ROPSHELL 
ropshell> use 2baf5bfad99c4c4431432c9df390c739 (download)
name         : ntkrnlpa.exe (i386/PE)
base address : 0x401000
total gadgets: 8015

ropshell> suggest "load mem"
> 0x004548dd : mov eax, [edx]; ret 4
> 0x004652d4 : mov eax, [edx + 4]; ret
> 0x004117d1 : mov ebx, [ebp + 0x14]; ret
> 0x00418699 : mov eax, [ecx + 4]; pop ebp; ret 4
> 0x00462c24 : mov eax, [ebp + 0xc]; pop ebp; ret
> 0x004540ed : mov edx, [ecx + 0x74]; pop ebp; ret 4
> 0x0046497d : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x0045e5ae : mov eax, [esi + 0x20]; pop esi; pop ebp; ret 0x10
> 0x0041fcfc : mov eax, [ebx]; pop edi; pop esi; pop ebx; pop ebp; ret 0xc
> 0x0046fdf9 : mov ecx, [ebp + 0x18]; call ecx
> 0x00449bd1 : mov edx, [ebp + 0xc]; call eax
> 0x00462712 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x0042ccfc : mov eax, [ebx + 0xe4]; mov [esi + 0x14], eax; ret
> 0x0040d184 : mov ecx, [esi + 0x1c]; mov [eax + 4], ecx; ret
> 0x0046497a : movzx eax, [ecx]; movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x0045112e : mov eax, [esi]; pop edi; mov [ecx], eax; pop esi; pop ebp; ret 0x10
> 0x004237dc : mov ecx, [edx + 4]; sbb [eax + 4], ecx; pop ebp; ret 4
> 0x0045651c : mov ecx, [esi]; mov [eax], ecx; pop edi; pop esi; pop ebx; pop ebp; ret 8
> 0x00459906 : mov edi, [ebp + 0xc]; push edi; call [esi + 0x48]
> 0x004337b2 : mov eax, [edi]; push 2; mov [ebp - 8], eax; pop ecx; call ebx
> 0x0046fa3c : mov edx, [eax]; mov [ecx], edx; pop edx; mov [edx], 0; popfd ; ret
> 0x0046e4c4 : mov eax, [edi + 0x10]; push eax; push edi; call [edi + 0xc]
> 0x0046ca03 : mov esi, [edi + 0x30c]; mov dr6, ebx; mov dr7, esi; pop esi; pop edi; pop ebx; ret
> 0x0046ed35 : mov edx, [eax + 0xc]; add [eax], al; call [ecx]
> 0x00418186 : mov esi, [ecx + 8]; push edx; push ecx; call [esi + eax*4 + 0x38]; pop esi; ret
> 0x0042b1f2 : mov edi, [esi]; push [ebp - 0x14]; push [esi + 4]; push [esi - 4]; call edi
> 0x00450e2e : mov ecx, [eax + 0x1c]; and [eax + 0x2c], 0; mov [eax + 0x28], ecx; pop ebp; ret 4
> 0x00466dc8 : mov edx, [ecx]; mov ax, [ebp + 8]; mov [edx], ax; add [ecx], 2; pop ebp; ret
> 0x0046fa08 : mov ebx, [eax]; mov [ecx], ebx; mov [ebx + 4], ecx; mov [edx], 0; pop ebx; popfd ; ret
> 0x0045657b : mov esi, [ebp + 8]; lea eax, [edi + 0x18]; push eax; push esi; call [esi + 0x1c]
> 0x0046ff15 : mov eax, [ebp]; mov [ebx + 0xb4], eax; lea eax, [ebp + 8]; mov [ebx + 0xc4], eax; pop ebx; ret 4
> 0x0046175e : mov ecx, [edi + 0xc]; mov eax, [edi + 8]; push ecx; mov [ebp - 4], eax; mov [ebp + 8], ecx; call eax
> 0x00460387 : mov edi, [esi + 4]; mov [edi], ecx; mov [ecx + 4], edi; mov ecx, [ebp - 4]; add ecx, 4; call ebx

© 2014 - 2019 - Powered by ROPEME | Contact