ROPSHELL 
ropshell> use 057a85a42c76303e5fd10234e92bbe7c (download)
name         : nounours (x86_64/RAW)
base address : 0x0
total gadgets: 10789

ropshell> suggest "load mem"
> 0x0008856a : mov eax, [rcx]; ret
> 0x0001ee20 : movzx eax, [rdx]; ret
> 0x000c2c26 : mov edi, [rdx]; ret
> 0x000a6bd1 : mov rax, [rsi + 0x10]; ret
> 0x00001ac4 : mov rax, [rdi + 0x2c8]; ret
> 0x000a6bd2 : mov eax, [rsi + 0x10]; ret
> 0x00001ac5 : mov eax, [rdi + 0x2c8]; ret
> 0x0002c783 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00032b03 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00032643 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00022ef4 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0003c0d0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000a67ff : mov rdx, [rbp]; call r12
> 0x000562ec : mov rsi, [rax]; call r14
> 0x000a67b4 : mov rsi, [r14]; call r12
> 0x00055eff : mov rdi, [rbx]; call rbp
> 0x0007e709 : mov rdi, [r12]; call rbp
> 0x000a6800 : mov edx, [rbp]; call r12
> 0x000562ed : mov esi, [rax]; call r14
> 0x00055f00 : mov edi, [rbx]; call rbp
> 0x00030db8 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0001a093 : mov rdi, [rax + 0x20]; call rdx
> 0x0001a094 : mov edi, [rax + 0x20]; call rdx
> 0x00048fa0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x000a5938 : mov rdx, [r12]; mov edi, 1; call rax
> 0x000a76e8 : mov rdx, [r15]; mov rdi, r13; call r14
> 0x000a76e9 : mov edx, [rdi]; mov rdi, r13; call r14
> 0x00095cb8 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00095c98 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00095cac : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00095cb9 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00095c99 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00095cad : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0007ca4c : mov edx, [rax]; add rsp, 8; mov eax, edx; pop rbx; pop rbp; ret
> 0x00007a9e : mov rdx, [rcx + 8]; not rdx; mov [rax + 8], rdx; ret
> 0x0001cb90 : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x0001cb91 : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x00007a9f : mov edx, [rcx + 8]; not rdx; mov [rax + 8], rdx; ret
> 0x0009ff63 : mov rax, [rbx]; add rax, [rdx + 8]; call rax
> 0x0003c064 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00056230 : mov rsi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x000a790b : mov rsi, [r15]; mov rdi, [rsp + 0x10]; call r14
> 0x00019914 : mov rdi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x0007e958 : mov rdi, [r14]; lea r9, [rsp + 0x28]; call r12
> 0x000a3938 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; ret
> 0x0009ff64 : mov eax, [rbx]; add rax, [rdx + 8]; call rax
> 0x00056231 : mov esi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x000a790c : mov esi, [rdi]; mov rdi, [rsp + 0x10]; call r14
> 0x0007e959 : mov edi, [rsi]; lea r9, [rsp + 0x28]; call r12
> 0x00019915 : mov edi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x000490c6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00086b25 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x00049074 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0007d3eb : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x0002c764 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x000a58b7 : mov rax, [rdx]; mov [rbx + 0x98], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0004d9c4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0004d8d3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0001e19a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00020058 : mov rbp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x0001d3f8 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0001d645 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0001e19b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00020059 : mov ebp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x0001f4c1 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x000a76e4 : mov rsi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x0008bda2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0001f4c2 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x000a76e5 : mov esi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x00071ad4 : movzx esi, [rdi + rax]; lea rax, [rip + 0x263921]; jmp [rax + rsi*8]
> 0x0001db97 : mov rcx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x0001db98 : mov ecx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00021e11 : movzx esi, [r14]; mov rdi, r12; lea r15, [r14 + 1]; call [rbx + 0x18]
> 0x00063f4c : mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x0007c6f1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0006e546 : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x0008bd9e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00063f48 : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x0007eb99 : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x0006e542 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x0008bd9a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0007c6e9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0007c6ea : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret

© 2014 - 2019 - Powered by ROPEME | Contact