf864adc : add [edx], ebx; add [eax], al; pop ebx; mov esp, ebp; pop ebp; ret 0x20
> 0xbf9884d0 : add [ebx + 0xb], esi; movzx eax, dx; movzx ax, [eax + ecx]; ret 4
> 0xbf8bf871 : add [eax], ecx; add [edx + ecx*4 + 0x33], dh; rol [eax + 0x5e], 0x5d; ret 4
> 0xbf91f5da : add [ecx], esi; push es; pop ebx; pop edi; pop esi; pop ebp; ret 0x14

© 2014 - 2019 - Powered by ROPEME | Contact