ROPSHELL 
ropshell> use 2688b105aa23f0ec5c0a3616a9d7511a (download)
name         : Working.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 4786

ropshell> suggest "load mem"
> 0x14000808c : mov rax, [rcx]; ret
> 0x14000808d : mov eax, [rcx]; ret
> 0x1400091a4 : mov rax, [rcx + 0x10]; ret
> 0x1400091a5 : mov eax, [rcx + 0x10]; ret
> 0x140017fc0 : mov eax, [rdx + 4]; ret
> 0x1400357f2 : mov rcx, [r9]; inc [rcx]; ret
> 0x140001d95 : mov eax, [rdx]; add cl, ch; ret
> 0x140012f86 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x14003fb54 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x1400083f8 : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x1400357d6 : mov rax, [r9]; mov al, [rax + 0x18]; ret
> 0x14000eca1 : mov rbx, [r11 + 0x10]; mov rsp, r11; pop rdi; ret
> 0x14005a3bd : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x140013003 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
> 0x140059542 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x140019243 : mov ecx, [rax + 0x14]; test ecx, edx; setne al; ret
> 0x14005a3be : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x140013004 : mov edi, [rbx + 0x20]; mov rsp, r11; pop r14; ret
> 0x140016fc5 : mov rcx, [r8 + 8]; add rax, [rcx + 8]; ret
> 0x1400093b0 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x140049ffb : mov rcx, [rax]; mov rax, [rcx + 0x88];  inc [rax]; ret
> 0x1400436c0 : mov rdx, [rcx]; xor eax, eax; xchg [rdx + 0x14], eax; ret
> 0x140049ffc : mov ecx, [rax]; mov rax, [rcx + 0x88];  inc [rax]; ret
> 0x1400436c1 : mov edx, [rcx]; xor eax, eax; xchg [rdx + 0x14], eax; ret
> 0x140027715 : mov rax, [rdx + 0x468]; add [rax], 2; mov al, 1; ret
> 0x14005fae6 : mov rbx, [rbp + 0x20]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x140016f96 : mov rcx, [rax + 8]; lea rax, [rcx + rdx*4]; ret
> 0x1400544ad : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x14000e327 : mov r12, [r11 + 0x30]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x14005fae7 : mov ebx, [rbp + 0x20]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x1400544ae : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x140045834 : movzx eax, [r8]; add [rcx + 0x10], -2; add [rcx], 2; ret
> 0x140061a6f : mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x1400084b3 : mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x140045823 : movzx edx, [rax]; dec [rcx + 0x10]; shl dx, 8; or ax, dx; inc [rcx]; ret
> 0x140045822 : movzx edx, [r8]; dec [rcx + 0x10]; shl dx, 8; or ax, dx; inc [rcx]; ret
> 0x140068a14 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x1400093ac : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x14000f45b : movsxd rdx, [rcx + 0x10]; mov rax, [rcx + 8]; mov al, [rax + rdx - 1]; ret
> 0x140058e00 : mov edx, [r10 + 4]; mov [rsp + 0x20], eax; call [rip + 0x35462]; add rsp, 0x48; ret
> 0x1400084b0 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x140061a6b : mov rdi, [rbp + 0x60]; mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x1400564c9 : mov edx, [rax + 0x10]; mov ecx, ebx; mov rax, rsi; mov r8, [rip + 0x39b38]; call r8
> 0x140061a6c : mov edi, [rbp + 0x60]; mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x1400139a7 : mov rax, [r8 + 8]; mov ecx, [rax]; add rax, 4; mov [r8 + 8], rax; mov [r8 + 0x24], ecx; ret
> 0x140016fba : mov rax, [r8]; movsxd rcx, [rax + 0x10]; lea rax, [rcx + rdx*4]; mov rcx, [r8 + 8]; add rax, [rcx + 8]; ret
> 0x1400093a4 : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x140058df8 : mov eax, [r8 + 8]; mov r8d, [r8 + 0xc]; mov edx, [r10 + 4]; mov [rsp + 0x20], eax; call [rip + 0x35462]; add rsp, 0x48; ret

© 2014 - 2019 - Powered by ROPEME | Contact