ROPSHELL 
ropshell> use 2baf5bfad99c4c4431432c9df390c739 (download)
name         : ntkrnlpa.exe (i386/PE)
base address : 0x401000
total gadgets: 8015

ropshell> suggest "write mem"
> 0x0043c98c : add [ebx], ecx; ret
> 0x004116ef : adc [ebx], edi; ret
> 0x0046ec8d : add [edx], edi; ret
> 0x004107cd : add [eax], ecx; pop ebp; ret 0x14
> 0x0044d3c8 : add [eax], edi; pop ebp; ret 0xc
> 0x00466dd2 : add [edx], eax; pop ebp; ret
> 0x0043296d : add [eax + 0x3b], ecx; ret
> 0x00469a1b : add [eax + 1], edi; ret 8
> 0x00452c48 : add [eax + 0x70], ebp; ret
> 0x0046f952 : adc [edx + 1], esi; ret
> 0x00401efb : adc [esi + 0x86000b4], ebx; ret
> 0x0046f937 : add [esi + 1], edi; ret
> 0x00440fec : add [ebx], esi; fisttp [ebx]; ret
> 0x00467d9c : add [ebx + 0x5b5e5fc3], ecx; pop ebp; ret 4
> 0x004137f1 : add [edi + 0x5e], ebx; pop ebp; ret 0xc
> 0x0046fa92 : add [ecx], eax; lahf ; and eax, 0xc000; ret
> 0x00416d46 : add [ecx + 0xc15ff01], esi; adc [eax], eax; ret
> 0x0045ad64 : add [eax + 0x3202eb01], esi; rcr [edi + 0x5e], 0x5d; ret 8
> 0x00422ecc : adc [esi + 0x6a], edx; call [esi - 0x18]
> 0x0046035e : add [ebx + 0x48dc6425], eax; add [eax], al; call ebx
> 0x0042ae51 : add [edx + 0x2fe], ecx; str [edx + 0x304]; sldt [edx + 0x306]; ret 4
> 0x004460c8 : add [edx + 2], ebp; mov dl, al; pop ecx; call ebx
> 0x0045cc53 : adc [ebp + 0x12], esi; add [esi + 0x5f], bl; pop ebx; pop ebp; ret 4
> 0x0046f96b : add [ecx], edx; mov edx, [esp + 8]; mov [edx], 0; popfd ; ret 4
> 0x0045626f : add [ecx], edi; add [edi], cl; test [edx + 0x5ffffffe], esi; pop esi; pop ebp; ret 4
> 0x0042ae4a : add [edx + 0x2f6], eax; sidt [edx + 0x2fe]; str [edx + 0x304]; sldt [edx + 0x306]; ret 4
> 0x00433d63 : add [edi], ecx; test al, bh; add [eax], al; add [edx - 0x77], cl; push eax; or cl, ch; ret

© 2014 - 2019 - Powered by ROPEME | Contact