ROPSHELL 
ropshell> use 0c94776bb29517cb62dd2256a5cd8c34 (download)
name         : baby_stack-7b078c99bb96de6e5efc2b3da485a9ae8a66fd702b7139baf072ec32175076d8 (x86_64/RAW)
base address : 0x0
total gadgets: 12229

ropshell> suggest "load mem"
> 0x00054ec3 : mov rbx, [rdx]; jmp rbx
> 0x000965ff : mov rbp, [rbx]; add rsp, 0x30; ret
> 0x00054ec4 : mov ebx, [rdx]; jmp rbx
> 0x00096600 : mov ebp, [rbx]; add rsp, 0x30; ret
> 0x00056825 : mov rax, [rsi]; mov [rdi], rax; ret
> 0x00056826 : mov eax, [rsi]; mov [rdi], rax; ret
> 0x0004bd9c : mov rbp, [rbx + 8]; add rsp, 0x30; ret
> 0x0004bd9d : mov ebp, [rbx + 8]; add rsp, 0x30; ret
> 0x000204fb : mov rbx, [rbp]; mov [rsp + 0x18], rbx; ret
> 0x00005066 : mov rbp, [rax]; mov [rsp + 0x10], rbp; ret
> 0x000204fc : mov ebx, [rbp]; mov [rsp + 0x18], rbx; ret
> 0x00005067 : mov ebp, [rax]; mov [rsp + 0x10], rbp; ret
> 0x0005b714 : mov rbx, [rax + 0x100]; call rbx
> 0x0005b299 : mov rbx, [rcx + 0x100]; call rbx
> 0x0007b1f9 : mov rbx, [rdx + 0x50]; call rbx
> 0x00080fd9 : mov rbx, [rbp + 0x28]; call rbx
> 0x0005b715 : mov ebx, [rax + 0x100]; call rbx
> 0x0005b29a : mov ebx, [rcx + 0x100]; call rbx
> 0x0007b1fa : mov ebx, [rdx + 0x50]; call rbx
> 0x00080fda : mov ebx, [rbp + 0x28]; call rbx
> 0x00001cac : mov rbx, [rax]; mov rdx, rax; call rbx
> 0x00001e37 : mov rbx, [rcx]; mov rdx, rcx; call rbx
> 0x00001cad : mov ebx, [rax]; mov rdx, rax; call rbx
> 0x00001e38 : mov ebx, [rcx]; mov rdx, rcx; call rbx
> 0x0003a283 : mov rbp, [rax + 0x10]; mov [rsp + 0x10], rbp; ret
> 0x000793f6 : mov rbp, [rcx + 0x48]; mov [rsp + 0x10], rbp; ret
> 0x00023ff7 : mov ecx, [rax + 0x63]; sbb ecx, [rax + 0x39]; ret
> 0x0003a284 : mov ebp, [rax + 0x10]; mov [rsp + 0x10], rbp; ret
> 0x00044760 : mov ebp, [rcx + 0x10]; mov [rsp + 0x30], ebp; ret
> 0x00007fb2 : mov rdx, [rcx]; mov rbx, [rdx]; call rbx
> 0x00009ccd : mov rdx, [rbp]; mov rbx, [rdx]; call rbx
> 0x00083924 : mov rbp, [rcx]; mov [rsp + 0x38], rbp; add rsp, 0x18; ret
> 0x000055a7 : mov rbp, [rdx]; inc rbp; mov [rdx], rbp; add rsp, 0x68; ret
> 0x00007fb3 : mov edx, [rcx]; mov rbx, [rdx]; call rbx
> 0x00009cce : mov edx, [rbp]; mov rbx, [rdx]; call rbx
> 0x00083925 : mov ebp, [rcx]; mov [rsp + 0x38], rbp; add rsp, 0x18; ret
> 0x000055a8 : mov ebp, [rdx]; inc rbp; mov [rdx], rbp; add rsp, 0x68; ret
> 0x000852a3 : mov rcx, [rsi + 0x10]; mov [rdi + 0x10], rcx; add rsp, 0x68; ret
> 0x0006ce9d : mov rdx, [rax + 0x10]; mov rbx, [rdx]; call rbx
> 0x00092daf : mov rdx, [rbp + 0x10]; mov rbx, [rdx]; call rbx
> 0x00082a57 : mov rbp, [rdx + 0x10]; mov [rsp + 0x48], rbp; add rsp, 0x28; ret
> 0x000a3edc : mov rbp, [rdi + 0x48]; mov [rsp + 0x68], rbp; add rsp, 0x28; ret
> 0x000852a4 : mov ecx, [rsi + 0x10]; mov [rdi + 0x10], rcx; add rsp, 0x68; ret
> 0x0006ce9e : mov edx, [rax + 0x10]; mov rbx, [rdx]; call rbx
> 0x00092db0 : mov edx, [rbp + 0x10]; mov rbx, [rdx]; call rbx
> 0x00082a58 : mov ebp, [rdx + 0x10]; mov [rsp + 0x48], rbp; add rsp, 0x28; ret
> 0x000a3edd : mov ebp, [rdi + 0x48]; mov [rsp + 0x68], rbp; add rsp, 0x28; ret
> 0x0007977d : mov rax, [rbp + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rax; ret
> 0x0001b9f2 : mov rbp, [r9 + 0x40]; add rbp, rax; mov [rbx + 0x10], rbp; add rsp, 0x80; ret
> 0x0007977e : mov eax, [rbp + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rax; ret
> 0x00035979 : mov rax, [rbx + 0x30]; mov ebp, [rax + 0xd8]; dec ebp; mov [rax + 0xd8], ebp; ret
> 0x00032ea8 : mov rbp, [rsi + 0x30]; mov [rcx], rbp; mov [rax + 0xc], 1; add rsp, 0x28; ret
> 0x0003597a : mov eax, [rbx + 0x30]; mov ebp, [rax + 0xd8]; dec ebp; mov [rax + 0xd8], ebp; ret
> 0x00032ea9 : mov ebp, [rsi + 0x30]; mov [rcx], rbp; mov [rax + 0xc], 1; add rsp, 0x28; ret
> 0x0007147d : movzx ebp, [r10 + 0x10]; mov [rcx + 0x28], bpl; mov [rsp + 0x98], 1; add rsp, 0x70; ret
> 0x000942b5 : mov rcx, [rax]; mov rbp, [rax + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rbp; ret
> 0x00079779 : mov rcx, [rbp]; mov rax, [rbp + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rax; ret
> 0x000942b6 : mov ecx, [rax]; mov rbp, [rax + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rbp; ret
> 0x0007977a : mov ecx, [rbp]; mov rax, [rbp + 8]; mov [rsp + 0x10], rcx; mov [rsp + 0x18], rax; ret
> 0x000ab571 : mov rcx, [rbx]; mov rbp, [rbx + 8]; mov [rsp + 0x40], rcx; mov [rsp + 0x48], rbp; add rsp, 0x30; ret
> 0x00084202 : mov rcx, [rsi]; mov [rsp + 0xb8], rax; mov [rsp + 0xc0], rcx; mov [rsp + 0xc8], rdi; add rsp, 0x80; ret
> 0x000ab572 : mov ecx, [rbx]; mov rbp, [rbx + 8]; mov [rsp + 0x40], rcx; mov [rsp + 0x48], rbp; add rsp, 0x30; ret
> 0x00084203 : mov ecx, [rsi]; mov [rsp + 0xb8], rax; mov [rsp + 0xc0], rcx; mov [rsp + 0xc8], rdi; add rsp, 0x80; ret
> 0x00054f75 : mov rsi, [rdi + 8]; sub rsi, [rsp + 0x28]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x18], eax; ret
> 0x00054f76 : mov esi, [rdi + 8]; sub rsi, [rsp + 0x28]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x18], eax; ret
> 0x0006a84e : mov rcx, [rbx + 8]; mov [rsp + 8], rcx; mov rdx, [rip + 0x12f0e2]; mov rbx, [rdx]; call rbx
> 0x0006a84f : mov ecx, [rbx + 8]; mov [rsp + 8], rcx; mov rdx, [rip + 0x12f0e2]; mov rbx, [rdx]; call rbx

© 2014 - 2019 - Powered by ROPEME | Contact