ROPSHELL 
ropshell> use 38564bae2f07e6a584b435a969d9ddef (download)
name         : byenance (x86_64/ELF)
base address : 0x4011a0
total gadgets: 7585

ropshell> suggest "load mem"
> 0x004831b2 : mov eax, [rcx]; ret
> 0x0041b114 : mov rax, [rdi + 0x68]; ret
> 0x0041b115 : mov eax, [rdi + 0x68]; ret
> 0x00425203 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0042c253 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0042bab4 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0041ad95 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x004355e0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00492ccd : mov rsi, [r14]; call rax
> 0x00452d93 : mov rdi, [rbp]; call rbx
> 0x00452dc5 : mov rdi, [r12]; call rbx
> 0x00452e23 : mov rdi, [r13]; call rbx
> 0x00452d94 : mov edi, [rbp]; call rbx
> 0x00429ca8 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x004745b7 : mov eax, [rdx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00442e10 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00492e30 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x004944ce : mov rdx, [r14]; mov rdi, r12; call rbp
> 0x00492e31 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x0048c3b0 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0048c41c : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0048c3a4 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0048c3b1 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x00432ebe : mov ecx, [rbp + 1]; fnstcw [rsi]; jmp r9
> 0x004106fb : movzx edx, [rax + rdx]; jmp [rdi + rdx*8]
> 0x0048c41d : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0048c3a5 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00435574 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0045339f : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x004533a0 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x00442f36 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00442ee4 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x004157ce : mov eax, [rdx + 0x4c]; cmp [rdx + 0x48], eax; cmovne eax, ecx; ret
> 0x0044c624 : movzx ecx, [rsi + rax]; movzx eax, [rdi + rax]; sub eax, ecx; ret
> 0x00454149 : mov rax, [rbx]; mov [rip + 0x70f0d], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00455148 : mov rax, [rsi]; mov [rdi + 0x50], 1; mov [rdi + 0x48], rax; ret
> 0x004552a8 : mov rdx, [r9]; mov [rax + 0x50], 1; mov [rax + 0x48], rdx; ret
> 0x0048f8b1 : mov eax, [rbx]; add [rax], al; mov rax, [rsp]; add rsp, 0x38; ret
> 0x00455149 : mov eax, [rsi]; mov [rdi + 0x50], 1; mov [rdi + 0x48], rax; ret
> 0x004552a9 : mov edx, [rcx]; mov [rax + 0x50], 1; mov [rax + 0x48], rdx; ret
> 0x00444cb4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00444bc3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00488505 : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x0048a3ab : mov rax, [r12]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x004944ca : mov rsi, [r15 + 8]; mov rdx, [r14]; mov rdi, r12; call rbp
> 0x00404eb0 : mov eax, [rbp + 8]; sub eax, [rbx + 8]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00470e62 : movzx ecx, [rax + rcx]; lea rdi, [rip + 0x50933]; jmp [rdi + rcx*8]
> 0x004944cb : mov esi, [rdi + 8]; mov rdx, [r14]; mov rdi, r12; call rbp
> 0x00453468 : mov rsi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x00480bf6 : mov r14, [rbx]; mov rax, [rbx + 0x10]; add rax, [r15]; call rax
> 0x00453469 : mov esi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x00465fd5 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00492cc3 : mov rdx, [rbx]; mov rax, [rsp]; mov rdi, r15; mov rsi, [r14]; call rax
> 0x00491d98 : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x0040a970 : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x00492cc4 : mov edx, [rbx]; mov rax, [rsp]; mov rdi, r15; mov rsi, [r14]; call rax
> 0x00491d99 : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x0040a971 : mov esi, [rbp]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x004199c6 : movzx esi, [r14]; lea r15, [r14 + 1]; mov rdi, r12; call [rbx + 0x18]
> 0x004168d8 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x004168d9 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x00473ca5 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00414307 : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x0044f979 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x004149c2 : mov rax, [rbp + 0xa0]; mov rdi, rbp; pop rbp; mov rax, [rax + 0xe0]; mov rax, [rax + 0x20]; jmp rax
> 0x00473ce2 : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00413c38 : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00465fd1 : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00413c39 : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x0048861b : mov rdx, [rdi]; mov rax, [rdi + 8]; mov [rdx + 8], rax; mov [rax], rdx; mov [rip + 0x42ef4], 0; ret
> 0x0048861c : mov edx, [rdi]; mov rax, [rdi + 8]; mov [rdx + 8], rax; mov [rax], rdx; mov [rip + 0x42ef4], 0; ret

© 2014 - 2019 - Powered by ROPEME | Contact